2018-11-13 - TRAFFIC ANALYSIS EXERCISE - TURKEY AND DEFENCE
- Zip archive of the pcap: 2018-11-13-traffic-analysis-exercise.pcap.zip 5.7 MB (5,703,855 bytes)
- Zip archive of the alerts: 2018-11-13-traffic-analysis-exercise-alerts.zip 249 kB (249,300 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
LAN segment data:
- LAN segment range: 10.22.15.0/24 (10.22.15.0 through 10.22.15.0.255)
- Domain: geeographic.com
- Domain controller: 10.22.15.2 - Geeographic-DC
- LAN segment gateway: 10.22.15.1
- LAN segment broadcast address: 10.22.15.255
- IP address of the Windows client to investigate: 10.22.15.119
Answer the following questions:
- What was the date and time the malicious traffic started?
- What is the MAC address of the infected Windows host?
- What is the host name of the infected Windows host?
- What is the user account name used on the infected Windows host?
- What URL in the pcap returned a Windows executable file?
- What is the size of the Windows executable file from that URL?
- What is the SHA256 hash of the Windows executable file from that URL?
- What type of malware is the Windows executable returned from that URL?
- Click here for the answers.
Click here to return to the main page.