BTLO – Investigation: Xhell


As part of their regular job, ZYX Company employees need to deal with a lot of Excel files. One day, Thomas who is the Security Champion of the Finance Team received 2 Excel files that looked suspicious. Being a security-conscious individual, Thomas sent those files to the RE team for further examination.

Scenario Description
Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


Like most BTLO investigations, there is always at least one question where the formatting or question doesn’t make sense. In this case, the “string that confused the analyst” was what perplexed me, as nothing seemed ‘confusing’ to me.


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *