2017-04-21 - TRAFFIC ANALYSIS EXERCISE - DOUBLE TROUBLE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive with a pcap of infection traffic from the computer used by Marcus: 2017-04-21-traffic-analysis-exercise-marcus.pcap.zip 7.0 MB (7,013,493 bytes)
- Zip archive with a pcap of infection traffic from the computer used by Marion: 2017-04-21-traffic-analysis-exercise-marion.pcap.zip 8.5 MB (8,499,035 bytes)
- Zip archive of nine malicious emails from their joint account: 2017-04-21-traffic-analysis-exercise-malicious-emails.zip 105.4 kB (105,434 bytes)
SCENARIO
Marcus Dunham and Marion Dunham are brothers who work at their father's business, Dunham Hills Mortuary. They've shared everything since childhood, and that trend continued as they became adults. For example, at the mortuary, they share a joint email address named dunhambrothers@dunhamhillsmortuary[.]com.
The brothers have gotten into plenty of trouble over the years. Due to their mischievious ways, Marcus and Marion earned the knickname "Double Trouble." Accidents always happen in pairs whenever the brothers are around.
Shown above: They think they're as cool as Terence Hill and Bud Spencer, but they're not.
Today is no exception for "Double Trouble," because both brothers infected their computers within minutes of each other.
This presents a puzzle, because both were infected shortly after checking their joint email account. Now it's time to put your traffic analysis skills to work! You have pcaps of the infection traffic from each brother's computer. You also have 9 malicious emails that were sent to dunhambrothers@dunhamhillsmortuary[.]com during the past 2 to 3 weeks.
YOUR TASK
Your task? Figure out which email was used to infect which computer. After all, how hard can that be?
ANSWERS
- Click here for the answers.
Click here to return to the main page.