2017-10-21 - TRAFFIC ANALYSIS EXERCISE - DOC BROWN AND MARTY MCFLY: BACK TO THE PRESENT

ASSOCIATED FILES:

• Zip archive of the pcap:  2017-10-21-traffic-analysis-exercise.pcap.zip   5.0 MB (4,986,047 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

INTRODUCTION

Doc Brown and Marty McFly have returned from another trip to the future.  Turns out that DeLorean was running Windows 10, and some strange traffic came up.

Shown above:  Doc and Marty realizing the DeLorean ran Windows 10.

 

YOUR TASK

Review the pcap and document any malicious traffic. Any incident report should include:

• Date, start time, and end time of the malicious activity in UTC (GMT).
• IP address of the Windows host from in the pcap.
• Mac address of the Windows host in the pcap.
• Host name for the Windows host in the pcap.
• What type(s) of malicious activity were noted.
• Indicators of the malicious activity (IP addresses, domain names, file hashes, etc).
• A summary of what happened.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.