2018-11-07 - TRAFFIC ANALYSIS EXERCISE - TURKEY AND DEFENCE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-11-07-traffic-analysis-exercise.pcap.zip   5.7 MB (5,703,784 bytes)
• Zip archive of the alerts:  2018-11-07-traffic-analysis-exercise-alerts.zip   250 kB (249,692 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

LAN segment data:

• LAN segment range:  10.22.15[.]0/24 (10.22.15[.]0 through 10.22.15[.]255)
• Domain:  geeographic[.]com
• Domain controller:  10.22.15[.]2 - Geeographic-DC
• LAN segment gateway:  10.22.15[.]1
• LAN segment broadcast address:  10.22.15[.]255
• IP address of the Windows client to investigate:  10.22.15[.]119

Answer the following questions:

• What was the date and time the malicious traffic started?
• What is the MAC address of the infected Windows host?
• What is the host name of the infected Windows host?
• What is the user account name used on the infected Windows host?
• What URL in the pcap returned a Windows executable file?
• What is the size of the Windows executable file from that URL?
• What is the SHA256 hash of the Windows executable file from that URL?
• What type of malware is the Windows executable returned from that URL?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.