NorthLedger Financial Services has contacted your team after detecting suspicious outbound traffic from its corporate network. The SOC believes a user may have executed a malicious recruitment or vendor-portal file. You have been given a PCAP from the relevant network segment. Your task is to determine whether the organisation is compromised, identify the affected host, extract indicators and explain the likely attacker behaviour.
Haystack
| Difficulty | |
| Score | |
| Tags |
Defensive
Entry Level
|
| Completions | |
| Rating |
Defensive
Entry Level
