Admin Trace
MediumWeb
Overview
One of our company’s administrative accounts for the internal app has been compromised. After this, the attacker suspended a single but critical employee account, which caused significant disruption to company operations.We need to identify the time of the first login, the username of the compromised account, and the username of the suspended account.
Flag Format: Flag{time|compromised_admin_account|suspended_username}
time YY-MM-DD-hh-mm-ss UTC seconds will be rounded
Lab Details
Prerequisites & Requirements
- Understanding of network protocols, particularly HTTP/TCP
- Experience with packet capture files and network forensics
- Ability to write Python scripts for automation and data parsing
- Knowledge of Wireshark filters and packet inspection
- Understanding of authentication mechanisms, sessions, and cookies
- Pattern matching for extracting data from network payloads using regular expressions
- Identifying attack patterns in network traffic
- Understanding of HTTP requests, responses, headers, and methods
What will you learn?
- Advanced PCAP analysis techniques to systematically analyze network traffic
- Brute force attack detection and analysis in network traffic
- HTTP session tracking through cookies and authentication tokens
- Using PyShark for programmatic packet analysis
- Web application flow analysis and authentication/authorization handling
- Timeline reconstruction from network data
- Attack pattern recognition in legitimate network traffic
- Digital forensics methodology and systematic incident investigation
Tools
- Wireshark for PCAP file analysis and packet inspection
- Python 3 for writing analysis scripts and data processing
- VS Code/Text Editor for script development and analysis
Job Positions
Network Security Engineer
Tags
WiresharkPcapSniffingMitmPacket AnalysisProtocol Analysis