One of our web servers triggered an AV alert, but none of the sysadmins say they were logged onto it. We’ve taken a network capture before shutting the server down to take a clone of the disk. Can you take a look at the PCAP and see if anything is up?

In this video walk-through, we covered analyzing a compromised webserver with Wireshark as part of HackTheBox Intro To Blue Team Pathway.

Get Blue Team Notes

Video Walk-Through

Get Cyber Security Field Notes By Joining My YouTube Channel Membership

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles