TryHackMe | h4cked

Oh no! We've been hacked!

Now this is where the fun begins!

ALRIGHT! STATIONS EVERYONE.

The first part of this room asks us to download a PCAP file so we can look through the traffic in WireShark. Once we have that PCAP file lets dive right in.

The great thing about TryHackMe is that we have some sort of guidance of what we are looking for based on the questions asked. Lets take the second question for example.

“The attacker is trying to log into a specific service. What service is this?”

We can now use WireShark to our advantage and use some basic Protocol analysis to see where most of the traffic came from.