2016-02-06 - TRAFFIC ANALYSIS EXERCISE - NETWORK ALERTS AT CUPID'S ARROW ONLINE

ASSOCIATED FILES:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You recently hired on as a security analyst for Cupid's Arrow Online, the largest online retailer for novelty arrows world-wide.  Apparently, novelty arrows are lucrative enough the company can afford to staff its Security Operations Center (SOC) 24 hours a day, 7 days a week.


Shown above:  One of your employer's ads.

 

Unfortunately, it's after normal work hours, and you're the only person reviewing network events.  You silently curse your coworker Sven, who called in sick this evening.  Maybe it's for the best, though.  Strange things tend to happen whenever Sven is around.


Show above:  Sven on a good day.

 

Later, you see alerts on suspicious activity.  Time to investigate!

You identify the IP address and pull the associated traffic, along with the Snort and Suricata event logs.  You were already examining some malicious emails that made it through the spam filter, so you have those items on hand.  Finally, you retrieved a list of people on the network during the timeframe of these alerts (you might have to contact them about this activity).

 

THE REPORT

You'll need to write a report for your investigation.  The report should include:

 

ANSWERS

 

Click here to return to the main page.