2016-08-20 - TRAFFIC ANALYSIS EXERCISE - PLAIN BROWN WRAPPER
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive with a pcap of the traffic: 2016-08-20-traffic-analysis-exercise.pcap.zip 2.3 MB (2,270,851 bytes)
SCENARIO
I had a hard time coming up with another training scenario, and I wanted to get another traffic analysis exercise out before the end of the month. So this one won't have a scenario. It's a traffic analysis exercise in a plain brown wrapper.
Shown above: A sign I made for this traffic analysis exercise.
You have a pcap of infection traffic. Your task? Figure out what happened. A proper write-up includes:
- IP address of the Windows computer that was infected.
- MAC address of the Windows computer that was infected.
- Host name of the Windows computer that was infected.
- A description of what happened.
- Any indicators of compromise (IOCs) from the traffic (IP addresses & domain names)
ANSWERS
- Click here for the answers.
Click here to return to the main page.