2017-05-18 - TRAFFIC ANALYSIS EXERCISE - ANSWERS

ASSOCIATED FILES:

• Zip archive with a pcap of traffic from the infected computer:  2017-05-18-traffic-analysis-exercise.pcap.zip   2.2 MB (2,169,666 bytes)
• Zip archive with the two suspicous emails:  2017-05-18-traffic-analysis-exercise-emails.zip   222 kB (222,221 bytes)
• Zip archive with Suricata events from the infection traffic:  2017-05-18-traffic-analysis-exercise-suricata-events.zip   569 kB (568,952 bytes)

ANSWERS:

• ZIP archive of a PDF document with the answers:  2017-05-18-traffic-analysis-exercise-answers.pdf.zip   440 kB (440,476 bytes)

 

All ZIP files on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

FINAL WORDS

I've included an additional zip archive above with the Suricata events from using tcpreplay on the pcap in Security Onion with The Emerging Threats Pro (ETPRO).  Use that if you're having trouble figuring out what malware infected Roger's computer.

Weeks later, Roger will still get angry thinking about those malicious emails.

 

Click here to return to the main page.