Extra Lab: Emulating Services

Overview

The purpose of this lab is to practice emulating services and redirecting network connections.

Getting Sarted

You'll make use of INetSim during this lab. For a quick reference see the INetSim Guide

Exercise 5.1: Wannacry

For this exercise you'll examine the wannacry malware (found at c:\malware\wannacry\wannacry.exe).

Questions

• In the traffic that wannacry sends out, do you see any domains?
• What additional network indicators might you include to identify Wannacry infections in an enterprise?