|
Hack the box Forensic Challenge Library: The security team was alerted to suspicious network activity from a production web server.Can you determine if any data was stolen and what it was? Solution: Hackinthebox will provide you following data - pcapng file, and lot of bro logs:  While reviewing the log files - I noticed pastebin.com access from ip 10.10.20.13   Decrypte the data by the secrets.log file provided by hackthebox to view the content in plain text  Followed the TCP Stream for ip.addr == 10.10.20.13  There was a post request made (as seen in about screenshot). Filters packets by HTTP Post  Credit Card Data in Plain Text  Hack the box key below:  |
Mac Forensics
|
RSS Feed