How to create a GeoIP map report with Wireshark

We usually need to create an executive report when we are involved in an incident handling. In these cases, a good option could be to include in it a world map with the connections which were established in the incident. Maybe we are interested in showing on a map where the command an control servers are hosted or for example to show which countries...

Read More

The importance of the User-Agent in the Botnets connections

The RFC 1945 says in the 10.15 section: "The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. Although it...

Read More

Hack.lu - Capturing the flag V.2.0

This post is the continuation of the last one: http://www.behindthefirewalls.com/2013/11/hacklu-capturing-flag-v10.html I  remind you the file is available here: http://shell-storm.org/repo/CTF/Hacklu-2013/Reversing/RoboAuth-150/RoboAuth.exe Remember that in the last post, we obtained the first password "r0b0RUlez!" for the challenge offered...

Read More

Hack.lu - Capturing the flag V.1.0

Last 22-24 October 2013 hack.lu was celebrated in Luxemburgo. Hack.lu is an open a security convention where usually there is a CTF (capture the flag) competition. This year the competitors need to get two passwords of a program called RoboAuth.exe which can be downloaded here: http://shell-storm.org/repo/CTF/Hacklu-2013/Reversing/RoboAuth-150/RoboAuth.exe The...

Read More