T1594 Lab
Q1) Loading Zeek logs in Brim Security. How many HTTP requests are there?
-> open all the files in Zui.
-> Right click and choose Count by field


Answer: 3667
Q2) What is the domain of the targeted website?

Answer: shop.cyberdefenders.corp
Q3) What is the tool used by the attacker to crawl the website?

Attacker IP with most requests: 165.18.197.227

Answer: Burp Suite
Q4) How many web pages the attacker was able to access?

Answer: 1483
Q5) What is the browser used by the attacker? (Format: Browser_Name Version)

Answer: Firefox 78
Q6) How many bytes are sent by the attacker?

Answer: 1380285
Last updated