Vlad Korolev


CodeBreaker2018 walkthrough, Task 0 Warm up

January 03, 2019


This task is really simple, all you need to do is download given capture file and analyze it with a tool like tcpdump or WireShark

Let’s use tcpdump.


The PCAP file given to us contains a dump of a single conversation. Between two hosts first with the IP address and the second with the IP address We also see that host sends out the first packet and it has a higher port number than the host So we can guess that this is a typical client server design where Ransomware reaches out to the control host first. So we make a guess that the address of command server is

So, let’s try.


Yes our guess was right.

Next let’s do Task 2

Share This Post

Comments powered by Talkyard.