#1 |
What is the victim's MAC address?
|
50 |
826
|
|
|
#2 |
What is the address of the company associated with the victim's machine MAC address?
|
100 |
633
|
|
|
#3 |
What is the attacker's IP address?
|
50 |
752
|
|
|
#4 |
What is the IPv4 address of the DNS server used by the victim machine?
|
50 |
745
|
|
|
#5 |
What domain is the victim looking up in packet 5648?
|
50 |
736
|
|
|
#6 |
What is the server certificate public key that was used in TLS session: 731300002437c17bdfa2593dd0e0b28d391e680f764b5db3c4059f7abadbb28e
|
50 |
581
|
|
|
#7 |
What domain is the victim connected to in packet 4085?
|
50 |
663
|
|
|
#8 |
The attacker conducted a port scan on the victim machine. How many open ports did the attacker find?
|
100 |
585
|
|
|
#9 |
Analyze the pcap using the provided rules. What is the CVE number falsely alerted by Suricata?
|
150 |
348
|
|
|
#10 |
What is the command parameter sent by the attacker in packet number 2650?
|
50 |
586
|
|
|
#11 |
What is the stream number which contains email traffic?
|
100 |
542
|
|
|
#12 |
What is the victim's email address?
|
100 |
596
|
|
|
#13 |
What was the time attacker sent the email?
|
50 |
588
|
|
|
#14 |
What is the version of the program used to send the email?
|
100 |
581
|
|
|
#15 |
What is the MD5 hash of the email attachment?
|
50 |
507
|
|
|
#16 |
What is the CVE number the attacker tried to exploit using the malicious document?
|
100 |
474
|
|
|
#17 |
The malicious document file contains a URL to a malicious HTML file. Provide the URL for this file.
|
50 |
459
|
|
|
#18 |
What is the LinkType of the OLEObject related to the relationship which contains the malicious URL?
|
50 |
302
|
|
|
#19 |
What is the Microsoft Office version installed on the victim machine?
|
100 |
400
|
|
|
#20 |
The malicious HTML contains a js code that points to a malicious CAB file. Provide the URL to the CAB file?
|
100 |
405
|
|
|
#21 |
The exploit takes advantage of a CAB vulnerability. Provide the vulnerability name?
|
100 |
312
|
|
|
#22 |
The CAB file contains a malicious dll file. What is the tool used to generate the dll?
|
50 |
299
|
|
|
#23 |
What is the path of the dropped malicious dll file? Replace your username with IEUser
|
150 |
251
|
|
|
#24 |
Analyzing the dll file what is the API used to write the shellcode in the process memory?
|
100 |
260
|
|
|
#25 |
Extracting the shellcode from the dll file. What is the name of the library loaded by the shellcode?
|
100 |
233
|
|
|
#26 |
Which port was configured to receive the reverse shell?
|
100 |
300
|
|