HITCON Cyber Range 2024

# HITCON Cyber Range 2024 ### Investigate Action #### Break in ![image](https://hackmd.io/_uploads/Sk_8LFVY0.png) #### Reside ![image](https://hackmd.io/_uploads/r18_LFEFC.png) #### Recon 1 ![image](https://hackmd.io/_uploads/SJnGI3xKR.png) ![image](https://hackmd.io/_uploads/ByS483eYC.png) #### LPE ![image](https://hackmd.io/_uploads/Byzi8KEYC.png) ![FireShot Capture 030 - TRAPA Cyber Range™ - hitcon2024.cyberrange.tw](https://hackmd.io/_uploads/rkw2YFNKC.png) #### Keylogger(X) ![image](https://hackmd.io/_uploads/HJlTLYEFA.png) #### Enumeration ![image](https://hackmd.io/_uploads/BJdRUFEYC.png) #### Mail Server ![image](https://hackmd.io/_uploads/SkggvFEY0.png) #### Recon 2 ![image](https://hackmd.io/_uploads/B1sZDYNFR.png) #### Dump Credential ![image](https://hackmd.io/_uploads/SJyUwYEtC.png) #### Cracker ![image](https://hackmd.io/_uploads/SJBPDK4FA.png) #### Move to next stop ![image](https://hackmd.io/_uploads/ByctPFEtC.png) ![FireShot Capture 037 - TRAPA Cyber Range™ - hitcon2024.cyberrange.tw](https://hackmd.io/_uploads/rJxAYK4K0.png) #### Who are u? ![image](https://hackmd.io/_uploads/SJUovKNKA.png) #### Tunneling(X) ![image](https://hackmd.io/_uploads/Bkn6PY4t0.png) ```python! from scapy.all import * pcap=rdpcap('tunneling.pcap') #print(pcap[0].show(dump=True)) data=b'' for p in pcap[2:-1]: if p[IP].src=='10.173.0.38': print(p[Raw].load.strip(b'\x00')[:-1]) data+=p[Raw].load.strip(b'\x00')[:-1] with open('gpo.zip','wb') as f: f.write(data) ``` `zip -FF gpo.zip --out fix.zip` #### Recovery(X) ![image](https://hackmd.io/_uploads/S18y_tVK0.png) #### To the hill ![image](https://hackmd.io/_uploads/rykcs9xFA.png) ![image](https://hackmd.io/_uploads/B1ioi5xF0.png) #### Collection ![image](https://hackmd.io/_uploads/HkoAjqgK0.png) ![image](https://hackmd.io/_uploads/r1TZ35lYC.png) #### Data Exfiltration ![image](https://hackmd.io/_uploads/B1MfdYVtA.png) #### Credential Access(X) ![image](https://hackmd.io/_uploads/B10MOt4KA.png) #### Email Dump(X) ![image](https://hackmd.io/_uploads/r19yYFVY0.png) #### Sweeper(X) ![image](https://hackmd.io/_uploads/By7BOY4t0.png) #### Bloom ![image](https://hackmd.io/_uploads/SkXkT5xYA.png)