TryHackMe! Advent of Cyber 2023 Day 2 | Log Analysis | O Data, All Ye Faithful - Walkthrough

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey what's up everyone welcome back to another video this is day two of the advert of cyber 20123 and this is going to be an interesting one for me I'm not a data analyst I don't know anything about data science really not a programmer either so let's have some fun on this one and I'm really nervous so let's see how we do and if you guys are new to the channel welcome please like subscribe and share and if there's any pointers during this walk through let me know I really appreciate it let's jump onto the desktop and have some fun all right folks so here we are on my desktop so I loaded up the VM so here we are on the story obviously I don't want to bore you guys I actually read through all of this but I'll go through the learning objectives I had to learn a few things today because this was all new territory for me so we're going to get an introduction of what data science involves I never did anything with data science so this was pretty interesting so let's actually come up here so we can see where um we're going to get a gentle and and we they promised an introduction to python they did it was pretty interesting it was pretty fun and get to work with some popular uh uh python libraries such as pandas and Matt sploit lib to Crunch uh to Crunch data and then help make honeybell establish an understanding of an Arctic crafts Network all right so from my understanding with all this there's a network here like if we open this little uh CSV up we have let's make sure this is all the way to the right so we have a packet number timestamp Source destination and protocol excuse me so you know you're going to learn a little bit about data science 101 I'm sure you guys can read all this and the rule and the description of data collection data processing Data Mining and you know so on and so forth and then the most important thing here is because this is the advert of cyber so it's cyber security data science and cyber security this is pretty interesting when I saw this I was like super intrigued and I knew this was way out of my wheelhouse but sorry let me get a drink so man my throat so um so data science and cyber security so you can um you know other uses of data science and cyber security include obviously Sims you know you can do some data Collections and correlation with large amounts of data data threat I mean uh threat Trend analysis excuse me and so on and so forth right so then we have introduction of juniper notebooks I never used Juniper notebooks in my life so this was pretty intriguing and so act like an interpreter so just like Hello World in Python it'll print out hello world it was pretty cool I tinkered with it but obviously in this video we're just going to get straight to the meat and potatoes right there's the Practical this is what I'm talking about the Python 3 crash course and if you come into your little uh folder here when you when you load up your machine you can see the introduction to Python and then you can open up this crash course and the crash here we go Let's uh close this out you can see the introduction to uh the crash course and you can go read a read along and learn you know a bunch of fun things and I I I did that just before we started this uh video so I had to familiarize myself with it because this was all far into me so obviously we know what python is and it's you know a high level programming language you can do web development Gabe development exploitation um development in cyber security desktop application development Ai and data science all right so let's just keep coming down you can see the variables right here you know the label equals data so it's pretty it's pretty easy if you know for me it's a little it was a little foreign but I got through it and uh let's see when we actually have to do the test right I think that's that's the main thing so as you see you can see the serious and the data frames and so on and so forth I just read through this walkth through you can see the walkthrough right here it gives you a little cheat sheet all right so above we'll create a new variable DF for the data frame so to start a data frame using the list for an example his name his age his country and you can see a little bit of the example right here and so on and so forth right let's just get into the meat potatoes so we have a Capstone here so let's go back to the the little folder here we can go back up a directory Capstone right here and then we have this uh this file which is the network traffic what is it called Network traffic yeah. CSV so we have packet number uh timestamp Source destination and protocol okay so once we open up the workbook let's go ahead and close this out we have our workbook right here and I was tinkering with this so I want to go ahead and make sure I go ahead and uh restart the kernel and clear any outputs for all the cells let's go ahead and make sure we're starting from a clean slate right I didn't answer anything yet because I don't know what I'm doing so hopefully we can uh yeah we we already did the number one so the number two here is how many packets were captured looking at the Port I mean the packet number so if we hit the hint I know I'll be hinting a lot so use the um you can use the count function remember the data frame that contains the packet capture is called DF okay I think I get a gist so let's go ahead and go to introduction so number one here uses pandas to group and analyze the data in Source destination and protocol apply these function as sum average and size to just uh to describe uh and describe to this grouping okay let me go back up let me make sure I read this because I don't want to do anything silly uh this packet capture requires libraries imported for you so pan this PD and then the packet capture the network okay so make sure you press shift plus enter on every cell with within this notebook okay if you modify the code in your cell you need to rerun okay cool deal that's good to know highlight that folks because I'm sure everyone will probably just hit enter and get an error like me okay so here we go okay so let's go ahead and uh do shift enter on every cell bada bing we got a little one all right so let's go ahead and do shift enter here all right so what this is doing it's importing only five right because the head five uh count is five so 1 2 3 4 five so packet number one time stamp Source destination protocol okay fair enough all right so now this is where the fun begins here you'll need to use Panda count function on okay on the data frame remember it's DF right if I remember correctly for an example data frame. count remember the data frame is in a notebook called DF not data frame all right so if I if I'm reading this correctly I can just do DF docu n n t and then shift plus enter and oh oh snap so packet count 100 I feel a little smart this is pretty interesting all right so let's do is it 100 I'm assuming let's see oh snap one for one let's see let's keep going I don't want to get too cocky because I probably get stuck with my dumb ass all right so let's go ahead and do question three here here you can perform a group by with let's see pandis size function on the source and destination columns okay remember the frame blah blah yep I know that the click on the hand on if you if you get stuck I'm not going to hit the hint here let's see if we can try to figure this out for an example dataframe do group by colon name size okay so I'm just going to go ahead and what is the question what is the IP sent what IP sent the most amount of traffic during the packet capture so what IP address all right so we know we need to get IP addresses right so uh let's see let's go can we come up so groupy right so I'm just going I'm just going to cheat a little bit right so let's do DF right and it's going to be group by hopefully this is if I understand this correctly so this whoops and then we come in here and then we can do whoops uh that that all right and then boom boom and then the column name right so what was in the question I don't remember what is the it sent the most so if it's sent it's going to be it says source and destination right s source and destination so I'm saying Source here by Source right and then all right so do size because that's what I'm just going by what it says there all right like I said this is all new to me folks so don't think I'm some genius CU I'm far from a genius right so size let's just hit enter here let's see what I say don't it's shift enter okay so what do we got here 1 do 10.10 all right so what is the question what is this the most so if we look here the most is going to be 101015 let's see if I'm right I don't know 15 let's see nope wait the most that four oh my God why did I say 15 maybe because I looked at 15 that's why probably let's see that was right all right cool oh snap what is that two for two damn all right so now the last question here oh I went too far all right so let's come down here all right question number four uh what was the what was the most frequent Pro protocol what was the most frequent protocol and I'm not sure what that really means what is the most frequent protocol let's all right you can use the same Val you can use the value counts on the on the appropriate column remember we are counting how many values there are in the prodical column all right so what if I um copied this can I copy this let's do copy and let's come down here and paste all right let's can I just do control+ v no paste whoa what did I do holy smokes all right yeah so right there okay so I'm trying to think what let me let me hit the hint cuz I do need a hint now you can use the value count the DAT remember the count protocal UK value okay so now we just need to do value counts okay column value okay all right I think we're I think I'm on to something all right so d. sortore values right let's see shift enter oh wait wait wait I'm sorry but we have to sort this the column here has to be protocols not sources that's my B that's my bed Pro toal oh Jesus oh snap all right so that's pretty cool values okay so DNS so it's the most so the most 24 is icmp which is Ping icmp please be right oh Jesus holy moly we completed I don't even know how I did this but this is definitely I'll probably have to do this again to really have this you know stick in my brain but obviously I just follow the methodology and just followed what I was learning in here I did learn this day I did learn a lot of things so thank you so much try hack me for providing this this advert of cyber 2023 and we did complete day two so thank you and I'll see you guys in day three

Info

Channel: InfoSec Pat

Views: 3,011

Rating: undefined out of 5

Keywords: advent of cyber 2023, tryhackme AoC 2023, infosec pat, tryhackme advent of cyber 2023, tryhackme tutorial, tryhackme review, tryhackme walkthrough, tryhackme openvpn, walkthrough eminem, walkthrough games, Day 2 AoC 2023 tryhackme, advent of cyber 2022, capture the flag

Id: YbFqW2pjcrQ

Channel Id: undefined

Length: 14min 21sec (861 seconds)

Published: Sat Dec 02 2023