2017-10-21 - TRAFFIC ANALYSIS EXERCISE - DOC BROWN AND MARTY MCFLY: BACK TO THE PRESENT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2017-10-21-traffic-analysis-exercise.pcap.zip   5.0 MB (4,986,047 bytes)

 

INTRODUCTION

Doc Brown and Marty McFly have returned from another trip to the future.  Turns out that DeLorean was running Windows 10, and some strange traffic came up.

Shown above:  Doc and Marty realizing the DeLorean ran Windows 10.

 

YOUR TASK

Review the pcap and document any malicious traffic. Any incident report should include:

• Date, start time, and end time of the malicious activity in UTC (GMT).
• IP address of the Windows host from in the pcap.
• Mac address of the Windows host in the pcap.
• Host name for the Windows host in the pcap.
• What type(s) of malicious activity were noted.
• Indicators of the malicious activity (IP addresses, domain names, file hashes, etc).
• A summary of what happened.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.