2017-04-21 - TRAFFIC ANALYSIS EXERCISE - DOUBLE TROUBLE
- Zip archive with a pcap of infection traffic from the computer used by Marcus: 2017-04-21-traffic-analysis-exercise-marcus.pcap.zip 7.0 MB (7,013,493 bytes)
- Zip archive with a pcap of infection traffic from the computer used by Marion: 2017-04-21-traffic-analysis-exercise-marion.pcap.zip 8.5 MB (8,499,035 bytes)
- Zip archive of nine malicious emails from their joint account: 2017-04-21-traffic-analysis-exercise-malicious-emails.zip 104 kB (104,226 bytes)
All ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Marcus Dunham and Marion Dunham are brothers who work at their father's business, Dunham Hills Mortuary. They've shared everything since childhood, and that trend continued as they became adults. For example, at the mortuary, they share a joint email address named firstname.lastname@example.org.
The brothers have gotten into plenty of trouble over the years. Due to their mischievious ways, Marcus and Marion earned the knickname "Double Trouble." Accidents always happen in pairs whenever the brothers are around.
Today is no exception for "Double Trouble," because both brothers infected their computers within minutes of each other.
This presents a puzzle, because both were infected shortly after checking their joint email account. Now it's time to put your traffic analysis skills to work! You have pcaps of the infection traffic from each brother's computer. You also have 9 malicious emails that were sent to email@example.com during the past 2 to 3 weeks.
Your task? Figure out which email was used to infect which computer. After all, how hard can that be?
- Click here for the answers.
Click here to return to the main page.