You received a call from a customer (ACME) saying that there has
been an accident at their factory and they want you to rule out
any foul play. They have provided a packet capture for you and
said that there have been many spear phishing attempts as of late
targeting their company.
This is part 2 of 6 in a
packet capture analysis challenge.
The pcap file can be found from the first part.
Hint: "I am the little brother. I might be cleartext, but I am not so sure about my big brother."
Note: In case you are using the packet capture challenge as part of your
application please report it as you would to a customer, meaning that
the whole target audience is able to understand the contents of the report.
Your report should answer to at least following questions: What has happened?
What was the timeline of the events? What kind of information or data
have been stolen? What do you know about the attacker?
