Can someone message me. I am stuck on 3… I see in the NTP logs where it changes but I am having a hard time figuring the time change.
Can anyone point me in the right direction for Q8, please! Do I need to crack a hash that I have found?
hey hashira, i think i use from base64 to handle this question. Hope will help you.
No, might review the packet capture again 
1 Like
This worked for me
Finally got it working in the command line - it seems when you base64 decode you need the -i flag as well - so base64 -di and for some reason you dont need to “dd conv=ascii” you can just export it from wireshark in the ebcdic format and base64 decode
so if anyone is new like to this kind of analysis, where should i start, get head on with challenges or learn something first?
Can anyone please help me to get the password of the backdoor account and for the account attacker uses to access Splunk