In this lab, we delve into a network forensics investigation to analyze a cyber attack involving the Dana Bot malware. The SOC (Security Operations Center) team has identified suspicious activity within network traffic, which reveals that a machine in the network has been compromised. This breach has led to the exfiltration of sensitive company data. As a cybersecurity analyst, your objective is to investigate the incident using a PCAP (Packet Capture) file and associated threat intelligence to uncover how the compromise occurred and to identify key details about the attack.
The lab focuses on dissecting the tactics, techniques, and procedures (TTPs) used by the attacker, including reconnaissance, initial access, execution, and persistence. You will utilize Wireshark to extract and analyze critical network artifacts, such as malicious files and communication with external servers. By deobfuscating JavaScript code and examining related artifacts, you will uncover how the malware gained a foothold in the network, executed additional payloads, and maintained its presence. This lab provides a comprehensive opportunity to practice real-world forensic skills and gain deeper insights into detecting and responding to sophisticated malware attacks.
Unlock Your Full Learning Experience with BlueYard Labs
Sign up to track your progress, unlock exclusive labs, and showcase
your achievements—begin your journey now!
Join for Free