CyberDefenders- HoneyPot : WireShark PCAP Analysis
Challenge Details: A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works. As the part of this challenge a pcap file, HoneyBot.pcap is provided and based on it we have to answer questions. As part of this writeup and analysis, I will refrain from posting exact answers and would recommend you […]
Cyberdefenders.org PacketMaze Challenge: Part 2 Wireshark Pcap analysis
This is a part 2 of challenge posted on cyberdefenders.org and you can find it here. For part 1, please refer to my previous post Q7:What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff? To answer this question, first lets filter the traffic by TLS protocol and navigate to any […]
Cyberdefenders.org PacketMaze Challenge: Part 1 Wireshark Pcap analysis
This is a brief writeup of challenge posted on cyberdefenders.org and you can find it here. Challenge As an analyst working for a security service provider, you have been tasked with analyzing a packet capture for a customer’s employee whose network activity has been monitored for a while -possible insider As part of this challenge […]
Root Me: SSL — HTTP exchange
Category: Network The challenge involves analyzing .pcap file having multiple protocols. In this particular challenge we need to analyze HTTPs protocol and find the missing flag. Prerequisites: Knowledge of a network capture analyzing tool. Knowledge of the HTTPS protocols. You can find the challenge at below link : https://www.root-me.org/en/Challenges/Network/SSL-HTTP-exchange Statement This challenge comes from the 19th DEFCON […]
ROOT-Me.org Network Challenges
ROOT-Me.org Network FTP-authentication Challenges In this challenge a pcap file is provided and we have to find the user password To start with download the pcap file and open it in Wireshark. In the first three lines we can see 2 way TCP Handshake (Syn, Ack, Syn-Ack) between source and destination server. Next we can […]