This was an interesting rabbit hole I ventured into.  What started as a simple alert for an end user, turned into what felt like a CTF as I decided to dig deeper, and beat this alert like I was going to make an omelet out of it.  While I could have moved onto the next thing, I wanted to not only see what the payload intended to do, but dissect the payload to figure out how it was created.  This is part one, the Blue part of this story.

Continue reading