SlideShare a Scribd company logo

Part3- Offline traffic monitoring In this part will use a PCAP file to.docx

β€’Download as DOCX, PDFβ€’
β€’
F
farrahkur54

Part3: Offline traffic monitoring In this part will use a PCAP file to examine the network traffic (offline traffic monitoring) using three IDS tools - Snort - Suricata - Zeek The PCAP file with the name part3.pcap (attached with the project files) containing a captured network traffic for some company having a web site and 256 addresses in the range (192.168.6.0 - 192.168.6.255). The IP address for the network gateway (edge router) is ( 192.168.6.1 ) . The captured network traffic is for some period of time when an attacker started to perform intrusion against the company network. The suspicious address is 192.168.5.55, which conducted a multi-stage attack starting with reconnaissance. A kill chain representing multi-stage attack is a systematic process to target and engage an attacker to perform the desired attack. The following steps are the typical stages followed by any professional attacker. 1. Reconnaissance - Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies. 2. Weaponization - Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable. 3. Delivery - Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the Lockheed Martin Computer Incident Response Team (LM-CIRT) for the years 2004-2010, are email attachments, websites, and USB removable media. 4. Exploitation - After the weapon is delivered to victim host, exploitation triggers intruders' code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto-executes code. 5. Installation - Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. 6. Command and Control (C2) - Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. APT malware especially requires manual interaction rather than conduct activity automatically. Once the C 2 channel establishes, intruders have "hands on the keyboard" access inside the target environment. 7. Actions on Objectives - Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may.

Education
1 of 2
Part3: Offline traffic monitoring In this part will use a PCAP file to examine the network traffic (offline traffic monitoring) using three IDS tools - Snort - Suricata - Zeek The PCAP file with the name part3.pcap (attached with the project files) containing a captured network traffic for some company having a web site and 256 addresses in the range (192.168.6.0 - 192.168.6.255). The IP address for the network gateway (edge router) is ( 192.168.6.1 ) . The captured network traffic is for some period of time when an attacker started to perform intrusion against the company network. The suspicious address is 192.168.5.55, which conducted a multi-stage attack starting with reconnaissance. A kill chain representing multi-stage attack is a systematic process to target and engage an attacker to perform the desired attack. The following steps are the typical stages followed by any professional attacker. 1. Reconnaissance - Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies. 2. Weaponization - Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable. 3. Delivery - Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the Lockheed Martin Computer Incident Response Team (LM- CIRT) for the years 2004-2010, are email attachments, websites, and USB removable media. 4. Exploitation - After the weapon is delivered to victim host, exploitation triggers intruders' code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto- executes code. 5. Installation - Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. 6. Command and Control (C2) - Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. APT malware especially requires manual interaction rather than conduct activity automatically. Once the C 2 channel establishes, intruders have "hands on the keyboard" access inside the target environment. 7. Actions on Objectives - Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network. You are required to use the PCAP file to reconstruct the intrusion scenario with a description of every activity conducted by the attacker. You should show the related traffic (packets and times) to each step.
Part3- Offline traffic monitoring In this part will use a PCAP file to.docx

Recommended

Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
Β 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
Β 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
Β 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
Β 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkDefCamp
Β 
System hacking
System hackingSystem hacking
System hackingCAS
Β 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdfThasnimFathima
Β 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
Β 

Recommended

Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
Β 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
Β 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
Β 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
Β 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkDefCamp
Β 
System hacking
System hackingSystem hacking
System hackingCAS
Β 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdfThasnimFathima
Β 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
Β 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
Β 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
Β 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
Β 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docxCSEA18Arun537
Β 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
Β 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
Β 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
Β 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
Β 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
Β 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
Β 
Modul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptModul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptcemporku
Β 
System and web security
System and web securitySystem and web security
System and web securitychirag patil
Β 
what is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfwhat is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfbrijeshagarwa329898l
Β 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
Β 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
Β 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfRishikhesanALMuniand
Β 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
Β 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerIRJET Journal
Β 
Short Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine EssayShort Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine EssayMelissa Luster
Β 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
Β 
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docxPARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docxfarrahkur54
Β 
Participation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docxParticipation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docxfarrahkur54
Β 

More Related Content

Similar to Part3- Offline traffic monitoring In this part will use a PCAP file to.docx

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
Β 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
Β 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
Β 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
Β 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
Β 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
Β 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
Β 
Modul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptModul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptcemporku
Β 
System and web security
System and web securitySystem and web security
System and web securitychirag patil
Β 
what is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfwhat is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfbrijeshagarwa329898l
Β 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
Β 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
Β 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfRishikhesanALMuniand
Β 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
Β 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerIRJET Journal
Β 
Short Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine EssayShort Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine EssayMelissa Luster
Β 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
Β 

Similar to Part3- Offline traffic monitoring In this part will use a PCAP file to.docx (20)

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Β 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
Β 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
Β 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docx
Β 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Β 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
Β 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
Β 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
Β 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
Β 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14
Β 
Modul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptModul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.ppt
Β 
System and web security
System and web securitySystem and web security
System and web security
Β 
what is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfwhat is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdf
Β 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
Β 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Β 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdf
Β 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
Β 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
Β 
Short Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine EssayShort Term Effects Of Cocaine Essay
Short Term Effects Of Cocaine Essay
Β 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
Β 

More from farrahkur54

PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docxPARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docxfarrahkur54
Β 
Participation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docxParticipation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docxfarrahkur54
Β 
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docx
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docxPartners Johnny and Daniel each have capital balances of $95-000- Migu.docx
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docxfarrahkur54
Β 
Parthians- write one to two paragraphs on the significance of this ite.docx
Parthians- write one to two paragraphs on the significance of this ite.docxParthians- write one to two paragraphs on the significance of this ite.docx
Parthians- write one to two paragraphs on the significance of this ite.docxfarrahkur54
Β 
P(X-x).docx
P(X-x).docxP(X-x).docx
P(X-x).docxfarrahkur54
Β 
Overview You are required to prepare a Data Entry report which provide.docx
Overview You are required to prepare a Data Entry report which provide.docxOverview You are required to prepare a Data Entry report which provide.docx
Overview You are required to prepare a Data Entry report which provide.docxfarrahkur54
Β 
package edu-ser222-m03_02- --- - A binary search tree based impleme.docx
package edu-ser222-m03_02- --- - A binary search tree based impleme.docxpackage edu-ser222-m03_02- --- - A binary search tree based impleme.docx
package edu-ser222-m03_02- --- - A binary search tree based impleme.docxfarrahkur54
Β 
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docx
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docxP(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docx
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docxfarrahkur54
Β 
P(Z-0-86).docx
P(Z-0-86).docxP(Z-0-86).docx
P(Z-0-86).docxfarrahkur54
Β 
Overton Company has gathered the following information-Compute equival.docx
Overton Company has gathered the following information-Compute equival.docxOverton Company has gathered the following information-Compute equival.docx
Overton Company has gathered the following information-Compute equival.docxfarrahkur54
Β 
Option #1- Form Validation in JavaScript 1- In your text editor- open.docx
Option #1- Form Validation in JavaScript 1- In your text editor- open.docxOption #1- Form Validation in JavaScript 1- In your text editor- open.docx
Option #1- Form Validation in JavaScript 1- In your text editor- open.docxfarrahkur54
Β 
Over 1 million Americans make a living working for advertising and pub.docx
Over 1 million Americans make a living working for advertising and pub.docxOver 1 million Americans make a living working for advertising and pub.docx
Over 1 million Americans make a living working for advertising and pub.docxfarrahkur54
Β 
Oscar is suing John for $1000 dollars but the judge sees that their ar.docx
Oscar is suing John for $1000 dollars but the judge sees that their ar.docxOscar is suing John for $1000 dollars but the judge sees that their ar.docx
Oscar is suing John for $1000 dollars but the judge sees that their ar.docxfarrahkur54
Β 
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docx
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docxOrganizational Behavior Chapter 5 - Perception and Indigidual Decision.docx
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docxfarrahkur54
Β 
ook at the mean- median- mode- and standard deviation and describe how.docx
ook at the mean- median- mode- and standard deviation and describe how.docxook at the mean- median- mode- and standard deviation and describe how.docx
ook at the mean- median- mode- and standard deviation and describe how.docxfarrahkur54
Β 
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docx
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docxOption #1- Creating a GUI Bank Balance Application Create a simple Gr.docx
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docxfarrahkur54
Β 
Operational Metrics and Benchmarking in Healthcare- What are common op.docx
Operational Metrics and Benchmarking in Healthcare- What are common op.docxOperational Metrics and Benchmarking in Healthcare- What are common op.docx
Operational Metrics and Benchmarking in Healthcare- What are common op.docxfarrahkur54
Β 
One of the duties and functions of the joint OHS committee is to ensur.docx
One of the duties and functions of the joint OHS committee is to ensur.docxOne of the duties and functions of the joint OHS committee is to ensur.docx
One of the duties and functions of the joint OHS committee is to ensur.docxfarrahkur54
Β 
One of the deadliest heart conditions is a disturbance in heart rhythm.docx
One of the deadliest heart conditions is a disturbance in heart rhythm.docxOne of the deadliest heart conditions is a disturbance in heart rhythm.docx
One of the deadliest heart conditions is a disturbance in heart rhythm.docxfarrahkur54
Β 
Once you have all the structures working as intended- it is time to co.docx
Once you have all the structures working as intended- it is time to co.docxOnce you have all the structures working as intended- it is time to co.docx
Once you have all the structures working as intended- it is time to co.docxfarrahkur54
Β 

More from farrahkur54 (20)

PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docxPARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
PARTICIPANTS PROFILE ANSWER ABOVE MENTIONED QUESTIONS BY TAKING CARE.docx
Β 
Participation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docxParticipation is a requirement of this course- Students provide one po.docx
Participation is a requirement of this course- Students provide one po.docx
Β 
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docx
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docxPartners Johnny and Daniel each have capital balances of $95-000- Migu.docx
Partners Johnny and Daniel each have capital balances of $95-000- Migu.docx
Β 
Parthians- write one to two paragraphs on the significance of this ite.docx
Parthians- write one to two paragraphs on the significance of this ite.docxParthians- write one to two paragraphs on the significance of this ite.docx
Parthians- write one to two paragraphs on the significance of this ite.docx
Β 
P(X-x).docx
P(X-x).docxP(X-x).docx
P(X-x).docx
Β 
Overview You are required to prepare a Data Entry report which provide.docx
Overview You are required to prepare a Data Entry report which provide.docxOverview You are required to prepare a Data Entry report which provide.docx
Overview You are required to prepare a Data Entry report which provide.docx
Β 
package edu-ser222-m03_02- --- - A binary search tree based impleme.docx
package edu-ser222-m03_02- --- - A binary search tree based impleme.docxpackage edu-ser222-m03_02- --- - A binary search tree based impleme.docx
package edu-ser222-m03_02- --- - A binary search tree based impleme.docx
Β 
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docx
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docxP(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docx
P(A)+P(A)-1 is one way to express the P(A)+P(A)-1 is one way to expres.docx
Β 
P(Z-0-86).docx
P(Z-0-86).docxP(Z-0-86).docx
P(Z-0-86).docx
Β 
Overton Company has gathered the following information-Compute equival.docx
Overton Company has gathered the following information-Compute equival.docxOverton Company has gathered the following information-Compute equival.docx
Overton Company has gathered the following information-Compute equival.docx
Β 
Option #1- Form Validation in JavaScript 1- In your text editor- open.docx
Option #1- Form Validation in JavaScript 1- In your text editor- open.docxOption #1- Form Validation in JavaScript 1- In your text editor- open.docx
Option #1- Form Validation in JavaScript 1- In your text editor- open.docx
Β 
Over 1 million Americans make a living working for advertising and pub.docx
Over 1 million Americans make a living working for advertising and pub.docxOver 1 million Americans make a living working for advertising and pub.docx
Over 1 million Americans make a living working for advertising and pub.docx
Β 
Oscar is suing John for $1000 dollars but the judge sees that their ar.docx
Oscar is suing John for $1000 dollars but the judge sees that their ar.docxOscar is suing John for $1000 dollars but the judge sees that their ar.docx
Oscar is suing John for $1000 dollars but the judge sees that their ar.docx
Β 
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docx
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docxOrganizational Behavior Chapter 5 - Perception and Indigidual Decision.docx
Organizational Behavior Chapter 5 - Perception and Indigidual Decision.docx
Β 
ook at the mean- median- mode- and standard deviation and describe how.docx
ook at the mean- median- mode- and standard deviation and describe how.docxook at the mean- median- mode- and standard deviation and describe how.docx
ook at the mean- median- mode- and standard deviation and describe how.docx
Β 
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docx
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docxOption #1- Creating a GUI Bank Balance Application Create a simple Gr.docx
Option #1- Creating a GUI Bank Balance Application Create a simple Gr.docx
Β 
Operational Metrics and Benchmarking in Healthcare- What are common op.docx
Operational Metrics and Benchmarking in Healthcare- What are common op.docxOperational Metrics and Benchmarking in Healthcare- What are common op.docx
Operational Metrics and Benchmarking in Healthcare- What are common op.docx
Β 
One of the duties and functions of the joint OHS committee is to ensur.docx
One of the duties and functions of the joint OHS committee is to ensur.docxOne of the duties and functions of the joint OHS committee is to ensur.docx
One of the duties and functions of the joint OHS committee is to ensur.docx
Β 
One of the deadliest heart conditions is a disturbance in heart rhythm.docx
One of the deadliest heart conditions is a disturbance in heart rhythm.docxOne of the deadliest heart conditions is a disturbance in heart rhythm.docx
One of the deadliest heart conditions is a disturbance in heart rhythm.docx
Β 
Once you have all the structures working as intended- it is time to co.docx
Once you have all the structures working as intended- it is time to co.docxOnce you have all the structures working as intended- it is time to co.docx
Once you have all the structures working as intended- it is time to co.docx
Β 

Recently uploaded

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
Β 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
Β 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
Β 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
Β 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
Β 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
Β 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)Dr. Mazin Mohamed alkathiri
Β 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
Β 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
Β 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
Β 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
Β 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
Β 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
Β 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
Β 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
Β 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
Β 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
Β 

Recently uploaded (20)

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Β 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
Β 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
Β 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
Β 
Model Call Girl in Bikash Puri Delhi reach out to us at πŸ”9953056974πŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at πŸ”9953056974πŸ”Model Call Girl in Bikash Puri Delhi reach out to us at πŸ”9953056974πŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at πŸ”9953056974πŸ”
Β 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
Β 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
Β 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
Β 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
Β 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
Β 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Β 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
Β 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)β€”β€”β€”β€”IMP.OF KSHARA ...
Β 
Model Call Girl in Tilak Nagar Delhi reach out to us at πŸ”9953056974πŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at πŸ”9953056974πŸ”Model Call Girl in Tilak Nagar Delhi reach out to us at πŸ”9953056974πŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at πŸ”9953056974πŸ”
Β 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
Β 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
Β 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
Β 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
Β 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Β 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
Β 

Part3- Offline traffic monitoring In this part will use a PCAP file to.docx

  • 1. Part3: Offline traffic monitoring In this part will use a PCAP file to examine the network traffic (offline traffic monitoring) using three IDS tools - Snort - Suricata - Zeek The PCAP file with the name part3.pcap (attached with the project files) containing a captured network traffic for some company having a web site and 256 addresses in the range (192.168.6.0 - 192.168.6.255). The IP address for the network gateway (edge router) is ( 192.168.6.1 ) . The captured network traffic is for some period of time when an attacker started to perform intrusion against the company network. The suspicious address is 192.168.5.55, which conducted a multi-stage attack starting with reconnaissance. A kill chain representing multi-stage attack is a systematic process to target and engage an attacker to perform the desired attack. The following steps are the typical stages followed by any professional attacker. 1. Reconnaissance - Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies. 2. Weaponization - Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable. 3. Delivery - Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the Lockheed Martin Computer Incident Response Team (LM- CIRT) for the years 2004-2010, are email attachments, websites, and USB removable media. 4. Exploitation - After the weapon is delivered to victim host, exploitation triggers intruders' code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto- executes code. 5. Installation - Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. 6. Command and Control (C2) - Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. APT malware especially requires manual interaction rather than conduct activity automatically. Once the C 2 channel establishes, intruders have "hands on the keyboard" access inside the target environment. 7. Actions on Objectives - Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network. You are required to use the PCAP file to reconstruct the intrusion scenario with a description of every activity conducted by the attacker. You should show the related traffic (packets and times) to each step.