Look for unusual .sh or .bat scripts in the startup folders of the extracted archive.
Run binwalk -e Kill.The.Plumber.zip to see if there are images or documents hidden within other files (a file within a file). File: Kill.The.Plumber.zip ...
After following the breadcrumbs through the metadata and hidden files, you will typically find the flag formatted as CTF... or FLAG... . Look for unusual
The first step is verifying the file type and checking for "easy" wins. File: Kill.The.Plumber.zip ...
If a traffic.pcap file is included, filter for HTTP or DNS traffic to see where the "Plumber" (the attacker/victim) was communicating. 5. Conclusion & Flag