Forum Discussion
kevinh
2 days agoBronze III
DFIR CTF: PCAP Challenge - Question 7
For the question
What is the XOR key used to encrypt the malware payload?
I am wondering about what I should be looking for in the WireShark, as I can't seem to find any indications of a specific key being used in the pcap file.
From the files extracted, I also did not notice any indications from the XML file as well.
Summary: I am basically super lost in where I should be digging deeper from.
1 Reply
- kevinhBronze III
As per the screenshot I have also been scrolling for any abnormal scripts as well. but did not find any leads.