There are specialistic tools that look for traces RAT leaves, but they can't catch every RAT out there. To be able to detect anomalous traffic by just looking at your packet capture, you'd first have to know very well how normal traffic looks like, so it's very hard to do it this way. There are a variaty of techniques you can use to separate malicious traffic from your usual one and investigate it even further.
I'll be trying just that on another blog where I'll be tackling the Carnage TryHackMe room!
If you read all the way very big thank you to you, if you tried to follow my intstructions I hope they weren't too convoluted!
Making this project took a lot of time and sweat and though it may seem like a lot of work for little payoff, the real gain is what we've learned along the way and researching, solving hundreds of roadblocks, tinkering and putting it all together taught me a lot!
Again, big thanks for reading, and check out my Carnage walkthrough!
Previous step Running a scenario.
Published