2018-09-27 - TRAFFIC ANALYSIS EXERCISE - BLANK CLIPBOARD

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-09-27-traffic-analysis-exercise.pcap.zip   17.1 MB (17,086,611 bytes)
• Zip archive of the two emails:  2018-09-27-traffic-analysis-exercise-both-emails.zip   4.6 kB (4,594 bytes)

 

SCENARIO

This month's exercise is very sparse, secenario-wise.  You have a pcap with a Windows host getting infected.  You also have two emails.  Your job is to figure out which one of the two emails kicked off the infection traffic in the pcap.

Unlike the past few exericses, I'm not including information on the LAN segment.  You'll have to figure that one out on your own.  It's almost like someone's handed you a clipboard of information about the infection, but it only contains bank pages.

 

Shown above:  A clipboard with blank pieces of paper?  That's no help at all!

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.