2016-11-19 - TRAFFIC ANALYSIS EXERCISE - A LUMINOUS FUTURE

ASSOCIATED FILES:

All ZIP files on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You're an analyst working in a Security Operations Center (SOC).  One of your coworkers is a man named Tom Tucker.  He's getting ready for the US Thanksgiving holiday.  He also looks and sounds like Tom Tucker from Family Guy.


Shown above:  Picture this guy, but as an actual human.

 

"I need to cook a turkey for Thanksgiving," he tells you.  "I wonder if I can get a good deal on deep fryer."

"I don't know," you reply.  "Do a Google search."

"Great idea!"

You look at him and ask, "You're not going to click through any questionable links, are you?"

"I think I learned my lesson last time..."

Tom goes to the break room, opens his Windows laptop, and connects to the company's Wi-Fi.  A short while later, you're reviewing network activity and notice several alerts for the Luminosity Link RAT.  You check the IP address and find those alerts all came from a Windows host that contains "Tucker" in the host name.

As you go find Tom, you keep thinking of the "bright" future he has ahead of him.

 

YOUR TASK

You have the alerts and the traffic.  After reviewing this information, you're ready to write a report to explain what happened.  The report should contain the following:

 

ANSWERS

 

Click here to return to the main page.