A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)

# Question Weight Solved
1 What is the attacker's IP address? 50 93

2 What is the target's IP address? 50 93

3 Provide the country code for the attacker's IP address (a.k.a geo-location). 50 88

4 How many TCP sessions are present in the captured traffic? 100 87

5 How long did it take to perform the attack (in seconds)? 100 85

6 What is the operating system of the target host? 100 86

7 Provide the CVE number of the exploited vulnerability. 100 57

8 Which protocol was used to carry over the exploit? 100 88

9 Which protocol did the attacker use to download additional malicious files to the target system? 100 84

10 What is the name of the downloaded malware? 100 80

11 The attacker's server was listening on a specific port. Provide the port number. 100 80

12 When was the involved malware first submitted to VirusTotal for analysis? 150 51

13 What is the key used to encode the shellcode? 200 32

14 What is the port number the shellcode binds to? 200 59

15 The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process? 300 50