This lab focuses on investigating a network capture file to uncover potential malicious activity, emphasizing key network forensics techniques and analytical methodologies. The scenario involves examining traffic patterns, identifying suspicious behavior, and correlating findings to known threat actor tactics. Through the use of tools like Wireshark, the lab explores how attackers leverage reconnaissance techniques, exploit vulnerable services, and interact with their targets using specific protocols and ports.
You will gain practical experience in filtering and analyzing network data to identify significant indicators of compromise, such as targeted ports, suspicious IP addresses, and associated geographical or organizational details. By piecing together these elements, you will learn how to trace activity back to its source and contextualize it within a broader framework of known threats and techniques.
The lab also highlights the importance of understanding network-layer interactions, including Address Resolution Protocol (ARP) communications, SMB exploitation, and Dynamic Host Configuration Protocol (DHCP) requests. By following a systematic approach to packet analysis, participants will develop critical skills for identifying potential threats and understanding the techniques used by advanced persistent threat groups.