AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Using wireshark to find malware2/15/2023 If you have it installed, and are familiar with it, the session will be a lot more beneficial to you. All of the concepts are the same, some of the menus have just been moved around. These both use the old Wireshark interface, the new one looks a bit different. There are also some good tutorials on Youtube. If you aren’t sure how to use Wireshark you can review the notes from our May session about Wireshark. Wireshark is a free protocol analyzer and an excellent tool for you toolbox. Please bring a laptop with Wireshark installed to participate. This will be an interactive session and I will try to come up with some small goodies to give away for those that solve the pieces to the puzzle first. We will be looking at how Angler EK can, and often will deliver multiple infections such as Locky, CryptXXX and even some unknown goodies. Join us for an interactive forensics scavenger hunt analyzing a pcap with some of the latest variants of ransomware. We talked about some quick ways to get info on IPs and domains when researching potential incidents. Some more info on some of the same tools in the paper above:.SANS paper on file extraction using different tools:.Here are some resources on ways to extract files (file carving) from pcaps: To determine file types you use the “Magic Bytes”: We also had some discussion on how to identify what different types of files really are, regardless of what the extension is and also how you can carve them out of traffic streams using hex editors.
0 Comments
Read More
Leave a Reply. |