In this lab, we step into the role of a cybersecurity analyst tasked with investigating a suspected breach at BookWorld, a popular online bookstore. The investigation begins after an automated alert detects unusual activity, including a spike in database queries and server resource usage, raising concerns about a potential attack. With BookWorld's reputation and customer data at stake, your objective is to analyze the captured network traffic and uncover the details of the incident.
Armed with a packet capture (PCAP) file and Wireshark, a powerful network forensics tool, you will examine HTTP requests, analyze endpoint communications, and identify suspicious patterns. This lab emphasizes hands-on investigation, guiding you through techniques to trace the attacker's actions, locate vulnerabilities, and assess the extent of the compromise.
The analysis involves identifying potential SQL injection attempts, decoding malicious payloads, and tracking HTTP POST requests to determine whether the attacker successfully infiltrated the system. Along the way, you will explore methods to detect data exfiltration, examine administrative login attempts, and investigate whether any malicious scripts were uploaded to the server.
By the end of this lab, you will have gained practical experience in network forensics, intrusion detection, and web application security analysis. You will also develop insights into post-exploitation techniques and learn how to mitigate vulnerabilities to prevent similar incidents in the future.