Hello again to another blue team CTF walkthrough now for more network forensics! This is Tomcat Takeover Challenge in CyberDefenders.org.
Challenge Details:
Instructions:
• Uncompress the lab (pass: cyberdefenders.org)
Scenario:
Our SOC team has detected suspicious activity on one of the web servers within the company's intranet. In order to gain a deeper understanding of the situation, the team has captured network traffic for analysis. This pcap file potentially contains a series of malicious activities that have resulted in the compromise of the Apache Tomcat web server. We need to investigate this incident further.
#dfir #networkanalysis #brim #wireshark