BSidesJeddah-Part1 blue team ctf

What is the address of the company associated with the victim's machine MAC address?

What is the attacker's IP address?

What is the IPv4 address of the DNS server used by the victim machine?

What domain is the victim looking up in packet 5648?

What is the server certificate public key that was used in TLS session: 731300002437c17bdfa2593dd0e0b28d391e680f764b5db3c4059f7abadbb28e

What domain is the victim connected to in packet 4085?

The attacker conducted a port scan on the victim machine. How many open ports did the attacker find?

Analyze the pcap using the provided rules. What is the CVE number falsely alerted by Suricata?

What is the command parameter sent by the attacker in packet number 2650?

What is the stream number which contains email traffic?

What is the victim's email address?

What was the time attacker sent the email?

What is the version of the program used to send the email?

What is the MD5 hash of the email attachment?

What is the CVE number the attacker tried to exploit using the malicious document?

The malicious document file contains a URL to a malicious HTML file. Provide the URL for this file.

What is the LinkType of the OLEObject related to the relationship which contains the malicious URL?

What is the Microsoft Office version installed on the victim machine?

The malicious HTML contains a js code that points to a malicious CAB file. Provide the URL to the CAB file?

The exploit takes advantage of a CAB vulnerability. Provide the vulnerability name?

The CAB file contains a malicious dll file. What is the tool used to generate the dll?

What is the path of the dropped malicious dll file? Replace your username with IEUser

Analyzing the dll file what is the API used to write the shellcode in the process memory?

Extracting the shellcode from the dll file. What is the name of the library loaded by the shellcode?

Which port was configured to receive the reverse shell?