Your lab session has been automatically terminated due to the expiration of your allocated time.
Multiple systems were targeted. Provide the IP address of the highest one.
What protocol do you think the attack was carried over?
What was the URL for the page used to serve malicious executables (don't include URL parameters)?
What is the number of the packet that includes a redirect to the french version of Google and probably is an indicator for Geo-based targeting?
What was the CMS used to generate the page 'shop.honeynet.sg/catalog/'? (Three words, space in between)
What is the number of the packet that indicates that 'show.php' will not try to infect the same host twice?
One of the exploits being served targets a vulnerability in "msdds.dll". Provide the corresponding CVE number.
What is the name of the executable being served via 'http://sploitme.com.cn/fg/load.php?e=8' ?
One of the malicious files was first submitted for analysis on VirusTotal at 2010-02-17 11:02:35 and has an MD5 hash ending with '78873f791'. Provide the full MD5 hash.
What is the name of the function that hosted the shellcode relevant to 'http://sploitme.com.cn/fg/load.php?e=3'?
Deobfuscate the JS at 'shop.honeynet.sg/catalog/' and provide the value of the 'click' parameter in the resulted URL.
Deobfuscate the JS at 'rapidshare.com.eyu32.ru/login.php' and provide the value of the 'click' parameter in the resulted URL.
What was the version of 'mingw-gcc' that compiled the malware?
The shellcode used a native function inside 'urlmon.dll' to download files from the internet to the compromised host. What is the name of the function?
Unzip the challenge (pass: cyberdefenders.org), analyze the pcap and answer the questions.
A network trace with attack data is provided. Please note that the IP address of the victim has been changed to hide the true location.
As a soc analyst, analyze the artifacts and answer the questions.
1048 days ago
1 day ago
Given the sheer volume of email requests, our team might take longer to get back to you. Want a quick answer? Post in our community where our team & members respond promptly!
Thank you for your understanding.