CyberDefenders - Series (Malware Traffic Analysis 3 - Packet Analysis)
Introduction The Digital Forensics & Incident Response (DFIR) field is one, where you must keep learning to stay current with the latest development and to keep your skills sharp. Therefore I've decided to start working on some challenges that are delivered through CyberDefenders . It's a great place to work on challenges and to keep developping yourself. The Challenge This blog describes the 'Malware Traffic Analysis 3' challenge, which can be found here . Tools used for this challenge: - NetworkMiner - Wireshark - PacketTotal - VirusTotal - Brim Write-up My write-ups follow a standard pattern, which is 'Question' and 'Methodology'. I choose this format, because it allows you to be able to follow along and try this challenge for yourself. I have choosen not to disclose the answer here, since it's also a competition and I don't want to spoil the integrity and fun of competing. Question 1 What is the IP address of the infected Window