Modules/Network Traffic Analysis/C2 Connections

C2 Connections

0% Complete

C2 (Command and Control) Connections refer to communication channels used by cyber attackers to remotely control compromised systems. These connections enable threat actors to execute commands, exfiltrate data, and deploy malware. Detecting C2 traffic is crucial for cybersecurity, as it helps identify and mitigate advanced persistent threats (APTs), botnets, and ransomware attacks before significant damage occurs.

1 Tasks0/15 Solved0/150 Points

Progress0%

Task 1

Exploring VoIP Security: Understanding SIP and RTP Protocols

This lab immerses you in the realm of internet-based voice communication, where Voice over Internet Protocol (VoIP) is rapidly emerging as the industry standard. As organizations and individuals increasingly adopt this technology for seamless and cost-effective communication, cyber threats targeting these systems are also on the rise.

Attackers seek to exploit vulnerabilities in VoIP infrastructure to intercept calls, manipulate data, or launch unauthorized access attempts.

This challenge, developed by Craw Security, is designed to provide an in-depth exploration of Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP)—two critical protocols that govern VoIP communication.

By analyzing their attributes, participants will gain valuable insights into how these protocols function, the potential security risks they face, and the defensive measures necessary to safeguard them against malicious activities.

0/15 solved0/150 points0%

Questions

Question 1.

Which protocol is responsible for transporting data in this network traffic?

Download file

Attempts: 0

Your answer

Question 2.

The attacker utilized a collection of scanning tools from the same suite. What is the name of this suite?

Attempts: 0

Your answer

Question 3.

Can you identify the User-Agent of the victim system from the captured traffic?

Attempts: 0

Your answer

Question 4.

Which tool was specifically used to target the extensions 100, 101, 102, 103, and 111?

Attempts: 0

Your answer

Question 5.

Which extension in the honeypot is accessible without requiring authentication?

Attempts: 0

Your answer

Question 6.

What is the total number of extensions that were scanned during the attack?

Attempts: 0

Your answer

Question 7.

A real SIP client appears in the trace. What is its corresponding User-Agent?

Attempts: 0

Your answer

Question 8.

What is the most recent 11-digit phone number dialed from extension 101 among the several real-world phone numbers?

Attempts: 0

Your answer

Question 9.

What are the default credentials used in the attempted basic authentication?

Attempts: 0

Your answer

Q10

Question 10.

Which codec is being used in the RTP stream?

Attempts: 0

Your answer

Q11

Question 11.

What is the duration of the sampling time in milliseconds for the RTP stream?

Attempts: 0

Your answer

Q12

Question 12.

What was the password for the account associated with username 555?

Attempts: 0

Your answer

Q13

Question 13.

Which RTP packet header field can be used to reorder out-of-sync RTP packets into the correct sequence?

Attempts: 0

Your answer

Q14

Question 14.

A secret hidden message is embedded in the trace. Can you hear it?

Attempts: 0

Your answer

Q15

Question 15.

Go to packet No.25 and check the packet comment and drop the last flag

Attempts: 0

Your answer

Modules/Network Traffic Analysis/C2 Connections

C2 Connections

0% Complete

1 Tasks0/15 Solved0/150 Points

Progress0%

Task 1

Exploring VoIP Security: Understanding SIP and RTP Protocols

Attackers seek to exploit vulnerabilities in VoIP infrastructure to intercept calls, manipulate data, or launch unauthorized access attempts.

0/15 solved0/150 points0%

Questions

Question 1.

Which protocol is responsible for transporting data in this network traffic?

Download file

Attempts: 0

Your answer

Question 2.

The attacker utilized a collection of scanning tools from the same suite. What is the name of this suite?

Attempts: 0

Your answer

Question 3.

Can you identify the User-Agent of the victim system from the captured traffic?

Attempts: 0

Your answer

Question 4.

Which tool was specifically used to target the extensions 100, 101, 102, 103, and 111?

Attempts: 0

Your answer

Question 5.

Which extension in the honeypot is accessible without requiring authentication?

Attempts: 0

Your answer

Question 6.

What is the total number of extensions that were scanned during the attack?

Attempts: 0

Your answer

Question 7.

A real SIP client appears in the trace. What is its corresponding User-Agent?

Attempts: 0

Your answer

Question 8.

What is the most recent 11-digit phone number dialed from extension 101 among the several real-world phone numbers?

Attempts: 0

Your answer

Question 9.

What are the default credentials used in the attempted basic authentication?

Attempts: 0

Your answer

Q10

Question 10.

Which codec is being used in the RTP stream?

Attempts: 0

Your answer

Q11

Question 11.

What is the duration of the sampling time in milliseconds for the RTP stream?

Attempts: 0

Your answer

Q12

Question 12.

What was the password for the account associated with username 555?

Attempts: 0

Your answer

Q13

Question 13.

Which RTP packet header field can be used to reorder out-of-sync RTP packets into the correct sequence?

Attempts: 0

Your answer

Q14

Question 14.

A secret hidden message is embedded in the trace. Can you hear it?

Attempts: 0

Your answer

Q15

Question 15.

Go to packet No.25 and check the packet comment and drop the last flag

Attempts: 0

Your answer