http://qtnes.com/tags/network-forensics/Recent content in Network-Forensics on QtnesHugoen-usFri, 17 Apr 2026 00:00:00 +0000http://qtnes.com/posts/7---the-mole---reconstructing-an-android-malware-beacon-from-a-pcap/Fri, 17 Apr 2026 00:00:00 +0000http://qtnes.com/posts/7---the-mole---reconstructing-an-android-malware-beacon-from-a-pcap/<h2 id="overview">Overview</h2> <p>The Mole was an Android malware challenge built around a single artifact: a PCAP. From that capture alone, the goal was to reconstruct the infection chain, recover the device token, derive the bot token, and finally reach the flag endpoint.</p> <p>What made this one interesting is that the network trace already contained the important pivots. The APK was not provided up front, but the traffic exposed enough structure to rebuild the dropper&rsquo;s behavior and the C2 flow.</p>