Lost in traffic

MediumNetwork Security

Overview

We have determined that we are currently under attack. By collecting and analyzing data from multiple sources, we identified that the attacker is consistently using RC4 encryption. This information may assist you in your investigation. Your task is to analyze the network traffic and determine whether the attacker wrote any data to disk, including identifying the secret file name and its contents.

Flag{content_writen|file_name|file_content}

Lab Details

Prerequisites & Requirements

  • Basic understanding of networking and network protocols
  • Familiarity with WiFi (802.11) frame types and structure
  • Knowledge of encryption concepts (symmetric ciphers)
  • Basic Python scripting skills
  • Experience with packet capture analysis

What will you learn?

  • How attackers use WiFi management frames for covert Command & Control (C2) communication
  • How to analyze and extract data hidden in 802.11 Beacon and Probe Request frames
  • How to identify and reconstruct session-based covert channels
  • How to decrypt RC4-encrypted payloads from network traffic

Tools

  • Wireshark
  • Python 3
  • CyberChef

Job Positions

Soc Analyst

Tags

Packet AnalysisSniffingWiresharkC2Endpoint SecurityWireless Security802.1xPcapSoc