Posts Tagged ‘ honeynet ’

Writeup about my submission to the latest Honeynet Challenge!

Edit: I won the challange! 🙂

The Winners:

  1. William Soderberg (Sweden) – William’s submission – Sha1: 14ec42dcd24162d2e536f5c84820240cb521cad4
  2. Nikunj Shah(USA) – Nikunj’s submission – Sha1: 950aa99eec3b7663ee9f415826e0dfcfe43ab4ac
  3. David Bernal Michelena (Mexico)- David’s submission – Sha1: 58fc0cfeac54cf9fdc490b22b4b5e0e8ed7e92db

End of edit.

A few weeks ago I’ve learned that Honeynet Project had created a new challenge. Link here.

Challenge 5 – Log Mysteries – (provided by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, Sebastien Tricaud from the French Chapter) takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to a virtual server using all the logs from a possibly compromised server.

I totally felt like this would be a very good way to learn something and so I jumped at the opportunity. The deadline has passed and so I’ve done a writeup of how I analyzed the log files and came to certain conclusions. I figured it was a good way to spread knowledge and also get some criticism. I would really love if someone at least skimmed through my writeup (links below) and told me whether I did a decent job or not.

I’m releasing this now because the deadline for the challenge has passed. Though the submissions doesn’t seem to be closed yet, I don’t care. I did this to learn and not to win some prize.

I created this document while I worked on the challenge and I’ve edited it afterwards. So the grammar might be a bit odd. Sometimes it might be in present tense and sometimes not so present tense. I hope I’ve edited it enough so you won’t find it a pain to read.

Forensics Challange 2010 writeup by wh1sk3yj4ck.doc
Forensics Challange 2010 writeup by wh1sk3yj4ck.odt