Wireshark - Malware traffic Analysis
HTML-код
- Опубликовано: 14 май 2024
- Packet analysis is one of the important skills that a security professional should master, Today Will be using the Worlds leading network traffic analyzer, Wireshark for malware traffic analysis,
Wireshark is a popular network protocol analyzer tool that enables you to gain visibility into the live data on a network. It’s a free and open-source tool that runs on multiple platforms.
🌏Web Site
hackexplorer.net/
💾Sample files in video
github.com/HackeXPlorer/Chann...
TimeStamps
0:00 Introduction
0:35 Wiershark quick intro
0:46 What are IOC's?
1:35 Wireshark interface
2:38 Protocol Hierarchy - Understand traffic
3:56 Using filters
4:38 Adding columns to the interface (HTTP destination)
5:28 Find source and destination port
6:58 Finding the infected files downloaded
9:26 Finding hash values of the files
10:06 Using Virustotal
11:43 Find infected website
12:26 Find IP address of the infected site
12:44 Find the MAC address of the infected machine
12:56 Find the Hostname of the infected machine
14:24 Actions on the findings
15:05 More learning - Wireshark 101
15:24 More exercises on www.malware-traffic-analysis.net
Download Wireshark
www.wireshark.org/download.html
Download Malware traffic sample
www.malware-traffic-analysis.n...
Main site: www.malware-traffic-analysis.net/
HashMyFiles
HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system.
Download: www.nirsoft.net/utils/hash_my...
Hishan Shouketh 2019
Facebook
/ hackexplorer
Twitter
/ hack_explorer
Instagram
/ hackexplorer
This was more informative then my worthless college professor and textbook combined. Not only did I pass my lab because of this video, I also learned a lot. Thank you for sharing with us!!!!!!!!!!
that was the best explaination i´ve ever seen on youtube. bravo! you should bring more content out about wireshark and live examples. great!
Brilliant, clear and great clarity in the delivery. Thank you so much. 👍👏
Hopefully more episodes of this as well. Thank you for sharing your knowledge
You are welcome Mandz 👍
Great step by step video. Exactly what i was looking for!!
I'm just 5mins into this and it's sooo helpful.Totally assisted in better understanding of wireshark. Thank you .
NOT ALL HEROES WEAR CAPES!!!
This was presented and broken down very well. Thank you ! Subscribed
Thank you for your feedback, appreciate it.
Hey bro, I have a project to do on Wireshark, I have to analyze the files, can you please help me out please, like we can meet on zoom
I had been looking for this type of worth content and in this video you covered a lot. Thanks for a worthy video.
Wow that was really really smooth. Thanks. Subbed already
WOW!! Crazy level of detail and new-user friendly. Thank you very much for uploading.
You're very welcome! Hilko 👍
Excellent .. just excellent !!!!! Thanks for this!!
Excellent presentation, I actually used this for a guide and was able to make a lot more sense of what I was seeing, Thanks a mil!
Thank you for the feedback fox, highly appreciate it
Dang, this is super informative. It's 2021, and this video is still ultra useful. Thank you!
The source material i referred to was even older. But still this is the fundamentals 😁. But builds a strong foundation
Thanks for the easy step by step guidance. Appreciate your efforts. 👍👍👍
Really man! This video was amazing! Thank you!
Omg this is the best malware capture vid for Wireshark, Thank you so much for explaining step-by-step. its really helped me in packet analysis and hunting. Thanks mate!!!
You are welcome Ruth, thank-you for the feedback.
Very well done..Will be sharing with my SOC team.
Thanks alot, that export objects is extremely helpful which I didn't know about!
Thanks for the help to understanding wireshark
Amazing, really clear, you are a great instructor. As I read on a comment below, I learned more from you in 16 min that from textbooks and professor in college
Thank you for the feedback Tomas
This the most informative, hands on video I've watched on this tube about this subject...Just amazing man. Thank you very much.
Thank you for the valuable feedback :)
I dont mean to be off topic but does someone know a trick to get back into an Instagram account?
I was stupid forgot my password. I love any tips you can give me
Found something very interesting... really like to see such videos upcoming.. Thanks for sharing !!
Appreciate your feedback Nashim
The flow was great. Thanks for sharing
Glad you enjoyed it!
very practical, was able to understand easily. Kudos!
Great explanation, Please keep posting more videos.
this is the best wireshark tutorial
Excellent video :) Thanks
Very well explained and demonstrated. You made a confusing subject easy to understand. Thank you!
Thankyou for the feedback Joseph 👍
Hey bro, I have a project to do, analyzing the pcap files.. It would be nice of you if you can help me out. PLEASEEE, like we can do a google meet meeting or zoom or something that you like. PLEASE
Excellent # keep doing 👏 👍
Amazing episode 🔥🔥🔥
You rock man, I needed it to do my university exercise. Thank you so much :)
Hey bro, I have a project to do, analyzing the pcap files.. It would be nice of you if you can help me out. PLEASEEE, like we can do a google meet meeting or zoom or something that you like. PLEASE
Hey bro, I want a help from both of you For my Uni Assignmnt.. Please Can You??
I've learned quite a bit knowledge on his analysis. I'm surprise this channel haven't blew up yet. Subscribed for more!! lets go!
Thanks for the feedback
Thanks, alot!!! for uploading this informative video, I really learned a lot about Wireshark ethereal
Thanks for the feedback Rashmi 👍
Keep them videos coming. Good work!
Thankyou Showvik
Careful! He's a hero!!! Subscribed !!!
Very interesting and presented in a clear manner. Was a little fast a points, but can hopefully learn those bits later.
First of all, I want to thank you for the logical processes that you've shared here in this video, you have my subscription and like, and please make some playlists about every tool.
Thankyou very much abdou 👍
Nice explanation with good demo. Thank you!
You are welcome Prasanna
This is amazing work. Thank you sir. Subscribed !
Thank you for the feedback ,Murat
thank you man. it was really helpful
Amazing, the author explained it so easy. Thank you
Thankyou for thr feedback Jaya.
Excellent. You made it so clear.
Thank you Konul
the best video on youtube till now. thanks
Glad it helped
Really good video, great advice with columns etc
Glad it helped!
Good explanation and new information.
TNice tutorials tutorial is so good, tysm
I have learned so much today just in one video, thank you so much please keep going
Glad this was helpful, thankyou Leo.
Hi there, it was a very very useful & informative tutorial video. please upload more about Wireshark. thnx
Absolutely Brilliant EXplanantion
Thankyou very much
very nicely done video. thanks a lot
Great work,very informative and professional
Thankyou for the feedback Artem.
Thank you man, I really need it for my assigment.
Glad this helped you, thanx for the feedback
Great presentation and information. Thanks!
Thankyou Larry
Thanks man. Great Explanation.
Glad it was helpful! Mohd (y)
Outstanding video about using Wireshark for security related purposes. I've been doing protocol analysis for a long time with various protocol analyzers, Wireshark is my hands-down favorite. However I've only used it for TCP and application performance analysis and troubleshooting. Although I've had thoughts about getting into the security side of things since, there has been some hesitation. My experience with performance analysis is advanced with computer communication protocols, service layers, etc. Learned a lot - I believe I will download and work through some of this. I'm already using most of the same methodology on the performance analysis side, so it should easy to transfer over my skills. Thanks!
Thankyou for you feedback Fritz, these keep me motivated to make more videos like this
Your work is exceptional 👍 please make more videos soon
hey Shakir, thanks for the feedback. yah hope to do more soon. stay tuned
very informative video thanks
Amazing stuff. presented in a very easy manner to understand.
Glad you liked it! Riyaz
I'm a master student and this video is very helpful for me to do my homework. It is so informative! Thank you.
I am glad that this helped you,do let me know what kind of other topics that will be helpful for your studies.
Very informative and very good explanation. Thank you.
Thankyou Shafrina 👍👍
Thank you so much, this video it's very useful, keep sharing your knowledge
You are welcome, and thankyou for the feedback. Appreciate it.
Fantastic Explanation. It is really helpful for WIRESHARK Beginners.
Glad it was helpful! Thank you Chirojit.
Finaly some info to work with
very informative video
Thank you very much for sharing your knowledge, it's very useful
Milles merci
it's a pleasure Muvi. De rien
good channel I like how you go in depth regarding wireshark Ive got wireshark
Thankyou Lee, appreciate the valuable feedback.
amazing video. simply explained. thanks for the content.
Thank you for your feedback, appreciate it
Great explanation - thank you
Many thanks for the feedback Orca.
Wonderful...very nicely explained.!!
Thanks a lot 😊
awesome. thank you
Great video, worth a sub.
Thanks for the sub!
great content!
Thanks bro , you saved me 👍
Prefect informations!
Thank you very much
No bu****It, right to the point! Love it! you are awesome!
Thankyou for the valuable feedback Darpan.
This was very helpful please make more packet analysis videos, maybe other attacks like XSS, beaconing activity and Trojans. Thank you.
Thank you Tony, valuable suggestions. I'll add these topics to my future work.
Thanks for the video !!!
Thanks appreciate it ☺️
amazing tutorial
Thank you man!
Happy to help!
Echoing other comments - nice, well made video. Good focus on teaching, rather than video production. At the same time, very practical information.
Thank you for the feedback Nilanjan. Appreciate it a lot.
Hi Sir, I found this useful and shared it with my Front line team to analyze the PCAP logs.
Can you please post one more video to analyze the slowness/performance issue when using a different protocol like ( PCoIP, Blast)
Some times we face issues saying unable to launch the VDI when using PCoIP and the blast works fine(vice versa). If we can analyze the network logs we can suggest what can be done in his network. . Curious to know how to find the cause and suggest things better.
THANK YOU SO MUCH
You're welcome!
Thanks for such a nice video, you have explained very well and thisbis very very helpful for me
You are welcome, thanks for the feedback
Thank you🙏🏼
You’re welcome 😊
Very well explained.
Thanks Saby
awesome. thanks so much!
Hey, Tanzeel you are welcome.
Very useful and well done video. I only wish you had expounded more on the other suspicious server little more in depth. Thanks.
nice man, tks , i didn.t know how to see the host name. i do now...
great job!
Thank you Adithya.
Nice
Thanks, fellow ethical hacker!
Thanks a lot Sir.
Most welcome Paras:)
Thanxs.
👌
Thanks a lot for your efforts. Could you please send again the link of the traffic sample? The one in the description was not opened. I think you used the version 2014 (MTA-2014-files-contains-malware.zip), then the pw should be infected_2014, it also was not worked. Thanks in advance.
I feel you
Great video
Just wondering, when saving those malicious files, while it infect your computer or does it only do that when you run the files
only when you run.
Hi that was very useful and understandable vid around youtube about that topic thank you for sharing it with us. Do you have or know about some good course for paid with this proffesional and valuable content?
Hey, Thank you for the feedback
You didn't mention what type of content you are looking for (RED or Blue team)
overall flowing are some good sites that you can get courses on Cyber security
1) eLearnSecurity
2) Pentester academy
3) TCM Security
Free and paid courses on
4)Cyberary
Hey, great video, but I got stuck at some point:
For me, all the options under File/Export Objects are grey. Should I select something or is there anything I am missing? Thanks!
If you have a http traffic capture, try typing "http" as a filter, then select a packet .
Then check the export object option
I guess this video is helpful only for HTTP traffic. Most of the websites we visit are HTTPS. How can we do malware analysis for the TLS/HTTPS traffic ? Thank you.