2015-06-30 - TRAFFIC ANALYSIS EXERCISE
- ZIP of the traffic: 2015-06-30-traffic-analysis-exercise.pcap.zip
SCENARIO
You're working as an analyst at your organization's Security Operations Center (SOC). One of the other analysts was investigating alerts on a Windows host, and the computer is infected. That analyst retrieved a pcap of network traffic from the associated IP address.
You've been asked to review the pcap and answer the following questions:
- What is the compromised website?
- What is the exploit kit (EK) domain and IP address?
- What is the redirect URL generated by the compromised website that leads to the exploit kit?
- What is the post-infection traffic generated by the infected computer (in the pcap)?
ANSWERS
- Click here for the answers.