Chase

Download and unzip the file and check the hint:

Hint: One of our web servers triggered an AV alert, but none of the sysadmins say they were logged onto it. We've taken a network capture before shutting the server down to take a clone of the disk. Can you take a look at the PCAP and see if anything is up?

Files: chase.pcapng

Opening the PCAP Next Generation (pcapng) file, we search through the packets and find an unual GET request to a .txt file with an odd string name.

Taking that filename (JBKEE62NIFXF6ODMOUZV6NZTMFGV6URQMNMH2IBA) and running it through CyberChef and using the "Magic" recipe easily gets us the flag.

HTB{MAn_8lu3_73aM_R0cX}

"Chase"ing this down was a cinch!

.......

I couldn't resist the Dad joke XD

©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
  Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
  This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
  This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity

(GET WRITTEN PERMISSION PEOPLE!!)
  Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
  Contact the external sites for answers to questions regarding its content.
  This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.