A company's internal server has been flagged for unusual network activity, with multiple outbound connections to an unknown external IP. Initial analysis suggests possible data exfiltration. Investigate the provided network logs to determine the source and method of compromise.
**https://cyberdefenders.org/blueteam-ctf-challenges/packetmaze/**
key commands to look for include USER, which specifies the username attempting to authenticate, and PASS, which carries the corresponding password in plaintext unless encrypted.
The password used in this session is AfricaCTF2021, which was successfully accepted by the FTP server.
192.168.1.26?fe80::c80b:adff:feaa:1db7
use dns filter with the ip to get the mac address then filter with the mac address to find all related packets and identify the IPV6 address of the DNS server
15174?
just use the filter frame.number == 15174
and Within the Queries section of the packet details, we see that the user is requesting the resolution of the domain www.7-zip.org.