Part A: Analysis via Wireshark
What is the hex string that triggered the IDS alert? What is its equivalent ASCII string?
What are the packet numbers (in the pcap file) that triggered the IDS alert?(Hint: Use Wireshark to search for the hex or ASCII string found in question 1)
How many individual TCP conversations exist between the attacker and the victim?(Hint: Use the Wireshark Statistic>Conversations>TCP tab to check)
What is the IP address of the victim machine?
What is the IP address of the attacker machine?
What is the 1st TCP conversation between the victim and the attacker machine? List its first Packet number starting from the TCP handshake, Source IP, Source port, Destination IP and Destination port numbers.
What is the ASCII text string sent from the attacker to the victim in the first tcp conversation?
What is the victim’s computer name and OS?
List down another significant ASCII text string sent from the attacker to the victim in the 1st tcp conversation (that looks suspiciously like a command string).
Which packet # contained the first instance of the suspicious ASCII text string in the tcp 1st conversation (as stated in Q9)?
List down the first packet # which contained the third conversation from the attacker. (Hint: Look for the start of the TCP packet immediately after the packet number identified in Q10)
Look for the embedded image file inside this conversation. What is the “file signature/magic number” of it? (Hint: Google it!)
Extract the raw data from this conversation.
Use your favorite hex editor to carve out this image file.
List down the checksum of the image file. What is this image file looks like?
How many other such images exist in this attack capture file?
Retrieve ALL of them and provide their respective checksums.
Can you find the secret password?
Based on your analysis and research, provide details on how this remote Trojan affected the victim machine, and what the attacker has done to it.
Based on your detailed analysis above, create a visual timeline analysis of important events identified for this case.
Buy Custom Answer of This Assessment & Raise Your Grades
Part B: Analysis via the IBM QRadar SIEM (5%)
1. As there is no existing QRadar SIEM rule to identify this intrusion, write a QRadar SIEM rule (or modify from an existing rule) to positively identify this intrusion and display it as an offense in the IBM QRadar SIEM console. (Hint: You may need to use a specific tool e.g. tcpreplay to replay back the captured PCAP file suspicious.pcap, in IBM QRadar SIEM to simulate the detection of this security incident)
2. On the IBM QRadar SIEM console, display the relevant visuals with the alerted malicious network traffic activities as captured.
3. Based on the offense detected, explain the Start Time, Storage Time and Log Source Time of this particular offense.
4. What is the Magnitude of this offense? Explain how you derive this rating from the Relevance, Severity and Credibility ratings.
5. Add a QRadar Note to it and suggest necessary remediation steps taken based on your investigation and analysis of this offense.
Hire a Professional Essay & Assignment Writer for completing your Academic Assessments
Native Singapore Writers Team
100% Plagiarism-Free Essay
Highest Satisfaction Rate
Free Revision
On-Time Delivery
Part C (5%) Include individual screen shots of the followings:
LinkedIn Modules certificate of completion for the recommended modules
TESSy Subject Survey completion
Stuck with a lot of homework assignments and feeling stressed ?
Take professional academic assistance & Get 100% Plagiarism free papers
The post Analysis via Wireshark- What is the hex string that triggered the IDS alert, What is its equivalent ASCII string: Cybersecurity, Assignment, SIM appeared first on Singapore Assignment Help.