CyberDefenders: BlueTeam CTF Challenges

PacketMaze

SHA1SUM	8d259580fe6bd28a42bd3667ff5d135d04149899
Published	June 23, 2021
Author	DFIRScience
Size	33 MB
Tags	Wireshark PCAP Anlysis HTTP DNS SMB DHCP FTP

Instructions	Uncompress the challenge (pass: cyberdefenders.org) Load suricatarunner.exe and suricataupdater.exe in BrimSecurity. Uncompress suricata.zip and move suircata.rules to ".\var\lib\suricata\rules" inside suricatarunner directory.

Your progress

0% Completed0/11 Questions

Your score

0/900

Packet Analysis

Last solve

today by altamash

As an analyst working for a security service provider, you have been tasked with analyzing a packet capture for a customer's employee whose network activity has been monitored for a while -possible insider.

Tools:

#	Question	Weight	Solved
#1	What is the FTP password?	50	1126
Hint Report an issue

#2	What is the IPv6 address of the DNS server used by 192.168.1.26? (####::####:####:####:####)	50	1075
Hint Report an issue

#3	What domain is the user looking up in packet 15174?	50	1081
Hint Report an issue

#4	How many UDP packets were sent from 192.168.1.26 to 24.39.217.246?	50	1059
Hint Report an issue

#5	What is the MAC address of the system being investigated in the PCAP?”	50	1036
Hint Report an issue

#6	What was the camera model name used to take picture 20210429_152157.jpg ?	100	960
Hint Report an issue

#7	What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff?	100	855
Hint Report an issue

#8	What is the first TLS 1.3 client random that was used to establish a connection with protonmail.com?	100	844
Hint Report an issue

#9	What country is the MAC address of the FTP server registered in? (two words, one space in between)	100	876
Hint Report an issue

#10	What time was a non-standard folder created on the FTP server on the 20th of April? (hh:mm)	100	794
Hint Report an issue

#11	What domain was the user connected to in packet 27300?	150	835
Hint Report an issue

Submit Writeup