2022-03-21 - TRAFFIC ANALYSIS EXERCISE - BURNINCANDLE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive of the pcap: 2022-03-21-traffic-analysis-exercise.pcap.zip 4.9 MB (4,942,730 bytes)
SCENARIO
LAN segment data:
- LAN segment range: 10.0.19[.]0/24 (10.0.19[.]0 through 10.0.19[.]255)
- Domain: burnincandle[.]com
- Domain controller: 10.0.19[.]9 - BURNINCANDLE-DC
- LAN segment gateway: 10.0.19[.]1
- LAN segment broadcast address: 10.0.19[.]255
TASK
- Write an incident report based on the pcap.
- The incident report should contains 3 sections:
- Executive Summary: State in simple, direct terms what happened (when, who, what).
- Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
- Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection. SHA256 hashes if any malware binaries can be extracted from the pcap.
ANSWERS
- Click here for the answers.
Click here to return to the main page.