Day 17 – I Tawt I Taw A C2 Tat! (TryHackMe Advent of Cyber 2023)

December 20, 2023

This is a video walkthrough of Day 17 for the Advent of Cyber 2023 event. In today’s task, we look at the SiLK suite, and how it can be used to identify network behaviour, patterns, and anomalies.

Launch Advent of Cyber: https://tryhackme.com/r/christmas

0:00 – Introduction and Story
1:25 – Accessing the Machine
2:52 – Network Traffic Data
7:00 – PCAPs vs Network Flows
9:13 – How to Collect and Process Network Data
10:54 – SiLK Suite Overview

12:02 – Listing the SiLK version
13:41 – rwfileinfo
15:07 – rwcut
20:18 – rwfilter
23:57 – rwstats

26:17 – Top IP Addresses
27:39 – Top Communication Pairs
28:49 – DNS Traffic
30:07 – Frequency Analysis
31:29 – Remaining Connection Pairs
33:46 – Analyze HTTP Traffic
35:00 – TCP Flags
36:39 – Three Way Handshake

40:05 – Question 6
40:28 – Question 7
41:00 – Question 8
42:08 – Question 9
42:37 – Question 10

source

by MalwareCube

linux dns server

8 thoughts on “Day 17 – I Tawt I Taw A C2 Tat! (TryHackMe Advent of Cyber 2023)”

@playfulsteps9249

December 20, 2023 at 2:15 pm

Superb presentation with great tips, hints, explanations, deep dives, and process flow! Subscribed!
@cHK91129

December 20, 2023 at 2:15 pm

Thank you!
@MisterEddo

December 20, 2023 at 2:15 pm

Excellent presentation. And thank you for using full screen!
@Roku8500

December 20, 2023 at 2:15 pm

Really good video, go through the "steps" of the bad guy and see a "dos" attacks was really fun thanks!
@blackmine57

December 20, 2023 at 2:15 pm

Great video, thank you ! Now I know I don't like this tool
@hjaldrgegnir

December 20, 2023 at 2:15 pm

Really well done, thanks for the video!
@Blargman04

December 20, 2023 at 2:15 pm

Great walkthrough!
@metal-beard

December 20, 2023 at 2:15 pm

This was an amazing walkthrough. Thank you.