Hack The Box – Marshal in the Middle (Forensics Challenge)

The security team was alerted to suspicious network activity from a production web server. Can you determine if any data was stolen and what it was? This is a nice network forensics exercise involving encrypted traffic and data exfiltration. In addition to the usual PCAP we are also given a selection of logs from Zeek […]

Hack The Box – Keep Tryin’ (Forensics Challenge)

This packet capture seems to show some suspicious traffic. All that is provided for this challenge is a small PCAP, and the observation that it contains “some suspicious traffic”. Let’s go! Opening the PCAP in Wireshark we find that it only contains 26 packets. The first thing my eye was drawn to was the DNS […]

Hack The Box – Took the Byte (Forensics Challenge)

Someone took my bytes! Can you recover my password for me? This time all we are given is a single file named password,  which is identified simply as data. Examining it in a hex editor doesn’t give many more clues. I began thinking that the data might be encrypted somehow, and threw it into CyberChef. […]