- Make a simple script (one liner accepted) using the tools we saw in the Workshop to extract all of the payloads from the capture and classify the data by type ?
- … tcpflow… (loop file)…. md5sum …. classify (date)
- Based on the files collected ? can you assume specific events ?
- … download … ssh session … patch … rpm files
- If you were an attacker and you have compromised a system. How do you hide yourself ? (assuming a GNU/Linux system connected to Internet with a simple web server)
- Exercice to be done for next workshop :
** Extract all IPs, give information about the unique source and tcp services/per country/sources.