Summary of Hacker hunting with Wireshark (even if SSL encrypted!)

This is an AI generated summary. There may be inaccuracies.
Summarize another video · Purchase Premium

00:00:00 - 01:00:00

This video demonstrates how to use Wireshark to find malware, even if it is encrypted. The author demonstrates how to use the tool to scan for specific signatures that are indicative of malware. He also shows how to use Tshark to specifically look for certain information.

  • 00:00:00 David Bombal teaches a Threat Hunting with Wireshark course at DEFCON and SharkFest, which is popular among network security professionals who want to learn about indicators of compromise and strange traffic.
  • 00:05:00 This video introduces the concept of threat hunting, which is the proactive detection and analysis of cybersecurity threats. It covers the importance of having an understanding of the environment, the use of tools like Wireshark, and the importance of maintaining vigilance.
  • 00:10:00 In this video, Chris Greer discusses what Indicator of Compromise (IOC) are and how they can be used to identify compromised systems. He then shows how malware can be used to compromise systems and how to reduce the amount of time an attacker has to dwell inside a system.
  • 00:15:00 This YouTube video demonstrates how a hacker can hunt for SSL encrypted traffic by using the powerful packet analysis tool, Wireshark. The video shows how the hacker scans packets to identify connections, conversations, and other potentially malicious activity.
  • 00:20:00 The author demonstrates how he can identify GET and response strings in HTTP traffic that are indicative of an infection, even if the traffic is encrypted using SSL. This can help the author find malware or other malicious activity on the user's computer.
  • 00:25:00 The video demonstrates how to use the Wireshark tool to inspect traffic and identify suspicious activity. The author demonstrates how to use the "Stream" feature of Wireshark to view multiple TCP conversations at once. He then analyzes traffic data to identify suspicious activity, including sending and receiving email, exporting and exfiltrating data, and viewing process information.
  • 00:30:00 In this video, hacker David shows how he found an infected domain controller by looking for unusual traffic and process lists. He also discusses how finding suspicious traffic is important even if it's encrypted.
  • 00:35:00 The video discusses how to identify suspicious behavior on a computer, such as encrypted traffic or unusual versions of protocols. It also discusses the importance of the packet level, showing how an understanding of the version of the protocols being used can help identify malicious activity.
  • 00:40:00 The video demonstrates how to use Wireshark to find malware by looking for specific signatures in encrypted traffic. By understanding the JA3 hash and associated signature, it is possible to determine that the traffic is likely malware. This technique can be used even when the conversation is encrypted.
  • 00:45:00 The author demonstrates how to use Wireshark to scan for and find hidden executable files that are being hidden behind image filenames. He also shows how to generate Zeek logs from the PCAP data and how to use Brim to find potentially malicious traffic.
  • 00:50:00 In this video, Chris shows how to use the Wireshark tool to find malware command and control, network trojans, and other malicious activity. He starts by explaining how the tool works and walks viewers through an example of how to use it to capture data from a PCAP. He then demonstrates how to use Tshark, a command line tool that is installed with Wireshark, to specifically look for certain information.
  • 00:55:00 The author demonstrates how to use Wireshark to identify unique user agents within a large data set. He explains that this is useful for parsing large data sets or for identifying old versions of TLS.

01:00:00 - 01:05:00

Chris gives tips on how to be a successful hacker and explains how Wireshark can be used to find strange traffic and understand it. He stresses the importance of learning the tool well and being patient in order to be successful.

  • 01:00:00 This video shows how to use Wireshark to analyze DNS traffic and other types of traffic. The video also teaches how to use Mergecap to combine PCAPs into larger data sets that can be analyzed more specifically.
  • 01:05:00 In this video, Chris talks about how to be a better hacker, using tools like Wireshark. He says that, in order to be successful, you need to understand how an attacker's life cycle works and how they move laterally and find other systems. He also encourages viewers to be patient and stick to fundamentals, learning the tool well so that they can find strange traffic and understand it.

Copyright © 2023 Summarize, LLC. All rights reserved. · Terms of Service · Privacy Policy · As an Amazon Associate, earns from qualifying purchases.