Ignite National CyberSecurity Hackathon 2023 Finals | Network Security Writeup

There were two challenges named Maltraffic 101 and Maltraffic 102 in the Network Security category.

Maltraffic 101 (100 points)

We were asked to find the malicious IP, its origin, and the name of the malware.

I uploaded the .pcap file on Dynamite Lab’s successor to PacketTotal. The file is available to be viewed at the following link:

DynamiteLab - A Free Online PCAP File Viewer and Analyzer

This tool makes it very easy to analyze .pcap files although I would recommend not uploading sensitive files as it retains the files in its database and is available to be viewed by anyone over the internet.

Simply opening the file on the online tool tells us the malicious IP 47.28.203.160 which becomes the first part of our flag

Running the IP on location finder tells us the origin as unitedstates

For the final part, analyzing the file on the same tool to look for the Malware shows us the name of the malware as AsyncRAT

Final flag

Flag{47.28.203.160_unitedstates_asyncrat}

I was the second solve to this challenge.

Maltraffic 102 (200 points)

I followed the same strategy for this challenge as well. Opened the file on the same tool. You can find the file here:

DynamiteLab - A Free Online PCAP File Viewer and Analyzer

This time, we were asked to find the malicious IP and the type of malware.

Following the same strategy we can easily find the malicious IP. After analysis I found this IP to be malicious 86.59.21.38

Upon analysis on VirusTotal.com, I found out that this IP relates to WannaCry which is a popular ransomware malware.

This completed the hunt to find the flag and I was able to solve this challenge within 3 minutes along with a first blood.

Flag{86.59.21.38_ransomware}

This was an easy way to do PCAP analysis and helped me a lot throughout the event.

Do give me a follow if you liked the writeup.