Remotely Administered Evil 1 and 2
link to file:
file: https://tinyurl.com/y4z72k5o
Password: hacktober
Remotely Administered Evil 1:
Briefing:
What is the name of the executable in the malicious url? Submit the filename as the flag: flag{virus.bad}.
Simply opening it up in wireshark, we can see the flag-

flag{solut.exe}
Remotely Administered Evil 2:
Briefing:
What MYDDNS domain is used for the post-infection traffic in RATPack.pcap?
Use the file from Remotely Administrated Evil.
All you need to do here is filter for dns
traffic. Because there weren't too many packets, I spotted the flag almost immediately and didn't have to filter further.

flag{solution.myddns.me}
Last updated
Was this helpful?