The security team was alerted to suspicious network activity from a production web server. Can you determine if any data was stolen and what it was? This is a nice network forensics exercise involving encrypted traffic and data exfiltration. In addition to the usual PCAP we are also given a selection of logs from Zeek […]
There is no excerpt because this is a protected post.
This packet capture seems to show some suspicious traffic. All that is provided for this challenge is a small PCAP, and the observation that it contains “some suspicious traffic”. Let’s go! Opening the PCAP in Wireshark we find that it only contains 26 packets. The first thing my eye was drawn to was the DNS […]
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Someone took my bytes! Can you recover my password for me? This time all we are given is a single file named password, which is identified simply as data. Examining it in a hex editor doesn’t give many more clues. I began thinking that the data might be encrypted somehow, and threw it into CyberChef. […]
We have got informed that a hacker managed to get into our internal network after pivoting through the web platform that runs in public internet. He managed to bypass our small product stocks logging platform and then he got our costumer database file. We believe that only one of our costumers was targeted. Can you […]
There is no excerpt because this is a protected post.
The Magnet Forensics Weekly CTF has been running since October and sets one question each week using an image that changes each month. The October questions were based on an Android filesystem dump, and November’s related to a compromised Hadoop cluster built on Ubuntu Linux. The December challenges return to more familiar territory for me […]