I’ve done a couple of PCAP exercises from Brad Duncan here and here. Those analyses were related to incidents dealing with exploit kits so I thought this challenge would be a fun opportunity to practice analyzing other kinds of threats.
Overall, I feel confident with the high-level findings. But I struggled to piece together some (probably key) details, even after a lot of research. Also, I didn’t author any Yara or Snort rules. (This was a second part of TekDefense’s challenge; I ended up grabbing a Yara rule from an Akamai report.)
Any feedback or tips are welcome : )
So here here’s my write-up!