Posts

CyberDefenders - Series (Malware Traffic Analysis 3 - Packet Analysis)

Image
 Introduction The Digital Forensics & Incident Response (DFIR) field is one, where you must keep learning to stay current with the latest development and to keep your skills sharp. Therefore I've decided to start working on some challenges that are delivered through  CyberDefenders . It's a great place to work on challenges and to keep developping yourself. The Challenge This blog describes the 'Malware Traffic Analysis 3' challenge, which can be found  here .  Tools used for this challenge: -  NetworkMiner -  Wireshark -  PacketTotal -  VirusTotal -  Brim Write-up My write-ups follow a standard pattern, which is 'Question' and 'Methodology'. I choose this format, because it allows you to be able to follow along and try this challenge for yourself. I have choosen not to disclose the answer here, since it's also a competition and I don't want to spoil the integrity and fun of competing.  Question 1 What is the IP address of the infected Window

CyberDefenders - Series (Malware Traffic Analysis 2 - Packet Analysis)

Image
Introduction The Digital Forensics & Incident Response (DFIR) field is one, where you must keep learning to stay current with the latest development and to keep your skills sharp. Therefore I've decided to start working on some challenges that are delivered through  CyberDefenders . It's a great place to work on challenges and to keep developping yourself. The Challenge This blog describes the 'Malware Traffic Analysis 2' challenge, which can be found  here .  Tools used for this challenge: -  NetworkMiner -  Wireshark -  PacketTotal -  VirusTotal - Brim Write-up My write-ups follow a standard pattern, which is 'Question' and 'Methodology'. I choose this format, because it allows you to be able to follow along and try this challenge for yourself. I have choosen not to disclose the answer here, since it's also a competition and I don't want to spoil the integrity and fun of competing.  Question 1 What is the IP address of the Windows VM that g

CyberDefenders - Series (Malware Traffic Analysis 1 - Packet Analysis)

 Introduction The Digital Forensics & Incident Response (DFIR) field is one, where you must keep learning to stay current with the latest development and to keep your skills sharp. Therefore I've decided to start working on some challenges that are delivered through CyberDefenders . It's a great place to work on challenges and to keep developping yourself. The Challenge This blog describes the 'Malware Traffic Analysis 1' challenge, which can be found here .  Tools used for this challenge: - NetworkMiner - Wireshark - PacketTotal - VirusTotal Write-up My write-ups follow a standard pattern, which is 'Question' and 'Methodology'. I choose this format, because it allows you to be able to follow along and try this challenge for yourself. I have choosen not to disclose the answer here, since it's also a competition and I don't want to spoil the integrity and fun of competing.  Question 1 What is the IP address of the Windows VM that gets infected

Write-up Magnet Weekly CTF

Image
It is time for some fun and time to sharpen up my Mobile Forensics skills. Magnet Forensics has decided to organize a weekly CTF challenge, every Monday a new challenge will be published for the last quarter of 2020. This gives everyone a week to work on a challenge and then it will be closed and a new challenge will be published. I really like this setup, as it is a lot easier to combine with work life. More information about the CTF can be found on the Magnet website . I will use and update this article to write down my methodology to solving the challenge and hopefully the answer as well.    Quick navigation  To navigate to the write-up of a certain week, use the links below: Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9 Week 10 Week 11 Week 12 CTF Setup  For the month October a mobile Android Image is used download  here .  For the month November a Linux image is used download  here . For the month December a Windows memory image is used download here I use