Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
WolvCTF Forensics: Log Analysis Writeup - Aleyna Doğan

WolvCTF Forensics: Log Analysis Writeup

CTF link.

Hi there incident responder. So we have this company that was breached sometime last week, but their SOC team only keeps HTTP request logs 🙁 We took down all of our wolvsecsolutions websites as a precaution.

Maybe there’s still a way to figure out what happened? Why did they click on a suspicious link? Somebody told me there’s a flag on the link now?

We parse logs containing the keyword wolvsecsolutions. You can use an editor to do this. I used sublimetext. (Ctrl+L to get the selected keywords as a complete row)

Here I delete frequently used hosts for example dev.wolvsecsolutions.

One of the remaining hosts draws our attention.

wctf{ph1sh3r5_l0v3_c0py1ng_d0m41n_n4m35}

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir