The Final Hop - Write-up

DFIR Network Forensics Packet Analysis

Challenge Overview

This challenge involved analyzing network traffic captures to identify suspicious activity and trace the attacker's footsteps through the network infrastructure.

// Methodology

Step 1: Initial Analysis

Started by loading the PCAP file into Wireshark to get an overview of the traffic patterns and identify any anomalies in the network communication.

Step 2: Traffic Filtering

Applied various filters to isolate suspicious traffic and focus on potentially malicious communications.

Step 3: Deep Packet Inspection

Examined packet payloads to identify data exfiltration attempts and command-and-control communications.

// Tools Used

Wireshark - Packet capture and analysis
tshark - Command-line packet analysis
NetworkMiner - Network forensic analysis

Download Full Write-up (DOCX) Back to Write-ups

visitor@1n1t:~ (1n1t.os v6.0) Click to Toggle

visitor@1n1t:~$