It has been a while since I have posted a walkthrough and I was just thinking about this network traffic analysis challenge since I was sharing it with a friend to use for a CTF for high school students. I will be using Wireshark for the walk-through. Another possible tool to use is Network Miner. The challenge file is june2020.pcapng and there are twelve questions.

Question 1. How many ping requests were sent in the june2020.pcapng capture?

Open the packet capture and apply the following filter: “icmp.type == 8”. This filter will show all ICMP (aka ping) packets that are…


Mid-Atlantic CCDC 2013, Anne Arundel Community College Team

Author’s note: I originally published this article on LinkedIn. Since then, I have curated some competition-oriented resources on my Github site.

Participating in cybersecurity competitions is an excellent way to learn new skills and to be introduced to different areas of focus in the field. There are several types of competitions and they can be team or individual based. Quite a few are for students only, but others are open to anyone. The first time I ever competed was in the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) regional qualifiers. MACCDC is a team-based competition for college students and involves defending…


Traveling can be an adventure. It can also be a nightmare. Learning how to best navigate (pun intended!) is an essential part of making your journey more enjoyable.

I love traveling. And in fact, I’m writing this post from 43,000 feet. So far this year I’ve traveled in three continents and visited numerous countries and states. There is nothing like visiting unfamiliar places and meeting new people to open your eyes — and mind — to the world.

About You

Knowing your travel style and preferences is an important consideration when planning your trip. Are you okay with solo travel…


Image courtesy of wikipedia.org

The challenge in this walkthrough asked for the result in decimal of 4A & 2D. Competitors typically attempt a mathematical addition operation on these numbers, but that will not achieve the desired result. As per usual when I create challenges, I give a subtle clue, which in this case was the use of an ampersand versus a plus sign.

The first thing to figure out is what type of numbering system is represented. For the uninitiated, a google search of “numbering system with letters” might help identify these characters as hexadecimal. Hexadecimal (represented as 0x) is a base 16 numbering…


In this walkthrough, we will be analyzing a packet capture (PCAP) file, rogue_user.pcap. The challenge was to identify the rogue user that was created by the attacker.

My tool of choice for this type of analysis is Wireshark.

The first step I typically take when analyzing a PCAP is to take a look at the captured protocols. This is done by accessing Statistics > Protocol Hierarchy. This is intentionally a pretty pared down capture, so we only see a few protocols listed.

Statistics > Protocol Hierarchy

Note that the protocols are listed in a hierarchical fashion as the name implies, following the TCP/IP stack


dollz.jpg

This is the second in my series of cyber competition challenge walkthroughs. As I’ve mentioned previously, Capture the Flag (CTF) competitions are not just fun but also an excellent way to learn. In this post, we will step through finding metadata (data about data) in a file I created called dollz.jpg (Google drive link to the challenge file).

The challenge questions were:

  • What was the make of the camera?
  • What was the camera model name?
  • What city was the picture taken in?
  • When was the picture taken?

My analysis environment is a Kali Linux virtual machine.

Based on what was…


Capture the Flag (CTF) cyber competitions are fun and an excellent way to learn. This is the first of a series of walkthroughs on how to tackle challenges. I built this forensics-oriented modified header challenge for use in a few competitions and workshops. The challenge features a file called change (Google drive link to the challenge file). Following are steps for analyzing the file and finding the flag inside. My analysis environment is a Kali Linux virtual machine and a hex editor application on my host machine.

The file does not have an extension, and extensions can be misleading anyway…


The cybersecurity community is relatively small and very connected, and it is essential to grow and nurture a network. Who you develop relationships with can impact your chances in landing an internship, finding your dream job, or learning about a cool volunteer opportunity. It doesn’t matter what phase of your career you are in — it is never too early or too late to start making contacts. Below are some suggestions on growing your network based on my personal experience.

Elevator Pitch

Develop your personal “elevator pitch” or the 30-second summary of what you are all about. Do not be…


There is tremendous interest in launching a career in cybersecurity. Figuring out where to start is the hard part. Search “cybersecurity” in Google and you will over 97 million results. This sea of information is completely overwhelming. I have been approached for advice on the topic of how to get started many times and now that I’m on a plane for a few hours it seems like a good time to compile my thoughts.

It is no secret that we need more people in the field of cybersecurity, see One Million Cybersecurity Job Openings In 2016. Nothing has changed since…

Marcelle Lee

Security researcher, educator and business owner in the field of cybersecurity. Advocate of diversity in tech. https://marcellelee.github.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store