Skip to content

Latest commit

 

History

History

training_pcaps

Training PCAPs

Sometimes you just a need to analyze some network traffic that exhibits specific characteristics - these PCAPs are intended for just that. Capture filters are applied as appropriate to limit the scope of the network traffic and are implied by the port description with each capture. Please note that some of these PCAPs may include traffic from malicious sources, such as the download of malicious files, so handle accordingly.

The password for the zipped PCAP files is: infected

  • Portable Executable (PE) file downloaded with PowerShell (Invoke-WebRequest) over HTTP (port 80). The file downloaded is malware.
    -> pe_powershell_port80.zip

  • Reversed Portable Executable (PE) file downloaded with CURL over HTTP (port 80). Two files are downloaded with .png and .jpg extensions. The files downloaded are malware.
    -> reverse_pe_curl_port80.zip


  • Reversed Portable Executable (PE) file downloaded with PowerShell (Invoke-WebRequest) over HTTP (port 80). The file downloaded has a .jpg extension. The file downloaded is malware.
    -> reverse_pe_powershell_port80.zip