Try   HackMD

HITCON Cyber Range 2024

Investigate Action

Break in

image

Reside

image

Recon 1

image
image

LPE

image
FireShot Capture 030 - TRAPA Cyber Range™ - hitcon2024.cyberrange.tw

Keylogger(X)

image

Enumeration

image

Mail Server

image

Recon 2

image

Dump Credential

image

Cracker

image

Move to next stop

image
FireShot Capture 037 - TRAPA Cyber Range™ - hitcon2024.cyberrange.tw

Who are u?

image

Tunneling(X)

image

from scapy.all import *

pcap=rdpcap('tunneling.pcap')

#print(pcap[0].show(dump=True))

data=b''
for p in pcap[2:-1]:
    if p[IP].src=='10.173.0.38':
        print(p[Raw].load.strip(b'\x00')[:-1]) 
        data+=p[Raw].load.strip(b'\x00')[:-1]

with open('gpo.zip','wb') as f:
    f.write(data)

zip -FF gpo.zip --out fix.zip

Recovery(X)

image

To the hill

image
image

Collection

image
image

Data Exfiltration

image

Credential Access(X)

image

Email Dump(X)

image

Sweeper(X)

image

Bloom

image