"Codex Circuit OffSec Gauntlet CTF Walkthrough – Complete Solution "

"Explore this complete Codex Circuit OffSec Gauntlet CTF walkthrough, featuring step-by-step exploitation, methodology, commands, and techniques used to solve the challenge. Perfect for penetration testers, CTF players, and ethical hackers."

OFFENSIVE SECURITYPENETRATION TESTERTOOLSOFFSECCTFPENETRATION TESTINGCYBERSECURITY CHALLENGESINFORMATION SECURITY (INFOSEC)CYBERSECURITY LABSCYBERSECURITYETHICAL HACKINGOFFSEC WALKTHROUGHPROVING GROUNDS PRACTICEHANDS ON SECURITY LABSOFFSEC CHALLENGES

Jawstar

11/21/20251 min read

Lab Instructions

Download the ZIP package, the password is "MegaCorp123".

Your investigation may be the last chance to sever Voidweaver’s control over the Codex Circuit.

Examine the PCAP
Identify the communication with the rogue workspace
Determine the user, file, and action led to the data leak
Provide evidence of how the sensitive file left MegaCorp’s environment

What was the file type of the exfiltrated document?
Excel spreadsheet (.xls) Discovery Method: Analyzed file upload messages in the PCAP Found sensitive_customer_list.xls with MIME type application
/vnd.ms-excel File size: 6656 bytes Located in packet 21222 (internal upload) and packet 27162 (rogue upload)
Which user uploaded the sensitive file to the rogue workspace?

James Brown Discovery Method: Searched for user_change and user_profile_changed events in PCAP Found user profile in packet

26916: { "id": "U09KRBDV8S1", "name": "jamesb", "real_name": "james brown" } Confirmed upload to rogue workspace in packet 27162

Rogue workspace: secret-ops-workspace.slack.com (Team ID: T09KSNJU27Q)

At what GMT time was the sensitive file shared internally, within the legitimate company?

2025-10-10 11:51:36 GMT

Which internal user initially shared the sensitive document?

Ava

What domain hostname FQDN is associated with the rogue server?

secret-ops-workspace.slack.com

Which file was uploaded right before the sensitive one?

meeting-minutes_2025-10-09.pdf

What is the email address of the last customer listed in the sensitive file?
carol@novaenergy.com

Connect

Secure your future with expert cybersecurity solutions

Support

Quick Links

contact@jawstarsec.in

"Codex Circuit OffSec Gauntlet CTF Walkthrough – Complete Solution "

Lab Instructions

Download the ZIP package, the password is "MegaCorp123".

Your investigation may be the last chance to sever Voidweaver’s control over the Codex Circuit.

Examine the PCAP

Identify the communication with the rogue workspace

Determine the user, file, and action led to the data leak

Provide evidence of how the sensitive file left MegaCorp’s environment

What was the file type of the exfiltrated document?

Excel spreadsheet (.xls) Discovery Method: Analyzed file upload messages in the PCAP Found sensitive_customer_list.xls with MIME type application

/vnd.ms-excel File size: 6656 bytes Located in packet 21222 (internal upload) and packet 27162 (rogue upload)

Which user uploaded the sensitive file to the rogue workspace?

James Brown Discovery Method: Searched for user_change and user_profile_changed events in PCAP Found user profile in packet

26916: { "id": "U09KRBDV8S1", "name": "jamesb", "real_name": "james brown" } Confirmed upload to rogue workspace in packet 27162

Rogue workspace: secret-ops-workspace.slack.com (Team ID: T09KSNJU27Q)

At what GMT time was the sensitive file shared internally, within the legitimate company?

2025-10-10 11:51:36 GMT

Which internal user initially shared the sensitive document?

Ava

What domain hostname FQDN is associated with the rogue server?

secret-ops-workspace.slack.com

Which file was uploaded right before the sensitive one?

meeting-minutes_2025-10-09.pdf

What is the email address of the last customer listed in the sensitive file?

carol@novaenergy.com

Connect

Quick Links

Services

Blog

Contact Us

Homepage