Forum Discussion
Help needed for Threat Hunting: Mining Behaviour
- 8 months ago
Hi clermagic225
I just wanted to chime in on this to provide additional help, if possible. Kieran is correct that you should ensure that you are entering the first six characters, not only the first five.
That said, from the second screenshot you shared, it seems you are pulling this value from Packet 2540, which does not appear correct. For this, you will want to be sure you are reviewing the same packet that provided your answer to Task 6 in the lab.For the value, you should not need to dig much deeper than the results page in Wireshark, as the answer can be found within the Info tab and identified as "Key=".
I hope that this helps out 😊
KieranRowleyMaxCucchiThank you for the help! Yeap, I managed to solve it now. I was looking at the wrong packet for the whole time (i.e. the authentication token rather than the one with the embedded miner). Appreciate the help.