CyberDefenders: HoneyBOT blueteam challenge.

HoneyBOT

SHA1SUM	d9368027a7e19518ab91b8f04b47fbde1386d6da
Published	Nov. 13, 2020
Author	The Honeynet Project
Size	151K
Tags	Wireshark PCAP Malware Analysis Threat Hunting CVEs

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/14 Questions

Your score

0/1700

Packet Analysis

Last solve

today by greatname2311

A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works.. (Note that the IP address of the victim has been changed to hide the true location.)

Tools:

#	Question	Weight	Solved
#1	What is the attacker's IP address?	50	393
Hint Report an issue

#2	What is the target's IP address?	50	394
Hint Report an issue

#3	Provide the country code for the attacker's IP address (a.k.a geo-location).	50	378
Hint Report an issue

#4	How many TCP sessions are present in the captured traffic?	100	375
Hint Report an issue

#5	How long did it take to perform the attack (in seconds)?	100	361
Hint Report an issue

#7	Provide the CVE number of the exploited vulnerability.	100	293
Hint Report an issue

#8	Which protocol was used to carry over the exploit?	100	364
Hint Report an issue

#9	Which protocol did the attacker use to download additional malicious files to the target system?	100	349
Hint Report an issue

#10	What is the name of the downloaded malware?	100	347
Hint Report an issue

#11	The attacker's server was listening on a specific port. Provide the port number.	100	347
Hint Report an issue

#12	When was the involved malware first submitted to VirusTotal for analysis? Format: YYYY-MM-DD	150	263
Hint Report an issue

#13	What is the key used to encode the shellcode?	200	198
Hint Report an issue

#14	What is the port number the shellcode binds to?	200	254
Hint Report an issue

#15	The shellcode used a specific technique to determine its location in memory. What is the OS file being queried during this process?	300	250
Hint Report an issue

Submit Writeup