2021-07 - TRAFFIC ANALYSIS EXERCISE - DUALRUNNING

ASSOCIATED FILES:

• Zip archive of the pcap:  2021-07-traffic-analysis-exercise.pcap.zip   7.1 MB (7,114,765 bytes)

• 2021-07-traffic-analysis-exercise.pcap   (8,644,193 bytes)

• Zip archive of the alerts:  2021-07-traffic-analysis-exercise-alerts.zip   1.6 MB (1,621,003 bytes)

• 2021-07-traffic-analysis-exercise-alerts.jpg   (1,786,885 bytes)
• 2021-07-traffic-analysis-exercise-alerts.txt   (2,983 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

 

SCENARIO

LAN segment data:

• LAN segment range:  172.16.1.0/24 (172.16.1.0 through 172.16.1.255)
• Domain:  dualrunning.net
• Domain controller:  172.16.1.2 - Dualrunning-DC
• LAN segment gateway:  172.16.1.1
• LAN segment broadcast address:  172.16.1.255

 

TASK

• Write an incident report based on the pcap and the alerts.

• The incident report should contains 3 sections:

• Executive Summary: State in simple, direct terms what happened (when, who, what).
• Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
• Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection.  SHA256 hashes if any malware binaries can be extracted from the pcap.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.