archive
Category: Network Forensics

2016/10/25

The Importance of Dual Tool Verification

Those of us working in the Digital Forensics and Incident Response realm rely on tools to harvest data for analysis, not to mention to perform the actual analysis. Let’s be honest: Without tools, we would have a dickens of a time doing our jobs. Unfortunately, this had led to examiners having an inherent high level[…]

2016/03/29

Network Forensics – Round 7: Ann’s Dark Tangent

Network Forensics – Round 7: Ann’s Dark Tangent The Puzzle: Ann’s Dark Tangent (DEFCON 2010) Ann has arranged a rendezvous with Dark Tangent. You are the forensic investigator. Can you figure out their destination? Again for this challenge I utilized the same tools as the other rounds to accomplish the above tasks. There are always[…]

2016/02/08

Something Phishy – 02-08-2016

by Destruct_Icon
Categories: Analysis, Coding, JavaScript, Network Forensics
Tags: , ,
Comments: 1 Comment

Something Phishy – Return of the Fax! And we’re back with another “Something Phishy” for February. If you ever had a postal receipt sent to your e-mail, some of the behaviors may feel very familiar to you. Apparently I received a fax from incoming@interfax.net. Let’s start by pulling all the information we can out of[…]

2015/12/01

Beholder

:The Beholder Script: This is Destruct_Icon from MalWerewolf and I would like to introduce you to the Beholder script. This script allows you to take advantage of free software that may help you identify malware on your network. The origins of this script spawned from the needs of administrators who did not have the resources[…]

2015/10/12

Network Forensics – Round 6: Ann’s Aurora

:Network Forensics – Round 6: Ann’s Aurora: The puzzle: Ann’s Aurora Ann Dercover is after SaucyCorp’s Secret Sauce recipe. She’s been trailing the lead developer, Vick Timmes, to figure out how she can remotely access SaucyCorp’s servers. One night, while conducting reconnaissance, she sees him log into his laptop (10.10.10.70) and VPN into SaucyCorp’s headquarters.[…]

2015/09/01

Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware

:Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware: The puzzle: It was a morning ritual. Ms. Moneymany sipped her coffee as she quickly went through the email that arrived during the night. One of the messages caught her eye, because it was clearly spam that somehow got past the email filter. The message extolled[…]

2015/07/21

Network Forensics – Round 4: The Curious Mr. X

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

Network Forensics – Round 4: The Curious Mr. X Round 4! Below is the scenario for round 4 in the Network Forensics Challenge Series: While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facility’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a compromised system), he conducts some noisy[…]

2015/05/05

Network Forensics – Round 3: Ann’s Apple TV

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

: Network Forensics Round 3! : Ann’s Apple TV Below is the scenario for round 3 in the network forensic challenge series: Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann[…]

2015/04/20

Network Forensics – Round 2: Ann Skips Bail

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: Leave a Comment

: Network Forensics – Round 2 : The second puzzle in the network forensic challenge series. Below is the background on the scenario: After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town. “We believe Ann may have communicated with her secret lover, Mr. X,[…]

2015/03/11

Network Forensics – Round 1: Ann’s Bad AIM

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 5 Comments

I recently came across one of the old DefCon puzzle challenges from back in 2009. I hadn’t done this challenge before so I decided to give it a shot. This is the first of a series of network forensic challenges. Below is the background on the challenge: Puzzle #1: Ann’s Bad AIM Anarchy-R-Us, Inc. suspects[…]


Today is Wednesday
2017/08/23