What tool was used when the attack started at 2022-07-27 14:13 UTC? Submit the flag as
Use the files from First Strike.
This challenge was actually answered during the previous challenge while determining the source IP of the attacker:
22.214.171.124 - - [27/Jul/2022:14:13:52 +0000] "GET / HTTP/1.1" 200 6225 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
The User-Agent that aligns with
2022-07-27 14:13 UTC identifies the tool as the network scanning tool nmap.
The accepted flag was: