CMNatic's Ramblings Recent UK Infosec Graduate, former healthcare worker, Danny Phantom wannabe
Posts with the tag Network Forensics, :

THM Overpass 2 - A Detailed Walkthrough Entirely With TShark


Overpass 2 - Hacked, developed by NinjaJc01, is the sequel to the Overpass series, however, with a DFIR feel and approach towards it. Fortunate for me, this room doesn’t require having completed the first - although I imagine some of the story is wasted on me.

I decided to create a writeup this room in particular for a few reasons:

  • Forensics is always a welcome surprise to me
  • It’s a great practice room for people who are familiar with network forensics - whilst being approachable for people who are new.
  • A large majority of the recognised write-ups are “brain dumps” in my opinion, not explaining any logic or thought - but just stating fact. Which isn’t necessarily bad per se, but for walkthrough rooms there’s always just that bit missing.

I’ll be using TShark - or terminal Wireshark and explaining my thoughts behind the process (filter commands included!)