2021-07 - TRAFFIC ANALYSIS EXERCISE - DUALRUNNING
ASSOCIATED FILES:
- Zip archive of the pcap: 2021-07-traffic-analysis-exercise.pcap.zip 7.1 MB (7,114,765 bytes)
- 2021-07-traffic-analysis-exercise.pcap (8,644,193 bytes)
- Zip archive of the alerts: 2021-07-traffic-analysis-exercise-alerts.zip 1.6 MB (1,621,003 bytes)
- 2021-07-traffic-analysis-exercise-alerts.jpg (1,786,885 bytes)
- 2021-07-traffic-analysis-exercise-alerts.txt (2,983 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
LAN segment data:
- LAN segment range: 172.16.1.0/24 (172.16.1.0 through 172.16.1.255)
- Domain: dualrunning.net
- Domain controller: 172.16.1.2 - Dualrunning-DC
- LAN segment gateway: 172.16.1.1
- LAN segment broadcast address: 172.16.1.255
TASK
- Write an incident report based on the pcap and the alerts.
- The incident report should contains 3 sections:
- Executive Summary: State in simple, direct terms what happened (when, who, what).
- Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
- Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection. SHA256 hashes if any malware binaries can be extracted from the pcap.
ANSWERS
- Click here for the answers.
Click here to return to the main page.