Getting Started with Dynamic Analysis using Wireshark
Scenario: You are given a task to analyze a pcap file from a suspected endpoint. Extract as much data from the file as possible if there is any indicator of compromise.
Question 1: Is there any suspicious IP addresses or domains?
Question 2: Can you identify the destination port?
Question 3: How can you prove that the network artifacts are malicious?
#note: Use a separate isolated machine to perform this task.