Thanks for the walk-through. As I am attempting this room right now the malicious file has now been flagged for 22 more times on virustotal compared to when you were doing it and the connected IP addresses are more. So I got frustrated there for a second. Thanks again for the walk-through.
Very easy to follow. Thank you! I also appreciate you doing the work with us. My learning style errors out briefly when I'm looking at the information already gathered.
I'm not sure if it's just my situation, but once I push Ctrl+C on my VM attackbox, I don't need to open the "clipboard" on the side. I think that clipboard just shows what is copying over, but I don't have to copy a 2nd time from it to paste on THM site for answers (or other sites like CyberChef). Hope this helps others :)
Hey there - thanks for the video - i finished the challange before watching, except for one thing - where could i see that the "used protocol" was RDP? checked out whole wireshark but couldn't figure that out on my own...
Certain ports you will become familiar with through experience, but if you arent familiar Google is your friend and this wikipedia site should be part of your reference tools - en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
So we worked with the file from the very beginning of the challenge. But how do you extract the network traffic into the file in the first place? Thanks!
There are tools out there you can capture network traffic. Wireshark itself can also do this. confluence.atlassian.com/kb/how-to-capture-http-traffic-using-wireshark-fiddler-or-tcpdump-779164332.html
Your mumbling made it hard to understand and the lack of a noise gate meant that we heard every keystroke and mouseclick... You need to calibrate your audio.
Wireshark is such a useful tool, glad to see a day in the AoC dedicated to it. Thanks for the video, subscribed.
Thank you very much for the help!
Thanks for the walk-through. As I am attempting this room right now the malicious file has now been flagged for 22 more times on virustotal compared to when you were doing it and the connected IP addresses are more. So I got frustrated there for a second. Thanks again for the walk-through.
Bandit Yeti has been busy associating more IP addresses! That infuriating Bandit Yeti APT.
@@wow_parzival5036 it is up to us to save the world this Christmas🎅
I am now doing this challenge, the virus total I copy pasted but no used I think it did not updated or so .
great walkthrough! Thanks 👍
Thanks for the walk through Security Ninja! :)
Fun one solving this task, thanks!
Very easy to follow. Thank you! I also appreciate you doing the work with us. My learning style errors out briefly when I'm looking at the information already gathered.
I'm not sure if it's just my situation, but once I push Ctrl+C on my VM attackbox, I don't need to open the "clipboard" on the side. I think that clipboard just shows what is copying over, but I don't have to copy a 2nd time from it to paste on THM site for answers (or other sites like CyberChef). Hope this helps others :)
Another very good room! Thank you!
Awesome challange and nice video 🙂
I love your videos keep going my friend + u guys are the best (THM)
Honestly if THM doesn't have an OpenVPN option for the room I'm not even attempting it. The constant disconnection issue is a huge problem
Love your videos brother! Very concise and to easy to follow.
Hey there - thanks for the video -
i finished the challange before watching, except for one thing - where could i see that the "used protocol" was RDP?
checked out whole wireshark but couldn't figure that out on my own...
Just use the found port 3389 and search on the internet
Certain ports you will become familiar with through experience, but if you arent familiar Google is your friend and this wikipedia site should be part of your reference tools - en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
So we worked with the file from the very beginning of the challenge. But how do you extract the network traffic into the file in the first place? Thanks!
There are tools out there you can capture network traffic. Wireshark itself can also do this. confluence.atlassian.com/kb/how-to-capture-http-traffic-using-wireshark-fiddler-or-tcpdump-779164332.html
@@SecurityNinja thanks!
Thanks :D
Thanks
In real world. How often would you be using pcap files/ wireshark
I think that really depends on the company. Some companies use it, others are not. My current role allows me to play Wireshark quite a bit.
Your mumbling made it hard to understand and the lack of a noise gate meant that we heard every keystroke and mouseclick... You need to calibrate your audio.
i agree, i had a hard time understanding his accent
learn to appreciate the teacher.
Great