Network Traffic Analysis with Security Onion
In this exercise, I investigate an incident wherein a user got compromised through a malicious email. My goal is to figure out how the computer got infected and document my findings. This malware exercise was obtained from malware-traffic-analysis.net. It contains packet capture of the incident, the incident artefacts, the incident logs and four associated emails. This blog post is sectioned under the various headings to aid clarity and understanding: Preparation, Initialization, Analysis with Kibana, Analysis with Sguil, Observation of Suspicious Emails, Analysis with Wireshark, Log Inspection, Malware Artefact Inspection and Summary.