2018-11-13 - TRAFFIC ANALYSIS EXERCISE - TURKEY AND DEFENCE

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-11-13-traffic-analysis-exercise.pcap.zip   5.7 MB (5,703,784 bytes)
• Zip archive of the alerts:  2018-11-13-traffic-analysis-exercise-alerts.zip   249 kB (249,300 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

LAN segment data:

• LAN segment range:  10.22.15.0/24 (10.22.15.0 through 10.22.15.0.255)
• Domain:  geeographic.com
• Domain controller:  10.22.15.2 - Geeographic-DC
• LAN segment gateway:  10.22.15.1
• LAN segment broadcast address:  10.22.15.255
• IP address of the Windows client to investigate:  10.22.15.119

Answer the following questions:

• What was the date and time the malicious traffic started?
• What is the MAC address of the infected Windows host?
• What is the host name of the infected Windows host?
• What is the user account name used on the infected Windows host?
• What URL in the pcap returned a Windows executable file?
• What is the size of the Windows executable file from that URL?
• What is the SHA256 hash of the Windows executable file from that URL?
• What type of malware is the Windows executable returned from that URL?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.