Phishcap - part 1

You have received a call from a customer (ACME) saying that there has been an accident at their factory and they want you to rule out any foul play. They have provided a packet capture for you and said that there have been many spear phishing attempts as of late targeting their company.

This is part 1 of 6 in a packet capture analysis challenge found in The parts are numbered according to the order that the flags can be found. (If something doesn't work, just try elsewhere.)

Hint: "I may be the source of infection. Can you find and dissect me?"

Note: In case you are using the packet capture challenge as part of your application please report it as you would to a customer, meaning that the whole target audience is able to understand the contents of the report. Your report should answer to at least following questions: What has happened? What was the timeline of the events? What kind of information or data have been stolen? What do you know about the attacker?

You get 50 points for this challenge.

Solvers: no one

pcap 2018

← Back to challenges