Category: BlueTeam
-
Traffic Analysis Essentials
Learn Network Security and Traffic Analysis foundations and take a step into probing network anomalies.
-
2014-11-23 Traffic analysis exercise
https://www.malware-traffic-analysis.net/2014/11/23/index.html QUESTIONS 1) What is the IP address of the Windows VM that gets infected? To find an address OS, I usually check the User-agent section in the headers. Use the http filter and follow the stream. Answer : 172.16.165.132 2) What is the MAC address of the infected VM? Statictics –> Endpoints 3) What…
-
2014-11-16 Traffic analysis exercise
https://www.malware-traffic-analysis.net/2014/11/16/index.html LEVEL 1 QUESTIONS:
-
LetsDefend : Http Basic Auth
We got some log indicates the attacker, can you gathering information from pcap file?
-
LetsDefend : Shellshock Attack
https://app.letsdefend.io/challenge/shellshock-attack/ You must to find details of shellshock attacks Log file: https://app.letsdefend.io/download/downloadfile/shellshock.zipPass: 321 Note: pcap file found public resources. Download the pcap file and filter out with HTTP. Follow the HTTP request that has the 500 Internal Server Error. Errors often showcases information. Question 1 What is the server operating system? Follow the stream of…
-
LetsDefend : Presentation As a Malware
Can ppt file be malware? File link: https://app.letsdefend.io/download/downloadfile/PO00187.zip/Password: infected Load up the malware in VirusTotal and examine the analysis. Sign up for an account to view more details. Question 1 What was the general name / category of the malicious file in the analyzed ppt file? A number of security vendor’s have labeled them as…
-
LetsDefend : Remote Working
https://app.letsdefend.io/challenge/remote-working/ Analysis XLS File File link: https://app.letsdefend.io/download/downloadfile/ORDER_SHEET_SPEC.zip/Password: infected NOTE: Do not open on your local environment. It is malicious file. Tools : VirusTotal.com This malware contains a XLS file. We can upload the file into VirusTotal to examine some details. Question 1 What is the date the file was created? The History section of the…
-
LetsDefend: Dynamic Malware Analysis Example #2
https://app.letsdefend.io/training/lesson_detail/dynamic-malware-analysis-example-2 Connect to the Hands-On Practice lab in the page. LetsDefend has set up a system with the necessary tools for the malware analysis. Since it is dynamic analysis we should set up the following tools before running the malware. Start up Process Hacker which is a free, powerful, multi-purpose tool that helps you monitor…
-
LetsDefend: Dynamic Malware Analysis Example #1
https://app.letsdefend.io/training/lesson_detail/dynamic-malware-analysis-example-1 Connect to the Hands-On Practice lab in the page. LetsDefend has set up a system with the necessary tools for the malware analysis. Since it is dynamic analysis we should set up the following tools before running the malware. Start up Process Hacker which is a free, powerful, multi-purpose tool that helps you monitor…
-
LetsDefend : Malicious VBA
https://app.letsdefend.io/challenge/Malicious-VBA/ One of the employees has received a suspicious document attached in the invoice email. They sent you the file to investigate. You managed to extract some strings from the VBA Macro document. Can you refer to CyberChef and decode the suspicious strings? Please, open the document in Notepad++ for security reasons unless you are…
-
LetsDefend Challenge: Port Scan Activity
https://app.letsdefend.io/challenge/port-scan-activity/ First download the Log file which contains a pcap file and open it in Wireshark. Question 1 What is the IP address scanning the environment? We can see that is 10.42.42.253 sending a TCP 3-way handshake to a couple of different IP addresses. This suggests that that particular IP address is initiating a scan.…