Ctrlk

Linkedin TryHackme

README
CERTIFICATIONS & notes
Writeups
- Tryhackme
Machines to pratice for
The Computer Science and Engineering program

Powered by GitBook

On this page

CERTIFICATIONS & notes
Blue Team
Defensive Security
Working with IDS/IPS

Skills Assessment - Snort

There is a file named wannamine.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to the Overpass-the-hash technique which involves Kerberos encryption type downgrading. Replace XX with the appropriate value in the last content keyword of the rule with sid XXXXXXX within the local.rules file so that an alert is triggered as your answer.

I used the ‘kerberos’ filter in Wireshark, which showed many packets including ones that mentioned PREAUTH_FAILED. Looking closer into the PA data which shows the NTML Value that is not as complex as it should be

PreviousSkills Assessment - Suricata NextSkills Assessment - Zeek

Last updated 9 days ago