https://cyberdefenders.org/labs/73
You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker's identity.
Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably, an insider.
Investigate the incident, find the insider, and uncover the attack actions.
The Github.txt file links to a user page: https://github.com/EMarseille99
The first thing I'll do is take a look around. If they have a large number of repos with a large number of files, I might have to download it all and do some searching, or try some automated tools. But maybe I'll get lucky.
And I do. Top repo, top file:
aJFRaLHjMXvYZgLPwiJkroYLGRkNBW
This isn't much harder. Search for pass, and the same file gives:
CyberChef can handle the rest.
PicassoBaguette99