Wireless Security Assignment
Overview
Wireshark is a network sniffer and analyser tool which can be used by IT administrators, developers, hackers, incident response or security researchers to capture and analyse wired or wireless traffic. This allows you to "see" all traffic that is sent and received when computers interact with one another. A few examples of this include downloading a file from the Internet, logging into your online banking account or watching a video on YouTube.
Learning how to use this tool and identify certain types of traffic is an extremely valuable skill and is essential in the security industry, especially for penetration testers and incident response.
You can find more information and resources on Wireshark from their official site.
Case Background
Top Gear Industries is a small IT company that specializes in creating electronic devices and IoT (Internet of Things) devices for automotive vehicles. Such examples of their work include an embedded device named "Sea Slug" that records fuel consumption and uploads this data to the cloud for analysis or "Rainbow Fish" which is an informative heads up display rear view mirror.
Recently the CEO held a major press conference and informed the public that they have been working on a secret project which they claim will "revolutionize the automotive industry and leave all their competitors behind in a trail of dust". The media interviewed CEO's from other competitors similar to Top Gear Industries and they all showed genuine interest and were concerned that this product could put them out of business.
As you could imagine, a statement of this nature from Top Gear Industries could put the company at increased risk from cyber-attacks or industrial espionage.
Incident Information
The Head of Engineering at Top Gear Industries discovered that the schematics for their new project, codenamed "swordfish" had been mysteriously deleted and replaced with a digital calling card. They also discovered that a number of servers were infected with malware. To make matters worse, all log files on the affected servers were deleted. Fortunately, Top Gear Industries had installed an advanced Wireless Intrusion Detection System (WIDS) just for the Engineering Department which collects all wireless traffic and saves it in a secure location for further analysis. Upon further analysis it was discovered that the WIDS was not involved in the attack and was not compromised.
While the Engineering Department started cleaning up the infected servers, they were informed by the Human Resources Department that one of their newer Engineers "Flynn Griffen" had not turned up to work this morning and submitted his letter of resignation.
Task
You have been contracted as a wireless network forensic expert by an organization to investigate the issue that has occurred recently. You have been assigned to review, analyse, and provide a full report and documentation of the live packet capture that was intercepted in relationship to some suspected member of your organization to be linked with some kind of "organized crime".
Your task consists of analyzing, reporting and providing a full documentation of the live packet capture that was handed over to you by the organization which include but not restricted to the following.
- What websites were accessed by the suspect?
- What files were download by the suspect?
- What videos were accessed by the suspect?
- For all websites, files downloaded and videos accessed, are any of these related to hacking?
- How did the suspect gain access to our FTP server?
- What commands did the suspect run on the FTP server?
- Did the suspect view or alter any other projects on the FTP server?
- Is there any information to suggest the suspect was working alone or as part of a team?
- Is there any evidence of suspicious emails?