This month’s Wireshark quiz asks participants to write an incident report on the activity, as described in the February 2023 standalone quiz post. Use infected as the password to unlock the ZIP archive. Download the ZIP archive and extract the pcap. To obtain the pcap, visit our GitHub repository. As always, we recommend using Wireshark in a non-Windows environment like BSD, Linux or macOS when analyzing malicious Windows-based traffic. A list of tutorials and videos is available. We also recommend readers customize their Wireshark display to better analyze web traffic. Participants should have some basic knowledge of network traffic fundamentals. This blog utilizes a recent version of Wireshark, and we recommend at least version 3.x. Our investigation for this month’s quiz requires Wireshark. Domain Controller host name: WORK4US-DC.Details of the local area network (LAN) from the pcap follow. The pcap for this month’s Wireshark quiz is from an AD environment, and it contains real-world traffic from a simulated enterprise setting. Pcap Analysis: Follow-up Spambot ActivityĪdditional Resources Scenario, Requirements and Quiz Material Pcap, Qakbot, Qbot, spambot VNC, Wireshark, Wireshark Tutorial If you’d like to view the version without answers, please see the standalone quiz post. To get the most benefit, readers should understand basic network traffic concepts and be familiar with Wireshark. The information is ideal for security professionals who investigate suspicious network activity in an Active Directory (AD) environment, but everyone is welcome to review. This blog presents the answers for our February 2023 Unit 42 Wireshark quiz.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |