2017-05-18 - TRAFFIC ANALYSIS EXERCISE - ANSWERS

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive with a pcap of traffic from the infected computer:  2017-05-18-traffic-analysis-exercise.pcap.zip   2.2 MB (2,169,666 bytes)
• Zip archive with the two suspicous emails:  2017-05-18-traffic-analysis-exercise-emails.zip   222.6 kB (222,613 bytes)
• Zip archive with Suricata events from the infection traffic:  2017-05-18-traffic-analysis-exercise-suricata-events.zip   569.4 kB (569,398 bytes)

ANSWERS:

• ZIP archive of a PDF document with the answers:  2017-05-18-traffic-analysis-exercise-answers.pdf.zip   440 kB (440,476 bytes)

 

FINAL WORDS

I've included an additional zip archive above with the Suricata events from using tcpreplay on the pcap in Security Onion with The Emerging Threats Pro (ETPRO).  Use that if you're having trouble figuring out what malware infected Roger's computer.

Weeks later, Roger will still get angry thinking about those malicious emails.

 

Click here to return to the main page.