Author: Egor Zaytsev (@groke)
Our users recently have complained that their passwords stored in our service were constantly leaking 😱
We identified an infected node, and it looks like it was an APT that installed a software implant right inside our service.
Can you investigate what has happened and find out what data the attackers have stolen?
ssh incident@35.228.133.151
Password: 6fS0jH9T
We understand that you can't dump memory or attach with the debugger since it's Docker, but we're sure you'll figure it out!
Hint at 20:00 — We know that out service is vulnerable, and the backdoor was installed via exploitation of this vuln. If you want to dump the backdoor, you should exploit this vuln too