The packets don’t lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today’s networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks.

// MENU //
00:00 – Intro
04:24 – Sharkfest / DEFCON
05:55 – What is Threat Hunting?
07:33 – Why threat hunt with Wireshark?
10:05 – What are IOCs
10:30 – Why should we care?
12:23 – Packets/PCAPs
18:48 – ‘Low hanging fruit’
21:10 – TCP Stream
27:29 – Stream
35:00 – How to know what to look for?
37:49 – JA3 Client Fingerprint
41:25 – ja3er.com
48:08 – Brim
52:20 – TSHARK
58:50 – Large Data Example
01:04:00 – Chris’ Course
01:06:20 – Outro

// PCAP download //
Get the pcap here: https://malware-traffic-analysis.net/2020/05/28/index.html

// Websites mentioned //
ja3: https://ja3er.com
If ja3er doesn’t work, try this site: https://sslbl.abuse.ch/ja3-fingerprints
Malware Analysis pcaps: https://malware-traffic-analysis.net

//CHRIS GREER //
Udemy course: https://davidbombal.wiki/chriswireshark
LinkedIn: https://www.linkedin.com/in/cgreer/
YouTube: https://www.youtube.com/c/ChrisGreer
Twitter: https://twitter.com/packetpioneer

// David SOCIAL //

================
Connect with me:
================
Discord: http://discord.davidbombal.com

Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel https://www.youtube.com/davidbombal
YouTube Tech Channel: https://www.youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna

Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

malware
hacking
hacker
wireshark
udp
http
https
quic
tcp
firewall
firewall quic
quic firewall
threat hunting
hack
hackers
blue team
red team
tshark
chris greer
http
https
ssl
nmap
ja3
ja3 ssl
ssl fingerprint
nmap tutorial
defcon
sharkfest,
acket analysis
wireshark training
wireshark tutorial
free wireshark training
wireshark tips
wireshark for beginners
wireshark analysis
packet capture
wireshark tutorial kali linux
wireshark course
introduction to wireshark

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#malware #hacking #wireshark

subscribe
  • David Bombal