2015-02-15 - TRAFFIC ANALYSIS EXERCISE: FURTHER INVESTIGATION INTO THE NUCLEAR EK TRAFFIC
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
PCAP:
- 2015-02-15-traffic-analysis-exercise.pcap.zip 1.3 MB (1,284,313 bytes)
FIRST DECISION POINT - YOU FIND THE ALERTS FROM THE HOST'S IP ADDRESS
Here are the associated events for the malicious traffic:
SECOND DECISION POINT
1) Looking through those IDS events confirmed everything! Time to initiate established procedures and let your UK location handle this situation.
- Click here to double-check your findings.
2) Still not 100 percent satisfied, are you? People at your UK location find the computer (a Dell desktop) and perform some forensics. They send you a zip archive of some suspicious files they found on the computer.
- Click here to get the zip archive of the suspicious file and continue your analysis.
Click here to exit this exercise and return to the main page.