DNS C2 Analysis: Detecting Data Exfiltration in HackTheBoo CTF 2022 🔍
Learn how to analyze DNS traffic in Wireshark to identify command and control (C2) channels and uncover data breaches in this HackTheBoo CTF 2022 challenge. Step-by-step walkthrough for effective detection!
0xdf
2.0K views • Nov 1, 2022
About this video
This challenge presents a PCAP with a bunch of DNS resolutions that is exfiling data. I'll start in Wireshark and identify what's happening, and then switch to tshark to pull out those requests, and with some bash foo convert them back into an .xslx file.
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:14] Opening PCAP, looking at Statistics ➡️ Conversations and Statistics ➡️ Protcol Hierarchy
[01:22] Looking at DNS queries, coming up with theory about DNS names
[01:41] Using tshark to pull out data
[04:00] Looking up file magic, seeing it's a zip file
[04:40] Using cut and xxd to get binary data
[06:02] Opening excel file with unzip and finding flag with grep
[07:04] Installing Libreoffice and looking at resulting file
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:14] Opening PCAP, looking at Statistics ➡️ Conversations and Statistics ➡️ Protcol Hierarchy
[01:22] Looking at DNS queries, coming up with theory about DNS names
[01:41] Using tshark to pull out data
[04:00] Looking up file magic, seeing it's a zip file
[04:40] Using cut and xxd to get binary data
[06:02] Opening excel file with unzip and finding flag with grep
[07:04] Installing Libreoffice and looking at resulting file
Video Information
Views
2.0K
Likes
65
Duration
9:04
Published
Nov 1, 2022
User Reviews
4.5
(1) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.