2018-01-18 - TRAFFIC ANALYSIS EXERCISE - "MARS SMART"
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive of the pcap: 2018-01-16-traffic-analysis-exercise.pcap.zip 77 kB (77,333 bytes)
SCREENPLAY
EDWARD and CAROL are flush with money from several high-profile investors. Unfortunately, their original business proposal fell apart. They're currently brainstorming ideas for a new company.
You know, if humans ever set foot on the planet Mars, we'll need to be smart about it.
Go on...
I propose we start a business called "Mars Smart" that targets astronauts and anyone who intents to visit the red planet.
That doesn't seem like a very good business idea.
But I've already made a sign for it. Just look at this!
That says "Mars Mart" dot com, not "Mars Smart" dot com. And it's on a piece of cardboard, you big dummy!
EDWARD scratches his head sheepishly.
I probably should've checked with you before I had our IT department set up the company network.
CAROL wonders what other blunders EDWARD has made.
YOUR TASK
Based on the pcap, figure out what other blunder Edward has made. Do a quick incident report that includes the following info:
- Date and start time of the malicious activity in UTC (GMT).
- IP address of the affected Windows host.
- Mac address of the affected Windows host.
- Host name of the affected Windows host.
- User account name on the affected Windows host.
- A short summary of what happened.
ANSWERS
- Click here for the answers.
Click here to return to the main page.