PCAP Analysis Challenge
=======================

We captured suspicious network traffic from a compromised machine.
The attacker appears to be exfiltrating data via DNS queries.

Your task: Analyze the pcap file and find the exfiltrated data.

Look for:
- Unusual DNS query patterns
- Base64-encoded data in subdomains
- The pattern: [base64].[base64].exfil.attacker.com

Tools: Wireshark, tshark, tcpdump

Note: If no pcap file is present, here's a sample of what to look for:
- DNS queries to: Rk.xh.exfil.example.com (partial base64)
- Decode and concatenate the subdomains to reveal the flag

For the actual challenge, download: suspicious_traffic.pcap