Scribd Logo
Upload

Welcome to Scribd!

  • (Your Email) - Forensic Challenge 2010 - Challenge 3 - Submission Template

    Uploaded by

    Mehdi Sfar
    31 views3 pages

    Original Title

    [your email]_Forensic Challenge 2010 - Challenge 3 - Submission Template

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views3 pages

    (Your Email) - Forensic Challenge 2010 - Challenge 3 - Submission Template

    Uploaded by

    Mehdi Sfar

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    T H E H O N E Y N E T P R O J E C T® | Forensic Challenge 2010

    Challenge 3: Browsers under attack (intermediate)

    Submission Template
    Submit your solution at http://www.honeynet.org/challenge2010/ by 17:00 EST, Sunday, April 18th
    2010. Results will be released on Wednesday, May 5th 2010.

    Name (required): Email (required):


    Country (optional): Profession (optional):
    _ Student
    _ Security Professional
    _ Other

    Question 1. List the processes that were running on the victim’s machine. Which process Possible Points: 2pts
    was most likely responsible for the initial exploit?
    Tools Used:
    Awarded Points:
    Answer 1.

    Question 2. List the sockets that were open on the victim’s machine during infection. Are Possible Points: 4pts
    there any suspicious processes that have sockets open?
    Tools Used:
    Answer 2.

    Question 3. List any suspicious URLs that may be in the suspected process’s memory. Possible Points: 2pts
    Tools Used:
    Answer 3.

    The work is licensed under a Creative Commons License.


    Copyright © The Honeynet Project, 2010
    Page 1 of 3
    T H E H O N E Y N E T P R O J E C T® | Forensic Challenge 2010

    Question 4. Are there any other processes that contain URLs that may point to banking Possible Points: 4pts
    troubles? If so, what are these processes and what are the URLs?
    Tools Used:
    Answer 4.

    Question 5. Were there any files that were able to be extracted from the initial process? Possible Points: 6pts
    How were these files extracted?
    Tools Used:
    Answer 5.

    Question 6. If there was a file extracted from the initial process, what techniques did it use Possible Points: 8pts
    to perform the exploit?
    Tools Used:
    Answer 6.

    Question 7. List suspicious files that were loaded by any processes on the victim’s Possible Points: 2pts
    machine. From this information, what was a possible payload of the initial exploit be
    that would be affecting the victim’s bank account?
    Tools Used:
    Answer 7.

    The work is licensed under a Creative Commons License.


    Copyright © The Honeynet Project, 2010
    Page 2 of 3
    T H E H O N E Y N E T P R O J E C T® | Forensic Challenge 2010

    Question 8. If any suspicious files can be extracted from an injected process, do any Possible Points: 6pts
    antivirus products pick up the suspicious executable? What is the general result from
    antivirus products?
    Tools Used:
    Answer 8.

    Question 9. Are there any related registry entries associated with the payload? Possible Points: 4pts
    Tools Used:
    Answer 9.

    Question 10. What technique was used in the initial exploit to inject code in to the other Possible Points: 6pts
    processes?
    Tools Used:
    Answer 10.

    The work is licensed under a Creative Commons License.


    Copyright © The Honeynet Project, 2010
    Page 3 of 3

    You might also like