2016-08-20 - TRAFFIC ANALYSIS EXERCISE - PLAIN BROWN WRAPPER
- ZIP archive with a PCAP of the traffic: 2016-08-20-traffic-analysis-exercise.pcap.zip 2.3 MB (2,270,851 bytes)
All ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
I had a hard time coming up with another training scenario, and I wanted to get another traffic analysis exercise out before the end of the month. So this one won't have a scenario. It's a traffic analysis exercise in a plain brown wrapper.
Shown above: A sign I made for this traffic analysis exercise.
You have a pcap of infection traffic. Your task? Figure out what happened. A proper write-up includes:
- IP address of the Windows computer that was infected.
- MAC address of the Windows computer that was infected.
- Host name of the Windows computer that was infected.
- A description of what happened.
- Any indicators of compromise (IOCs) from the traffic (IP addresses & domain names)
- Click here for the answers.
Click here to return to the main page.