2015-02-15 - TRAFFIC ANALYSIS EXERCISE: FURTHER INVESTIGATION INTO THE NUCLEAR EK TRAFFIC

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

PCAP:

• 2015-02-15-traffic-analysis-exercise.pcap.zip   1.3 MB (1,284,313 bytes)

 

FIRST DECISION POINT - YOU FIND THE ALERTS FROM THE HOST'S IP ADDRESS

Here are the associated events for the malicious traffic:

 

SECOND DECISION POINT

1)  Looking through those IDS events confirmed everything!  Time to initiate established procedures and let your UK location handle this situation.

• Click here to double-check your findings.

 

2)  Still not 100 percent satisfied, are you?  People at your UK location find the computer (a Dell desktop) and perform some forensics.  They send you a zip archive of some suspicious files they found on the computer.

• Click here to get the zip archive of the suspicious file and continue your analysis.

 

Click here to exit this exercise and return to the main page.