This traffic analysis exercise presents a simulated Security Operations Center (SOC) scenario where an analyst must investigate signature hits for the NetSupport Manager RAT. The activity, originating from a known malicious IP address, requires the examination of a provided packet capture (pcap) to document an incident involving an infected Windows host within a specific Active Directory environment.
Participants are tasked with extracting critical forensic data from the traffic, including the infected client's IP and MAC addresses, hostname, and specific user account details. This exercise serves as a practical challenge for honing network forensic skills and incident reporting within a controlled LAN segment environment.
Top comments (0)