Silent Signal

Description

SIV Pipeline Forensics Group 4

SilentSignal.pcap

Solution

The whole traffic seems to be in ICMP or Ping requests.

Silent_Signal.png

There's 28 almost identical ping requests...

Extract with tshark and inspect all fields

➜ tshark -r SilentSignal.pcap -T json > SilentSignal.json

The only difference is the delta time, if we convert first delta to character it's S, which is first character of flag.

Silent_Signal-1.png
➜ (tshark -r SilentSignal.pcap -T fields -e frame.time_delta | % { [char][int]$_ }) -join ''
SVBRG{tim3_tr4v3l_v1a_p1ng}

Flag: SVBRG{tim3_tr4v3l_v1a_p1ng}

PreviousRedactablesNextUSCG Admin was H@cked

Last updated