SteelCoffee - Traffic Analysis Exercise
Link to Exercise: https://www.malware-traffic-analysis.net/2020/04/24/index.html Scenario: segment range: 10.0.0.0/24 (10.0.0.0 through 10.0.0.255) Domain : steelcoffee.net Domain controller: 10.0.0.10 - SteelCoffee-DC LAN segment gateway: 10.0.0.1 LAN segment broadcast address: 10.0.0.25 Alerts: Q1- Which two clients are Windows hosts, and what are the associated user account names? 10.0.0.167 – GRIONXA – elmer obrian 10.0.0149 – C10SKPY – alyssa fitzgerald. After applying an SMB filter, two clients were identified as Windows hosts, specifically, "DESKTOP-C10SKPY" and "DESKTOP-GRIONXA" with IP addresses 10.0.0.149 and 10.0.0.167, respectively. To determine the associated user account names, a Kerberos filter was applied using the IP addresses of the Windows hosts. Focusing on traffic with port 88, indicative of Kerberos communication, the analysis revealed the user account names in clear text. For the Windows host with IP address 10.0.0.149, t...