The Azure Deception

Personal Rating: Medium

We are presented with this intro text:

Shortly after the Door Without Handles began moving, someone sent Brynn a taunting message through the council's communication channels. It appeared to come from Microsoft's own security team—the address read azuresecuritycenter@onmicrosoft.com—but the words dripped with mockery: "It looks like you fell for it… Again. Not every onmicrosoft.com is official ;)". The domain seemed legitimate at first—onmicrosoft.com is genuine Microsoft territory—yet Brynn knows deception when she sees it. Someone is wearing a trusted mask. She must investigate this exact address through shadow-intelligence archives, identify which ghost organization has weaponized this Microsoft domain in past hauntings, and determine which named operation previously used this specific false identity to breach their victims. Even the most official-looking doors can lead to hollowed places.Flag Format: HTB{Operation_Name}Example (Fictional): HTB{Operation_Midnight}Important:Use underscore _ between wordsCapitalize first letter of each wordInclude "Operation" if it's part of the name

Using a google dork that incorporates the hints from the text reduces the sites to only three

Searching the string "operation" in the third one from SOCRadar then revealed the answer: