Professional Documents
Culture Documents
Ism Da
Ism Da
Ism Da
Q1.
a)
Aim – To an Analyse the 2019-07-19-traffic-analysis-exercise.pcap.zip file using PcapXray.
Procedure –
Step1. Install PcapXray by cloning it from GitHub
Name – Govind Maheshwari
Reg No. – 20BCE2802
Step6. Change to the PcapXray directory and show the contents of the directory:
Step9. Download the given file and then add the location in the file path by extracting it and
then analyse it.
Step12. Narrow down your view by clicking on the All button in the menu above the traffic
visualization and selecting malicious and then click visualize :
Observations : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data.
Name – Govind Maheshwari
Reg No. – 20BCE2802
b)
Aim – To Prepare an experimental report along with your observations and inferences for
Hancitor with Ficker Stealer and Cobalt Strike.
Procedure –
Step1. Download the zip file form the given location
Step3. Two URLs ending in .php that deliver a malicious Word document for Hancitor.
Step6. HTTP stream should show saveAs function followed by base64 text.
Step7. Script should show file name for the malicious Word document and refreshing the
browser to a different URL.
Step8.Using Wireshark we will export HTTP objects from the pcap
Step9. Now we will save the second entry for sickness.php from the HTTP object list.
Step10. Now we will view our saved HTML page in a web browser.
Observation : : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data.
Name – Govind Maheshwari
Reg No. – 20BCE2802
c)
Aim - To prepare an experimental report along with your observations and inferences for Part
1: Hancitor with Ficker Stealer and Cobalt Strike.
Procedure –
Step1. Traffic from part one, filtered in Wireshark using a basic web filter.
Step3. 6. Hancitor sends follow-up malware for Cobalt Strike and Ficker Stealer.
Name – Govind Maheshwari
Reg No. – 20BCE2802
Step5. Now we will create a new entry in the Decode As window to decode TCP port 1080
as HTTP.
Step8. First HTTP request for Cobalt Strike C2 traffic returned 48 bytes of data.
Observation : : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data
Name – Govind Maheshwari
Reg No. – 20BCE2802
d) C
Aim - To prepare an experimental report along with your observations and inferences for
Part 2: Hancitor C2, Cobalt Strike C2 and Send-Safe Spambot Malware.
Procedure –
Step1. Traffic from part two of our second example filtered in Wireshark using a basic web
filter.
Observation : : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data.
Name – Govind Maheshwari
Reg No. – 20BCE2802
e) C
Aim: Prepare an experimental report along with your observations and inferences for
Hancitor with Ficker Stealer, Cobalt Strike and a Network Ping Tool.
Procedure :
Step1. Traffic from the fourth pcap filtered in Wireshark using our basic web filter.
Step2. ICMP traffic from a network ping tool sent through Cobalt Strike.
Observation : : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data.
Name – Govind Maheshwari
Reg No. – 20BCE2802
f)
Aim: To prepare an experimental report along with your observations and inferences for
Hancitor with Ficker Stealer, Cobalt Strike and NetSupport Manager RAT.
Procedure :
Step1. Traffic from the fifth pcap filtered in Wireshark using our basic web filter.
Observation : : It was observed that the given file was analysed using the tools required.
Inferences :The result was successfully implemented using the given data.