• Your task is to analyze the provided PCAP file to uncover how the file appeared and determine the extent of any unauthorized activity.

Questions

• since we know this is about file
• check export object -> http

• attacker exfiltrated /etc/passwd file to his own ip