2018-08-12 - TRAFFIC ANALYSIS EXERCISE - SPUTNIK HOUSE
ASSOCIATED FILES:
- Zip archive of the pcap: 2018-08-12-traffic-analysis-exercise.pcap.zip 24.6 MB (24,595,844 bytes)
- Zip archive of the alerts: 2018-08-12-traffic-analysis-exercise-alerts.zip 3.2 kB (3,227 bytes)
- Zip archive of 3 emails to review: 2018-08-12-traffic-analysis-exercise-emails.zip 310 kB (309,945 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
You have alerts indicating a computer on the corporate network for sputnikhouse.org at 192.168.1.95 was infected. You have a pcap of traffic from that host during the general timeframe, and you also have a list of the alerts related to the infected. Finally, you have 3 emails with malware attachments. An attachment from one of those 3 emails infected this computer. Characteristics of your network are:
- LAN segment: 192.168.1.0/24 (192.168.1.0 through 192.168.1.255)
- Broadcast address: 192.168.1.255
- Domain controller: 192.168.1.6 (Sputnikhouse-DC)
- Domain: sputnikhouse.org
Shown above: Best I could do on a theme for this month's exercise.
YOUR TASK
Figure out which email attachment infected the computer at 192.168.1.95.
ANSWERS
- Click here for the answers.
Click here to return to the main page.