You have received a call from a customer (ACME) saying that there
has been an accident at their factory and they want you to rule out
any foul play. They have provided a packet capture for you and said
that there have been many spear phishing attempts as of late
targeting their company.
This is part 1 of 6 in a packet capture analysis challenge found in
challenge.zip.
The parts are numbered according to the order that the flags can be found.
(If something doesn't work, just try elsewhere.)
Hint: "I may be the source of infection. Can you find and dissect me?"
Note: In case you are using the packet capture challenge as part of your
application please report it as you would to a customer, meaning that
the whole target audience is able to understand the contents of the report.
Your report should answer to at least following questions: What has happened?
What was the timeline of the events? What kind of information or data
have been stolen? What do you know about the attacker?
