
Showing posts from October, 2015

Global Cyberlympics Finals 2015 Write-up - Tracker.7z

Hi all , It has been a while since I updated this blog. Just want to share one of the challenges my team solved at the Cyberlympics finals held in Washington DC, USA. Tools used : wireshark, chaosreader, vncviewer, tightVNC, online QR code scanner. We were given a zipped pcap file - tracker.7z and asked to analyse it as it contains some information about a meeting location for a suspect in the whole storyline. We were to get the location of the meeting. Well, we loaded the pcap into wireshark to have a first look at it. Screenshot below: From the screenshot above, one can notice the VNC protocol being used during the capture, probably the suspect communicated with a remote person via VNC. So we need to reassemble the VNC session and see if that gives us any valuable information. A tool of choice, or probably the only tool I know that can do this is Chaosreader  by Brendan G. Gregg.   An index.html file is generated after run with chaosreader. Th...