Advent of Cyber 2023 - [Day 7] ‘Tis the season for log chopping!
Day - 7 Questions and Answers: ✅
1. How many unique IP addresses are connected to the proxy server?
Ans: 9
2. How many unique domains were accessed by all workstations?
Ans: 111
3. What status code is generated by the HTTP requests to the least accessed domain?
Ans: 503
4. Based on the high count of connection attempts, what is the name of the suspicious domain?
Ans: frostlings.bigbadstash.thm
5. What is the source IP of the workstation that accessed the malicious domain?
Ans: 10.10.185.225
6. How many requests were made on the malicious domain in total?
Ans: 1581
7. Having retrieved the exfiltrated data, what is the hidden flag?
Ans: THM{a_gift_for_you_awesome_analyst!}
If you enjoyed doing log analysis, check out the Log Analysis module in the SOC Level 2 Path.
Link: https://tryhackme.com/room/adventofcyber2023
Support me: If you like to support me, buy me a cup of Coffee☕
![Advent of Cyber 2023 - [Day 11] Jingle Bells, Shadow Spells - Tryhackme](https://blogger.googleusercontent.com/img/a/AVvXsEjvhLIwhAgizmoE_mSLJoAQsbnom9VM6M3PU9GeUpPsF6PQHGL3O3q6OIOfOe3bdk8AQQC7HpiG4LOCRp5VtWa4QPQQ9YEGXUd9UbbhGBlt551ZtTcDG_z-fK6iuicipbKBnbJgnxsJjME41AaZS2X737-Ji_-vGHP7o2L3EIPSgMdzClKnHJk3_EBAsmk=w72-h72-p-k-no-nu)
0 Comments