Hack the box Forensic Challenge Library:
The security team was alerted to suspicious network activity from a production web server.Can you determine if any data was stolen and what it was?
Solution: Hackinthebox will provide you following data - pcapng file, and lot of bro logs:
The security team was alerted to suspicious network activity from a production web server.Can you determine if any data was stolen and what it was?
Solution: Hackinthebox will provide you following data - pcapng file, and lot of bro logs:
While reviewing the log files - I noticed pastebin.com access from ip 10.10.20.13

Decrypte the data by the secrets.log file provided by hackthebox to view the content in plain text
Followed the TCP Stream for ip.addr == 10.10.20.13
There was a post request made (as seen in about screenshot). Filters packets by HTTP Post
Credit Card Data in Plain Text
Hack the box key below:
