Malware Traffic Analysis 2 is a blue team lab that falls under the Network Forensics category and will cover the following subjects: Wireshark, Brim, NetworkMiner, suricatarunner, suricata.rules, Initial Access, Execution, Command and Control.
Learning Objectives
Reconstruct an exploit kit attack chain from network traffic, identifying the infected host, extracting malware, and determining the exploited CVE using Wireshark and forensic tools.
Categories: Network Forensics.
MITRE ATT&CK Tactics: Initial Access, Execution, Command and Control.