I didn't attempt these challenges while at the conference, but I finally sat down to do them this weekend. They were pretty straightforward and didn't give me too many WTF moments. I intentionally used Linux tools and avoided some tools that could have made this challenge very easy, namely NetworkMiner and Netwitness. These are both great tools but I wanted to get some practice with a few others.
After Mr. X learns that Ann has been in contact with Inter0ptic, he begins to wonder about their relationship, and decides to monitor Ann's network traffic.
1. What is the name of the Company being attacked?
This one is an easy one. Luckily I picked the word “company” pretty early in my guessing and came to the answer quickly.
carl@bluestem:~$ strings Evidence01.pcap | grep -i company
nt-size%3A%2010pt%3B%20color%3A%20black%3B%5C%22%3E-----Original%20Message-----%3Cbr%3E%5CnFrom%3A%20Ann%20Imal%20%26lt%3Bann1smysterious%40aol.com%26gt%3B%3Cbr%3E%5CnTo%3A%20inter0pticon%20%26lt%3Binter0pticon%40aol.com%26gt%3B%3Cbr%3E%5CnSent%3A%20Fri%2C%20Jul%2015%2C%202011%202%3A45%20pm%3Cbr%3E%5CnSubject%3A%20Re%3A%20Tip%3Cbr%3E%5Cn%3Cbr%3E%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%3Cdiv%20id%3D%5C%22AOLMsgPart_1_e7a3f7f4-b5d1-49c1-b77e-d4d8f5388d6c%5C%22%3E%5Cn%5Cn%3Cfont%20color%3D%5C%22black%5C%22%20face%3D%5C%22arial%5C%22%20size%3D%5C%222%5C%22%3E%3Cfont%20color%3D%5C%22black%5C%22%20face%3D%5C%22arial%5C%22%20size%3D%5C%222%5C%22%3E%5Cn%5Cn%5Cn%3Cdiv%3E%20%3Cbr%3E%5Cn%5Cn%5Cn%3C%2Fdiv%3E%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%3Cdiv%3E%20%3Cfont%20color%3D%5C%22black%5C%22%20face%3D%5C%22arial%5C%22%20size%3D%5C%222%5C%22%3E%3Cfont%20size%3D%5C%222%5C%22%3E%3Cfont%20face%3D%5C%22Arial%2C%20Helvetica%2C%20sans-serif%5C%22%3ENext%5Cn%20week%2C%20you%20will%20travel%20to%20Metropia%2C%20where%20%5CnFactory-Made-Winning-Pharmaceuticals%20is%20headquartered.%26nbsp%3B%20You%20will%20break%20%5Cninto%20the%20company's%20customer%20credit%20card%20database%20and%20retrieve%20the%20card%20%5Cnnumbers.%26nbsp%3B%20%3Cbr%3E%5Cn%5Cn%5Cn%3Cbr%3E%5Cn%5Cn%5CnAnn%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%5Cn%3C%2Fdiv%3E%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%3Cdiv%20style%3D%5C%22clear%3A%
Answer: Factory-Made-Winning-Pharmaceuticals
No comments:
Post a Comment
Comments are moderated and will appear only after being reviewed.