2015-06-30 - TRAFFIC ANALYSIS EXERCISE

• ZIP of the traffic:  2015-06-30-traffic-analysis-exercise.pcap.zip

 

SCENARIO

You're working as an analyst at your organization's Security Operations Center (SOC).  One of the other analysts was investigating alerts on a Windows host, and the computer is infected.  That analyst retrieved a pcap of network traffic from the associated IP address.

You've been asked to review the pcap and answer the following questions:

• What is the compromised website?
• What is the exploit kit (EK) domain and IP address?
• What is the redirect URL generated by the compromised website that leads to the exploit kit?
• What is the post-infection traffic generated by the infected computer (in the pcap)?

 

 

ANSWERS

• Click here for the answers.