Help needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!
Hi clermagic225
I just wanted to chime in on this to provide additional help, if possible. Kieran is correct that you should ensure that you are entering the first six characters, not only the first five.
That said, from the second screenshot you shared, it seems you are pulling this value from Packet 2540, which does not appear correct. For this, you will want to be sure you are reviewing the same packet that provided your answer to Task 6 in the lab.For the value, you should not need to dig much deeper than the results page in Wireshark, as the answer can be found within the Info tab and identified as "Key=".
I hope that this helps out π