2020-04-24 - TRAFFIC ANALYSIS EXERCISE - STEELCOFFEE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2020-04-24-traffic-analysis-exercise.pcap.zip   26.9 MB (26,903,222 bytes)

• 2020-04-24-traffic-analysis-exercise.pcap   (32,925,732 bytes)

• Zip archive of the alerts:  2020-04-24-traffic-analysis-exercise-alerts.jpg.zip   2.8 MB (2,831,584 bytes)

• 2020-04-24-traffic-analysis-exercise-alerts.jpg   (3,122,112 bytes)

 

 

SCENARIO

LAN segment data:

• LAN segment range:  10.0.0[.]0/24 (10.0.0[.]0 through 10.0.0[.]255)
• Domain:  steelcoffee[.]net
• Domain controller:  10.0.0[.]10 - SteelCoffee-DC
• LAN segment gateway:  10.0.0[.]1
• LAN segment broadcast address:  10.0.0[.]255

 

QUESTIONS

There are three clients in this month's exercise pcap.

• Which two clients are Windows hosts, and what are the associated user account names?
• Which one of these two Windows clients was infected?
• What type of malware was that Windows client infected with?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.