You are acting in the role of a Network Security Analyst for an organization, It has been brought to your attention suspicious activity has occured on the network and a vulnerable machined may have been attacked.
Based on the network traffic that has been captured, you are expected to write a 6000 word report on your findings including a full analysis of the PCAP file provided.
A PCAP file is provided, that can be found on Blackboard.
Topics to be discussed:
- Identify if any reconnaissance has occurred on the network
- Identify if any tool(s) or suspected tool(s) were used
- Identify if an exploit was used and if so, how the vulnerability for the exploit works? including evidence of findings
- Identify if any data was exfiltrated from the machine
- Based on your findings identify if there were any motivations behind the suspected attack and any future motivations
- If a vulnerability was identified, how would you secure against this and/or potentially a future attack(s)?
Sample Solution