A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)
# | Question | Weight | Solved | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | What is the attacker's IP address? | 50 | 93 | ||||||||||||
2 | What is the target's IP address? | 50 | 93 | ||||||||||||
3 | Provide the country code for the attacker's IP address (a.k.a geo-location). | 50 | 88 | ||||||||||||
4 | How many TCP sessions are present in the captured traffic? | 100 | 87 | ||||||||||||
5 | How long did it take to perform the attack (in seconds)? | 100 | 85 | ||||||||||||
6 | What is the operating system of the target host? | 100 | 86 | ||||||||||||
7 | Provide the CVE number of the exploited vulnerability. | 100 | 57 | ||||||||||||
8 | Which protocol was used to carry over the exploit? | 100 | 88 | ||||||||||||
9 | Which protocol did the attacker use to download additional malicious files to the target system? | 100 | 84 | ||||||||||||
10 | What is the name of the downloaded malware? | 100 | 80 | ||||||||||||
11 | The attacker's server was listening on a specific port. Provide the port number. | 100 | 80 | ||||||||||||
12 | When was the involved malware first submitted to VirusTotal for analysis? | 150 | 51 | ||||||||||||
13 | What is the key used to encode the shellcode? | 200 | 32 | ||||||||||||
14 | What is the port number the shellcode binds to? | 200 | 59 | ||||||||||||
15 | The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process? | 300 | 50 | ||||||||||||