DNS C2 Analysis: Detecting Data Exfiltration in HackTheBoo CTF 2022 🔍

Learn how to analyze DNS traffic in Wireshark to identify command and control (C2) channels and uncover data breaches in this HackTheBoo CTF 2022 challenge. Step-by-step walkthrough for effective detection!

0xdf2.0K views9:04

About this video

This challenge presents a PCAP with a bunch of DNS resolutions that is exfiling data. I'll start in Wireshark and identify what's happening, and then switch to tshark to pull out those requests, and with some bash foo convert them back into an .xslx file. ☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf [00:00] Introduction [00:14] Opening PCAP, looking at Statistics ➡️ Conversations and Statistics ➡️ Protcol Hierarchy [01:22] Looking at DNS queries, coming up with theory about DNS names [01:41] Using tshark to pull out data [04:00] Looking up file magic, seeing it's a zip file [04:40] Using cut and xxd to get binary data [06:02] Opening excel file with unzip and finding flag with grep [07:04] Installing Libreoffice and looking at resulting file
4.5

1 user review

Write a Review

0/1000 characters

User Reviews

0 reviews

Be the first to comment...

Video Information

Views
2.0K

Total views since publication

Likes
65

User likes and reactions

Duration
9:04

Video length

Published
Nov 1, 2022

Release date

Quality
hd

Video definition

About the Channel

0xdf

0xdf

View channel →

Related Trending Topics

LIVE TRENDS

This video may be related to current global trending topics. Click any trend to explore more videos about what's hot right now!

THIS VIDEO IS TRENDING!

This video is currently trending in Morocco under the topic 'météo demain'.

Trending Now Globally
météo demain
100K+
kızılcık şerbeti fragman
20K+
weather
10K+
ลักเซมเบิร์ก พบ เยอรมนี
10K+
china suárez
10K+
venezuela - australia
10K+

Share This Video

SOCIAL SHARE

Share this video with your friends and followers across all major social platforms including X (Twitter), Facebook, Youtube, Pinterest, VKontakte, and Odnoklassniki. Help spread the word about great content!