2019-02-23 - TRAFFIC ANALYSIS EXERCISE - STORMTHEORY
ASSOCIATED FILES:
- Zip archive of the pcap: 2019-02-23-traffic-analysis-exercise.pcap.zip 15.5 MB (15,535,297 bytes)
- 2019-02-23-traffic-analysis-exercise.pcap (19,746,995 bytes)
- Zip archive of the alerts: 2019-02-23-traffic-analysis-exercise-alerts.zip 538 kB (538,479 bytes)
- 2019-02-23-traffic-analysis-exercise-alerts.jpg (649,974 bytes)
- 2019-02-23-traffic-analysis-exercise-alerts.txt (7,906 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: A meme for this month's traffic analysis exercise.
SCENARIO
LAN segment data:
- LAN segment range: 10.2.23.0/24 (10.2.23.0 through 10.2.23.255)
- Domain: stormtheory.info
- Domain controller: 10.2.23.2 - Stormtheory-DC
- LAN segment gateway: 10.2.23.1
- LAN segment broadcast address: 10.2.23.255
YOUR TASK
Answer the following questions:
- What is the IP address of the infected Windows host?
- What is the MAC address of the infected Windows host?
- What is the host name of the infected Windows host?
- What is the Windows user account name for the infected Windows host?
- What are the six URLs that returned Windows executable files to the infected Windows host?
- What are the SHA256 hashes of the six Windows executable files sent to the infected Windows host?
- Based on the IDS alerts, what type of infection (or infections) is this?
ANSWERS
- Click here for the answers.
Click here to return to the main page.