mercredi, mars 24 2010
Par malphx le mercredi, mars 24 2010, 13:48 - Network Forensics
The second "2010" Forensic Challenge published by the Honeynet Project is now closed, and the results have been published.
This time the investigators (or contestants) had to dissect a pcap file containing network traces of "browsers under attack".
The analysis revealed that a "lab setup" has been used to mimic the interactions between victim's browsers and some malicious Web sites.
Feel free to review my submission, all the winners submissions and the solution given by the Honeynet Project's Team.
I haved scored 43/43 for this one, and so I'm one of the 4 winners
I'm now waiting the publication of #3 ('Banking Troubles'), which promises to be very interresting.
Finally, I would also like to thank all the Honeynet Project's team for giving us such interresting and educationnal contests !
mardi, février 16 2010
Par malphx le mardi, février 16 2010, 13:49 - Network Forensics
I've participated in the last Honeynet Challenge.
This Challenge ran from Jan 18th 2010 to Feb 15th 2010.
It was about the analysis of a PCAP trace file containing an attack.
Results have been published,
and I'm proud of my #2 position in this contest.
You could find my submission on The Honeynet Project's website.
samedi, février 6 2010
Par malphx le samedi, février 6 2010, 11:13 - Network Forensics
Well, submissions for this contest are closed since 4 days now. So I think it's time for me to publish my solution...
mardi, novembre 24 2009
Par malphx le mardi, novembre 24 2009, 23:32 - Network Forensics
Well, results have been published, and (Wow !) I'm one of the 2 winners of this challenge. What a great surprise ! A lot of good work have been done by the other finalists, too. to view their submissions.
Now that the deadline is past, and the official answers have been published on the Network Forensics Puzzle Contest.
it's now time for me to publish my own submission.
For this one, i've written 2 tools in ruby.The first is named smtpdump and could be used to retrieve interresting informations on SMTP conversations in a pcap file. The second docxtract is able to extract files from a docx archive.
Well, this time, it seems the challenge will be hard...
Some of the contestants have already published their own solutions or tools, and all the solutions i've already read so far are really good ones !
dimanche, novembre 25 2007
Par malphx le dimanche, novembre 25 2007, 23:48 - ego