CyberDefenders: BlueTeam CTF Challenges

HoneyBOT

SHA1SUM	d9368027a7e19518ab91b8f04b47fbde1386d6da
Published	Nov. 13, 2020
Author	The Honeynet Project
Size	151K
Tags	Wireshark PCAP Threat Hunting Network

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/14 Questions

Your score

0/1700

Digital Forensics

Last solve

4 days ago by slimrezgui619

A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)

Tools:

#	Question	Weight	Solved
#1	What is the attacker's IP address?	50	717
Hint Report an issue

#2	What is the target's IP address?	50	716
Hint Report an issue

#3	Provide the country code for the attacker's IP address (a.k.a geo-location).	50	697
Hint Report an issue

#4	How many TCP sessions are present in the captured traffic?	100	686
Hint Report an issue

#5	How long did it take to perform the attack (in seconds)?	100	656
Hint Report an issue

#7	Provide the CVE number of the exploited vulnerability.	100	556
Hint Report an issue

#8	Which protocol was used to carry over the exploit?	100	655
Hint Report an issue

#9	Which protocol did the attacker use to download additional malicious files to the target system?	100	633
Hint Report an issue

#10	What is the name of the downloaded malware?	100	622
Hint Report an issue

#11	The attacker's server was listening on a specific port. Provide the port number.	100	623
Hint Report an issue

#12	When was the involved malware first submitted to VirusTotal for analysis? Format: YYYY-MM-DD	150	499
Hint Report an issue

#13	What is the key used to encode the shellcode?	200	384
Hint Report an issue

#14	What is the port number the shellcode binds to?	200	468
Hint Report an issue

#15	The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process?	300	463
Hint Report an issue

Submit Writeup