BlackHat MEA CTF Finals 2023 — Forensic (NoopAPT)

Introduction

In this article, I’ll share my experience cracking the forensics challenge “NoopAPT” during the BlackHat MEA CTF Finals 2023. The challenge was both straightforward and tricky, making it an enjoyable puzzle. I decided to walk you through the process of how I tackled it.

The challenge provided a file named “challpcap.pcapng” in the Forensic category. The goal was to identify a malicious connection. The problem statement was simple, but the solution required careful analysis.

Can you identify the malicious connection?

Getting Started

The first step was to open the provided file, “challpcap.pcapng,” using Wireshark. This tool allows us to analyze network traffic and understand the communication within the captured data.

Analyzing the Data

After opening the file, I navigated to Statistics → Conversations → “IPv4” to get statistics…