Uncompress the challenge (pass: cyberdefenders.org)
A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)
What is the attacker's IP address?
What is the target's IP address?
Provide the country code for the attacker's IP address (a.k.a geo-location).
How many TCP sessions are present in the captured traffic?
How long did it take to perform the attack (in seconds)?
Provide the CVE number of the exploited vulnerability.
Which protocol was used to carry over the exploit?
Which protocol did the attacker use to download additional malicious files to the target system?
What is the name of the downloaded malware?
The attacker's server was listening on a specific port. Provide the port number.
When was the involved malware first submitted to VirusTotal for analysis? Format: YYYY-MM-DD
What is the key used to encode the shellcode?
What is the port number the shellcode binds to?
The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process?