During FAUST CTF 2022 there were one service called Ghost which was sending SYN to the vulnbox.
This could be spotted using WireShark.
This is hard to solve as we mostly don't want to bloat Tulip, but maybe something could be done to represent "incomplete TCP flows and UDP" data from PCAPs inside Tulip?
During FAUST CTF 2022 there were one service called Ghost which was sending SYN to the vulnbox. This could be spotted using WireShark.
This is hard to solve as we mostly don't want to bloat Tulip, but maybe something could be done to represent "incomplete TCP flows and UDP" data from PCAPs inside Tulip?