Posts

SteelCoffee - Traffic Analysis Exercise

-
Image
 Link to Exercise:  https://www.malware-traffic-analysis.net/2020/04/24/index.html Scenario: segment range:  10.0.0.0/24 (10.0.0.0 through 10.0.0.255) Domain :  steelcoffee.net Domain controller:  10.0.0.10 - SteelCoffee-DC LAN segment gateway:  10.0.0.1 LAN segment broadcast address:  10.0.0.25 Alerts: Q1- Which two clients are Windows hosts, and what are the associated user account names? 10.0.0.167 – GRIONXA – elmer obrian 10.0.0149 – C10SKPY – alyssa fitzgerald. After applying an SMB filter, two clients were identified as Windows hosts, specifically, "DESKTOP-C10SKPY" and "DESKTOP-GRIONXA" with IP addresses 10.0.0.149 and 10.0.0.167, respectively. To determine the associated user account names, a Kerberos filter was applied using the IP addresses of the Windows hosts. Focusing on traffic with port 88, indicative of Kerberos communication, the analysis revealed the user account names in clear text. For the Windows host with IP address 10.0.0.149, t...
Post a Comment
Read more

BeguileSoft - Traffic Analysis Exercise

-
Image
    2019-05-02 MALWARE TRAFFIC ANALYSIS ANSWER WITH EXPLANATION Note - Drop a comment if you require the pcap file. In order to follow the community guidelines I cannot post the link here. Executive summary On 2019-05-02 at 21:36 UTC, a Windows host used by Adriana Breaux was infected with Hawkeye Keylogger.
Post a Comment
Read more