2015-06-30 - TRAFFIC ANALYSIS EXERCISE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

TRAFFIC:

• 2015-06-30-traffic-analysis-exercise.pcap.zip   1.2 MB (1,241,381 bytes)

 

SCENARIO

You're working as an analyst at your organization's Security Operations Center (SOC).  One of the other analysts was investigating alerts on a Windows host, and the computer is infected.  That analyst retrieved a pcap of network traffic from the associated IP address.

You've been asked to review the pcap and answer the following questions:

• What is the compromised website?
• What is the exploit kit (EK) domain and IP address?
• What is the redirect URL generated by the compromised website that leads to the exploit kit?
• What is the post-infection traffic generated by the infected computer (in the pcap)?

 

 

ANSWERS

• Click here for the answers.