Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
The room provided a phishing email, endpoint logs, and network traffic to analyze. By studying email headers, parsing JSON logs with JQ, and reconstructing events from packet captures, I uncovered how the threat actor gained initial access, enumerated the host, exfiltrated data, and maintained persistence. Key learning included inspecting encoded payloads, tracking command execution in…
Learn the basics of traffic analysis with Wireshark and how to find anomalies on your network! Link: https://tryhackme.com/room/wiresharkpacketoperations “In this room, we will cover the techniques and key points of traffic analysis with Wireshark and detect suspicious activities. Note that this is the third and last room of the Wireshark room trio, and it is…
Link-https://tryhackme.com/room/wiresharkthebasics Task 1: Introduction Which file is used to simulate the screenshots? Ans: http1.pcapng Which file is used to answer the questions Ans: Exercise.pcapng Task 2: Tool Overview Use the “Exercise.pcapng” file to answer the questions. Read the “capture file comments”. What is the flag? Ans: TryHackMe_Wireshark_Demo Open the pcap file and open the capture file…