TRAFFIC ANALYSIS EXERCISES

NOTES:

• If you're new to these exercises, start from the most recent and work your way back.
• Do not start with the oldest ones first!
• Malware and malware traffic is constantly evolving, so the further back you go, the less these exercises reflect our current threat landscape.
• Also, I grew better at creating these, so the earliest ones are not as good for training.

 

EXERCISE LINKS:

• 2024-09-04 -- Traffic analysis exercise: Big Fish in a Little Pond
• 2024-08-15 -- Traffic analysis exercise: WarmCookie
• 2024-07-30 -- Traffic analysis exercise: You dirty rat!

• 2023-07 -- Crossing the Line: Unit 42 Wireshark Quiz for RedLine Stealer
• 2023-07 -- RedLine Stealer: Answers to Unit Wireshark Quiz

• 2023-04 -- Cold as Ice: Unit 42 Wireshark Quiz for IcedID
• 2023-04 -- Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID

• 2023-03 -- Finding Gozi: Unit 42 Wireshark Quiz, March 2023
• 2023-03 -- Finding Gozi: Answers to Unit 42 Wireshark Quiz, March 2023

• 2023-02 -- Unit 42 Wireshark Quiz, February 2023
• 2023-02 -- Answers to Unit 42 Wireshark Quiz, February 2023

• 2023-01 -- Unit 42 Wireshark Quiz, January 2023
• 2023-01 -- Answers to Unit 42 Wireshark Quiz, January 2023

• 2022-03-21 -- Traffic analysis exercise - Burnincandle
• 2022-02-23 -- Traffic analysis exercise - Sunnystation
• 2022-01-07 -- Traffic analysis exercise - Spoonwatch

• 2021-12-08 -- December 2021 ISC Forensic Contest
• 2021-10-22 -- October 2021 ISC Forensic Contest
• 2021-09-10 -- Traffic analysis exercise - Angry Poutine
• 2021-08-19 -- Traffic analysis exercise - Funkylizards
• 2021-07-14 -- Traffic analysis exercise - Dualrunning
• 2021-06-16 -- June 2021 ISC Forensic Contest
• 2021-05-05 -- May 2021 ISC Forensic Contest
• 2021-04-01 -- April 2021 ISC Forensic Quiz
• 2021-02-08 -- Traffic analysis exercise - AscoLimited
• 2021-01-21 -- Traffic analysis exercise - WokeMountain

• 2020-12-31 -- Traffic analysis quiz - Pcap and answers for an ISC diary
• 2020-12-03 -- Traffic analysis quiz - Pcap and info for an ISC diary
• 2020-11-13 -- Traffic analysis exercise - Quiethub
• 2020-11-10 -- Traffic analysis quiz - Pcap and info for an ISC diary
• 2020-10-22 -- Traffic analysis exercise - Omegacast
• 2020-09-25 -- Traffic analysis exercise - Trouble Alert
• 2020-09-14 -- Traffic analysis quiz - Pcap and info for an ISC diary
• 2020-08-21 -- Traffic analysis exercise - Pizza-Bender
• 2020-08-04 -- Traffic analysis quiz - Pcap and info for an ISC diary
• 2020-07-31 -- Traffic analysis exercise - Tecsolutions
• 2020-06-12 -- Traffic analysis exercise - Frank-N-Ted (What's Going On?)
• 2020-05-28 -- Traffic analysis exercise - Catbomber
• 2020-04-24 -- Traffic analysis exercise - Steelcoffee
• 2020-03-14 -- Traffic analysis exercise - Mondogreek
• 2020-02-21 -- Traffic analysis exercise - One-Hot-Mess
• 2020-01-30 -- Traffic analysis exercise - Sol-Lightnet

• 2019-12-25 -- Traffic analysis exercise - It happened on Christmas day
• 2019-12-03 -- Traffic analysis exercise - Icemaiden
• 2019-11-12 -- Traffic analysis exercise - Okay-Boomer
• 2019-10-05 -- Traffic analysis exercise - Tinsolutions
• 2019-08-20 -- Traffic analysis exercise - Badbundt
• 2019-07-19 -- Traffic analysis exercise - So hot right now
• 2019-06-22 -- Traffic analysis exercise - Phenomenoc
• 2019-05-02 -- Traffic analysis exercise - BeguileSoft
• 2019-04-15 -- Traffic analysis exercise - StingrayAhoy
• 2019-03-19 -- Traffic analysis exercise - LittleTigers
• 2019-02-23 -- Traffic analysis exercise - StormTheory
• 2019-01-28 -- Traffic analysis exercise - TimberShade

• 2018-12-18 -- Traffic analysis exercise - Eggnog Soup
• 2018-11-13 -- Two pcaps I provided for UA-CTF
• 2018-11-07 -- Traffic analysis exercise - Turkey and Defence
• 2018-10-31 -- Traffic analysis exercise - Happy Halloween!
• 2018-10-01 -- Two pcaps I provided for UISGCON CTF
• 2018-09-27 -- Traffic analysis exercise - Blank Clipboard
• 2018-08-12 -- Traffic analysis exercise - Sputnik House
• 2018-07-15 -- Traffic analysis exercise - Oh noes! Torrentz on our network!
• 2018-06-30 -- Traffic analysis exercise - Sorting through the alerts
• 2018-05-11 -- Traffic analysis exercise - Night Dew
• 2018-04-11 -- Traffic analysis exercise - Dynaccountic
• 2018-03-10 -- Traffic analysis exercise - Max Headroom
• 2018-02-13 -- Traffic analysis exercise - Office work
• 2018-01-16 -- Traffic analysis exercise - "Mars Smart"

• 2017-12-23 -- Traffic analysis exercise - Carlforce!
• 2017-12-15 -- Traffic analysis exercise - Two pcaps, two emails, two mysteries!
• 2017-11-21 -- Traffic analysis exercise - Juggling act: Find out what happened in 6 different pcaps
• 2017-10-21 -- Traffic analysis exercise - Doc Brown and Marty McFly: Back to the Present
• 2017-09-19 -- Traffic analysis exercise - Mission possible
• 2017-08-29 -- Traffic analysis pop quiz
• 2017-08-24 -- Traffic analysis exercise - Mix and Match
• 2017-07-22 -- Traffic analysis exercise - Where dreams are made
• 2017-06-28 -- Traffic analysis exercise - Infection at the Japan field office
• 2017-05-18 -- Traffic analysis exercise - Fancy that
• 2017-04-21 -- Traffic analysis exercise - Double Trouble
• 2017-03-25 -- Traffic analysis exercise - Coworker suffers March madness
• 2017-02-11 -- Traffic analysis exercise - A very special one
• 2017-01-28 -- Traffic analysis exercise - Thanks, Brian.

• 2016-12-17 -- Traffic analysis exercise - Your holiday present
• 2016-11-19 -- Traffic analysis exercise - A luminous future
• 2016-10-15 -- Traffic analysis exercise - Crybaby businessman
• 2016-09-20 -- Traffic analysis exercise - Halloween Super Costume Store!
• 2016-08-20 -- Traffic analysis exercise - Plain brown wrapper
• 2016-07-07 -- Traffic analysis exercise - Email roulette
• 2016-06-03 -- Traffic analysis exercise - Granny Hightower at Bob's Donut Shack
• 2016-05-13 -- Traffic analysis exercise - No decent memes for security analysts
• 2016-04-16 -- Traffic analysis exercise - Playing detective
• 2016-03-30 -- Traffic analysis exercise - March madness
• 2016-02-28 -- Traffic analysis exercise - Ideal versus reality
• 2016-02-06 -- Traffic analysis exercise - Network alerts at Cupid's Arrow Online
• 2016-01-07 -- Traffic analysis exercise - Alerts on 3 different hosts

• 2015-11-24 -- Traffic analysis exercise - Goofus and Gallant
• 2015-11-06 -- Traffic analysis exercise - Email Roulette
• 2015-10-28 -- Traffic analysis exercise - Midge Figgins infected her computer
• 2015-10-13 -- Traffic analysis exercise - Halloween-themed host names
• 2015-09-23 -- Traffic analysis exercise - Finding the root cause
• 2015-09-11 -- Traffic analysis exercise - A Bridge Too Far Enterprises
• 2015-08-31 -- Traffic analysis exercise - What's the EK? - What's the payload?
• 2015-08-07 -- Traffic analysis exercise - Someone was fooled by a malicious email
• 2015-07-24 -- Traffic analysis exercise - Where'd the CryptoWall come from?
• 2015-07-11 -- Traffic analysis exercise - An incident at Pyndrine Industries
• 2015-06-30 -- Traffic analysis exercise - Identifying the EK and infection chain
• 2015-05-29 -- Traffic analysis exercise - No answers, only hints for the incident report
• 2015-05-08 -- Traffic analysis exercise - You have the pcap.  Now tell us what's going on.

Click here to return to the main page.