Press "Enter" to skip to content

[TMCTF] – Forensic100

Question

Given an pcap file which contains a lot of DNS traffic record. It seems the domain is so strange!


Solution:

My idea is extract all the domain out first.

output:

Second, decode it with base58.

TMCTF{DNSTunnelExfil}

Comments

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *