2016-11-19 - TRAFFIC ANALYSIS EXERCISE - A LUMINOUS FUTURE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive with a pcap of the traffic: 2016-11-19-traffic-analysis-exercise.pcap.zip 13.6 MB (13,564,458 bytes)
- Zip archive with the alerts for this traffic: 2016-11-19-traffic-analysis-exercise-alerts.zip 368 kB (368,078 bytes)
SCENARIO
You're an analyst working in a Security Operations Center (SOC). One of your coworkers is a man named Tom Tucker. He's getting ready for the US Thanksgiving holiday. He also looks and sounds like Tom Tucker from Family Guy.
Shown above: Picture this guy, but as an actual human.
"I need to cook a turkey for Thanksgiving," he tells you. "I wonder if I can get a good deal on a deep fryer."
"I don't know," you reply. "Do a Google search."
"Great idea!"
You look at him and ask, "You're not going to click through any questionable links, are you?"
"I think I learned my lesson last time."
Tom goes to the break room, opens his Windows laptop, and connects to the company's Wi-Fi. A short while later, you're reviewing network activity and notice several alerts for the Luminosity Link RAT. You check the IP address and find those alerts all came from a Windows host that contains "Tucker" in the host name.
As you go find Tom, you keep thinking of the "bright" future he has ahead of him.
YOUR TASK
You have the alerts and the traffic. After reviewing this information, you're ready to write a report to explain what happened. The report should contain the following:
- Date and time of the activity.
- A brief description of what Tom did to infect his Windows laptop.
ANSWERS
- Click here for the answers.
Click here to return to the main page.