Author: Egor Zaytsev (@groke)
Our users recently have complained that their passwords stored in our service were constantly leaking 😱
We identified an infected node, and it looks like it was an APT that installed a software implant right inside our service.
Can you investigate what has happened and find out what data the attackers have stolen?
We understand that you can't dump memory or attach with the debugger since it's Docker, but we're sure you'll figure it out!
Hint at 20:00 — We know that out service is vulnerable, and the backdoor was installed via exploitation of this vuln. If you want to dump the backdoor, you should exploit this vuln too