2020-11-13 - TRAFFIC ANALYSIS EXERCISE - QUIETHUB
- Zip archive of the pcap: 2020-11-13-traffic-analysis-exercise.pcap.zip 6.8 MB (6,842,297 bytes)
- 2020-11-13-traffic-analysis-exercise.pcap (9,071,924 bytes)
- Zip archive of the alerts: 2020-11-13-traffic-analysis-exercise-alerts.zip 2.9 MB (2,920,364 bytes)
- 2020-11-13-traffic-analysis-exercise-alerts.jpg (3,246,604 bytes)
- 2020-11-13-traffic-analysis-exercise-alerts.txt (8,840 bytes)
- Zip archive of the alerts: 2020-11-13-traffic-analysis-exercise-forensic-investigation.zip 2.7 MB (2,671,800 bytes)
- Note: This contains malware/artifacts from the infected host's C:\ drive.
- Listing the contents here would give away some of the answers.
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
LAN segment data:
- LAN segment range: 192.168.200.0/24 (192.168.200.0 through 192.168.200.255)
- Domain: quiethub.net
- Domain controller: 192.168.200.10 - Quiethub-DC
- LAN segment gateway: 192.168.200.1
- LAN segment broadcast address: 192.168.200.255
- Write an incident report based on the pcap and the alerts.
- The incident report should contains 3 sections:
- Executive Summary: State in simple, direct terms what happened (when, who, what).
- Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
- Indicators of Compromise (IOCs): SHA256 hashes and details of the malware and/or artifacts, IP addresses, domains and URLs associated with the infection.
- Click here for the answers.
Click here to return to the main page.