2017-01-28 - TRAFFIC ANALYSIS EXERCISE - THANKS, BRIAN.
- ZIP archive with a PCAP of the traffic: 2017-01-28-traffic-analysis-exercise.pcap.zip 2.6 MB (2,618,154 bytes)
All ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
The pcap contains traffic of a Windows computer getting infected with malware. The secenario is based on the image below.
Shown above: "Thanks, Brian" was meant sarcastically.
- What was the date and time of the infection?
- What is the MAC address of the infected Windows computer?
- What is the IP address of the infected Windows computer?
- What is the host name of the infected Windows computer?
- What type of malware was the computer infected with?
- What is the name of the malware that infected the user's computer?
- What exploit kit was used to infect the user's computer?
- What compromised website kicked off the infection chain of events?
MORE ADVANCED QUESTIONS:
- Before the Windows computer was infected, what did the user search for on Bing?
- Which campaign(s) used the exploit kit noted in the pcap?
- What are the indicators of compromise (IOCs) from the pcap?
- Click here for the answers.
Click here to return to the main page.