2018-08-12 - TRAFFIC ANALYSIS EXERCISE - SPUTNIK HOUSE

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-08-12-traffic-analysis-exercise.pcap.zip   24.6 MB (24,595,844 bytes)
• Zip archive of the alerts:  2018-08-12-traffic-analysis-exercise-alerts.zip   3.2 kB (3,227 bytes)
• Zip archive of 3 emails to review:  2018-08-12-traffic-analysis-exercise-emails.zip   310 kB (309,945 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You have alerts indicating a computer on the corporate network for sputnikhouse.org at 192.168.1.95 was infected.  You have a pcap of traffic from that host during the general timeframe, and you also have a list of the alerts related to the infected.  Finally, you have 3 emails with malware attachments.  An attachment from one of those 3 emails infected this computer.  Characteristics of your network are:

• LAN segment:  192.168.1.0/24 (192.168.1.0 through 192.168.1.255)
• Broadcast address:  192.168.1.255
• Domain controller:  192.168.1.6 (Sputnikhouse-DC)
• Domain:  sputnikhouse.org

 

Shown above:  Best I could do on a theme for this month's exercise.

 

YOUR TASK

Figure out which email attachment infected the computer at 192.168.1.95.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.