Root Me: Active Directory -GPO

Category: Forensic The challenge involves analyzing .pcap file having multiple protocols. In this particular challenge we need to analyze SMB protocol and find the missing flag. Prerequisites: Knowledge of a network capture analyzing tool. Knowledge of the group policy. Knowledge of Python You can find the challenge at below link : https://www.root-me.org/en/Challenges/Forensic/Active-Directory-GPO Statement During a security audit, […]

Root Me: SSL — HTTP exchange

Category: Network The challenge involves analyzing .pcap file having multiple protocols. In this particular challenge we need to analyze HTTPs protocol and find the missing flag. Prerequisites: Knowledge of a network capture analyzing tool. Knowledge of the HTTPS protocols. You can find the challenge at below link : https://www.root-me.org/en/Challenges/Network/SSL-HTTP-exchange Statement This challenge comes from the 19th DEFCON […]

ROOT-Me.org Network Challenges

ROOT-Me.org Network FTP-authentication Challenges In this challenge a pcap file is provided and we have to find the user password To start with download the pcap file and open it in Wireshark. In the first three lines we can see 2 way TCP Handshake (Syn, Ack, Syn-Ack) between source and destination server. Next we can […]

Volatility Forensic Analysis: R2D2 Malware

Hunting R2D2 Malware To start on this malware expedition, please download image from here . Once image file is downloaded, lets find out more about it by using volatility imageinfo plugin C:\volatility>volatility.exe -f 0zapftis.vmem imageinfoVolatility Foundation Volatility Framework 2.6INFO : volatility.debug : Determining profile based on KDBG search… Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86) AS […]