CyberDefenders: HoneyBOT blueteam challenge.

HoneyBOT

SHA1SUM	d9368027a7e19518ab91b8f04b47fbde1386d6da
Published	Nov. 13, 2020
Author	The Honeynet Project
Size	151K
Tags	Wireshark PCAP Malware Analysis Threat Hunting CVEs

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/14 Questions

Your score

0/1700

Packet Analysis

Last solve

A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)

Tools:

#	Question	Weight	Solved
#1	What is the attacker's IP address?	50	245
Hint Report an issue

#2	What is the target's IP address?	50	245
Hint Report an issue

#3	Provide the country code for the attacker's IP address (a.k.a geo-location).	50	228
Hint Report an issue

#4	How many TCP sessions are present in the captured traffic?	100	226
Hint Report an issue

#5	How long did it take to perform the attack (in seconds)?	100	219
Hint Report an issue

#7	Provide the CVE number of the exploited vulnerability.	100	165
Hint Report an issue

#8	Which protocol was used to carry over the exploit?	100	220
Hint Report an issue

#9	Which protocol did the attacker use to download additional malicious files to the target system?	100	205
Hint Report an issue

#10	What is the name of the downloaded malware?	100	203
Hint Report an issue

#11	The attacker's server was listening on a specific port. Provide the port number.	100	203
Hint Report an issue

#12	When was the involved malware first submitted to VirusTotal for analysis? Format: YYYY-MM-DD	150	145
Hint Report an issue

#13	What is the key used to encode the shellcode?	200	98
Hint Report an issue

#14	What is the port number the shellcode binds to?	200	142
Hint Report an issue

#15	The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process?	300	132
Hint Report an issue