In this exercise, the student plays the role of a security admin of an enterprise network. They are asked to investigate a potential malware-based attack.

The student is told that an intrusion detection system has seen periodic outgoing connections from a computer within the enterprise network to a computer on the Internet. The student must block the outgoing traffic, determine the computer from which the traffic is originating, find the malware on that computer, examine it to see what information is being sent out, and stop the attack.



  • Familiarity with the Linux/UNIX command line (shell commands)
  • Basics of the TCP/IP network protocol stack
  • Exposure to tools such tcpdump
  • Some knowledge of administering a pfSense firewall including editing rules and viewing logs


Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cyber Workforce Platform

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec sed finibus nisi, sed dictum eros.
Copyright © 2024 Divi. All Rights Reserved.