You received a call from a customer (ACME) saying that there has
been an accident at their factory and they want you to rule out any
foul play. They have provided a packet capture for you and said
that there have been many spear phishing attempts as of late
targeting their company.
This is part 6 of 6 in a
packet capture analysis challenge.
The pcap file can be found from the first part.
Hint: "The key that unlocks me can be obtained in two ways. What can
you do now that you have the key and what is the key for anyways?"
Note: In case you are using the packet capture challenge as part of your
application please report it as you would to a customer, meaning that
the whole target audience is able to understand the contents of the report.
Your report should answer to at least following questions: What has happened?
What was the timeline of the events? What kind of information or data
have been stolen? What do you know about the attacker?
