Introduction

One of our web servers triggered an AV alert, but none of the sysadmins say they were logged onto it. We’ve taken a network capture before shutting the server down to take a clone of the disk. Can you take a look at the PCAP and see if anything is up?

In this video walk-through, we covered analyzing a compromised webserver with Wireshark as part of HackTheBox Intro To Blue Team Pathway.

Video Walk-Through

 

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles