You have received a call from a customer (ACME) saying that there
has been an accident at their factory and they want you to rule out
any foul play. They have provided a packet capture for you and said
that there have been many spear phishing attempts as of late
targeting their company.
This is part 1 of 6 in a packet capture analysis challenge found in
challenge.zip. The parts are numbered according to the order
that the flags can be found. (If something doesn't work, just try
elsewhere.)
Hint: "I may be the source of infection. Can you find and dissect me?"
Note: In case you are using the packet capture challenge as part of your
application please report it as you would to a customer, meaning that
the whole target audience is able to understand the contents of the report.
Your report should answer to at least following questions: What has happened?
What was the timeline of the events? What kind of information or data
have been stolen? What do you know about the attacker?
You get 50 points for this challenge.
Solvers:
no one
pcap
2018