One of our web servers triggered an AV alert, but none of the sysadmins say they were logged onto it. We’ve taken a network capture before shutting the server down to take a clone of the disk. Can you take a look at the PCAP and see if anything is up?

In this video walk-through, we covered analyzing a compromised webserver with Wireshark as part of HackTheBox Intro To Blue Team Pathway.

Get Blue Team Notes

Video Walk-Through

Get Cyber Security Field Notes By Joining My YouTube Channel Membership

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles