KEMBAR78
FRS401 Lab11 | PDF | Transport Layer Security | Computer Science
Scribd
Upload
13 views20 pages

FRS401 Lab11

The document details lab exercises related to code forensics, ransomware analysis, and tunneling, including various file types and their contents. It outlines specific IP addresses, encryption methods, and SSL/TLS protocols used during the analysis of network traffic. Additionally, it assesses server vulnerabilities and examines traces related to SSL and Heartbleed vulnerabilities.

Uploaded by

salad2266
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views20 pages

FRS401 Lab11

The document details lab exercises related to code forensics, ransomware analysis, and tunneling, including various file types and their contents. It outlines specific IP addresses, encryption methods, and SSL/TLS protocols used during the analysis of network traffic. Additionally, it assesses server vulnerabilities and examines traces related to SSL and Heartbleed vulnerabilities.

Uploaded by

salad2266
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Name: Nguyễn Dương Tùng

MSSV: SE63052
Class: IA1305

Lab 11a: Code Forensics and Ransomware


Microsoft .NET Obfuscation
ILSPY
Java Reverse Engineering
Ransomware Analysis
Additional Python Lab
File Type Contains
File01 GIF

File02 GIF

File03
File04 JPG

File05 JPG

File06 JPG

File10 ZIP File 01


File11 WAV
Flv
File12 PNG

File13 BMP
File14 AVI
File15 ZIP anim.xaml
File17 JPG

File18 PDF

File19 PSD
File20 PS
File 22
File 23 Not
Found
File 25 pdf

File 26 cab

File 27 jpx
File 28 Bmp

File 29 Exe
File 31 Ico
File 34 Midi
File 36 Mp3

File 37 Mp4
File 40 Pdf

Lab 11b: Tunnelling


Viewing details
 Your IP address: 10.1.111.74 , TCP port: 28507
 Napier’s Web server IP address: 146.176.5.23 TCP port: 443
 Right-click on the GET HTTP request from the client, and follow
 the stream:

 What does the red and blue text identify?


- Red: Get request from the Host
- Blue: Reply
 Can you read the HTTP requests that go from the client to the server? Yes
Google.com (Windows)

 Your IP address: 10.1.111.74 and TCP port: 28570


 Google’s Web server IP address and TCP port: 172.217.31.226
 Which SSL/TLS version is used:
 By examining the Wireshark trace, which encryption method is used for the tunnel:
RSA
 By examining the Wireshark trace, which hash method is used for the tunnel:

 By examining the Wireshark trace, what is the length of the encryption key: 256

 By examining the certificate from the browser is the length of the encryption key:
OpenSSL

 Which SSL/TLS method has been used: TLSv1.2


 Which encryption method is used for the tunnel: RSA
 Which hash method is used for the tunnel: SHA256
 What is the length of the encryption key: Server Temp Key: ECDH, P-384, 384
bits
 What is the serial number of the certificate:
ECA0E339B4F2B0FBFB608EEFA2E42DBF34FD8D8ACAEDF924F3681097B
E2F1DE0
 Who has signed the certificate: O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert Global Root CA

Installing HTTPS and Heartbleed


Is your server vulnerable? NO
4 Examining traces
SSL.pcap

- Client IP address and TCP port: 192.168.0.20, 2099


- Web server IP address and TCP port: 66.211.169.66, 443
- Which SSL/TLS method has been used: TLSv1
- Which encryption method is used for the tunnel: RSA Encrypted PreMaster
Secret
- What is the length of the encryption key: Encrypted PreMaster length: 128
Heart.pcap

- Client IP address and TCP port: 172.16.121.1, 64666


- Web server IP address and TCP port: 172.16.121.150, 443
- Which SSL/TLS method has been used: TLSv1.2
- Which encryption method is used for the tunnel: EC Diffie-Hellman Client Params
- What is the length of the encryption key: Pubkey Length: 65, Signature Length: 256
- Can you spot the packet which identifies the Heartbleed vulnerability? YES
IPSec.pcap

- Which is the IP address of the client and of the server:


o IP add(Client): 192.168.0.20
o IP add(Sẻver): 147.176.210.2

- Which packet number identifies the start of the VPN connection (Hint: look for UDP Port
500):
- Determine one of the encryption and hashing methods that the client wants to use:
Internet Security Association and Key Management Protocol

You might also like