@@ChrisGreer Nice idea - it would be educational to see the impact this has on a Windows system. You could use Volatility for process listing and network connection artifacts. You could also do some registry or file system analysis as well.
Hey Chris, is the pcap file still available? I'm trying to follow along using the link but when I click the link it is saying "The requested URL was not found on this server."
Thank you Chris for another brilliant session! Very interesting tip with the ja3 hash and I guess that's the voodoo the new next gen firewall use to identify application level traffic?! I am looking forward to your next videos :-)
Hi, your lessons are really great ! thanks and please keep doing it. I have a question for You...what will your first reaction if when doing a capture of a pc you see no tcp packets ? beacause i got the pb in my network... for one pc i only see NBNS, MDNS, LLMNR but no TCP... i'm a bit confuse...
@@ChrisGreer Just to add something in medcin the radiologist is the Guy who see the inside thé organs. And it s the same for u see inside thé packets (data) u heal thé network :)
I just wanted to take a glance at the video as i really appreciate your work and got totally sucked in! Great content and presentation. Simple, clear and effective. Would love to see more.
Thanks for the video! I have a question. You said that using HTTP (not HTTPS) is a mark you should pay attention at. Also, using HTTP makes all the traffic visible and available for analizyng by security specialists, some security tools and application. If the attacker didn't use HTTP but HTTPS, it wouldn't catch your eye just as you wouldn't be able to look into the traffic, because the traffic would be encrypted. The question is: what is the reason why an attacker prefers using HTTP against HTTPS?
Discovered you from the david bombal video and man, I'm excited to learn from your videos, this one was great! So cool to see malware attacks from a packet level perspective. If they had taken extra steps to use SSL and a normal user-agent string, aside from the foreign IP it might be a bit harder to spot.
Good morning Chris. Please can you make a video on how to preprocess network packets (PCAP)? For example to extract payload information and convert them into image to be use for CNN as its done in this paper "Malware traffic classification using convolutional neural network for representation learning"
Awesome content I have complete your Udemy course and I want small help like Creating perfect analysis report on those malware traffic analysis? Can you please help me out
why iam thankful to chris. because his video and sharing his knowledge saved me in my career many times.. when my application team easily pointing anything to my network team.
You are a F***ing Genius! Great Video, Great Explanation. Please more video like this. But here we have a filtered pcapng file,.The investigations star from an IDS alarm or periodic human monitoring. Real life cases are very difficult to detect without apply best practice.
True - it isn’t easy to find this stuff on the wire. That is why we have to have a good idea of the types of traffic to focus on. I will keep up this kind of content!
hi Chris, is there a way you can keep highlighted text while analyzing your pcap? for example if you want to keep anything "ip" flagged while you are monitoring. new to WS so sorry if this is redundant. tnx
Hmm... haven't done that yet. Even the find feature doesn't really work that way. You might have to export the cap info to csv or another format to be able to search it like that.
Hey Chris, nice video. I've been practicing Pentesting on my VM's on VMWare. Any videos available for that type of scenario--seeing a hack in real time through Wireshark? Or at least, detecting one after the fact through Wireshark?
Thanks Chris for all the information you bring to us, its incredible how much we can do with wireshark! A lot of things that some people maybe didn't know. Please don't stop doing this type of content, i'll be waitint for your next videos. Greetings.
Hello Chris, Love the way you are able to balance on more levels of difficulty and still keep in short, interesting and applicable: you go deep in the packets but seem to avoid long tails where one shoe might fit but than the pathway to the second one zzzzz … btw I learned a lot, enough to be able to identify my ex-boss -as the sneaky-creep-hacker who harassed me more than a year- I would never ever have know whiteout your video’s- thank you Mr C. next week -
That's a great site for practicing with infected pcaps. Been downloading and analyzing them to cut my teeth a bit. Looking forward to future videos of files I have analyzed to see how I compare to your methodology. Excellent content as usual.
There are too many words to describe the material you have offered here. Impressive, is one..... your talent to present material, it just makes you the right person for the job... Congratulation
Must say that i am pleasantly shocked from your videos and the way you present the analysis- i am working with captures almost 21 years and i still learning something from each of your videos- you are amazing !!!
Brilliant. You should create a course for people to do some basic verification on their systems for malware, viruses, etc
Hey it is definitely something I am considering. Let me know if you'd like to see that Packet Heads! 🙂
@@ChrisGreer I’d love to. I bought Pluralsight just for your courses!
+1
+2
@@ChrisGreer Nice idea - it would be educational to see the impact this has on a Windows system. You could use Volatility for process listing and network connection artifacts. You could also do some registry or file system analysis as well.
Hey Chris, is the pcap file still available? I'm trying to follow along using the link but when I click the link it is saying "The requested URL was not found on this server."
Thank you Chris for another brilliant session! Very interesting tip with the ja3 hash and I guess that's the voodoo the new next gen firewall use to identify application level traffic?! I am looking forward to your next videos :-)
Agreed. I'm totally nerding out on JA3 stuff right now. Super cool.
That was great, could definitely sit through more videos like this.
More to come!
Pretty good infos. Thank you chris, i hope to know more about you actual career and how can i get useful from this great informations
Hi, your lessons are really great ! thanks and please keep doing it. I have a question for You...what will your first reaction if when doing a capture of a pc you see no tcp packets ? beacause i got the pb in my network... for one pc i only see NBNS, MDNS, LLMNR but no TCP... i'm a bit confuse...
Very clear and interesting!
Thanks for the comment Fab!
Nice job Chris. This really shows the detail of how Malware traverses a network. Love the practical breakdown.
Thanks Kevin! I agree, this was a fun one to work through.
Hi Chris. I just want to say that I LIKE THIS KIND OF CONTENT A LOT!👍
Thank you for the feedback!
If you're interested in learning about SOC work, this is a fast and great intro into some of the often encountered technology and trends.
Thanks Chris. I appreciate this effort and would love to see more of 'em in this domain.
Very cool video - looking forward to the rest.
Is there an alternative to ja3er? Seems to be down
Thanks, Chris for the great session.
Could you help us to identify the source of infection.
This was probably a successful phishing attack. Watch out for those links and email attachments!
This was insightful! Please create more videos like this.
I really enjoyed your video! Thank you very much for posting such incredibly interesting stuff! We want more!!! 😀
Well more you will get! Thanks for the comment.
This is not just a high technical valuable content but enjoyable 👏🏻 someone give a award to this man 🙌🏻 as always, amazing content.
Much appreciated!
Valuable tips from you. Thanks a lot. Look forward to seeing more videos
More to come!
Definitely love this kind of video Chris. Great content.
Thanks Eric!
Yes I liked it !! Your videos are really intesresting. Thank you
Glad you like them!
Woow Chris u are so generous with knowledge u share this the way that gentil People act thx a million a god bless u
Glad you liked it! Thank you for the comment!
@@ChrisGreer Just to add something in medcin the radiologist is the Guy who see the inside thé organs. And it s the same for u see inside thé packets (data) u heal thé network :)
@@majiddehbi9186 Very true! Thanks for the interesting comment.
Brilliant C.G. Please do more of these. Helps to understand the capabilites of wireshark
More on the way!
This is very good stuff! It's a shame there wasn't material like this 10+ years ago.
That was amazing, would love to see deeper dives on malware analysis .
JA3 was mindblowing. Keep them coming!
All the best.
I just wanted to take a glance at the video as i really appreciate your work and got totally sucked in! Great content and presentation. Simple, clear and effective. Would love to see more.
Thanks for the feedback Michal! I'll get on it.
More content like this, please! This is amazing and scary. Thanks very much for sharing this.
Thanks Kevin!
Recently discovered your channel and I must admit that everything you cover is pure gold - Thank you so much for sharing your knowledge Chris!
Thank you! Thanks for stopping by the channel.
Thanks for the video!
I have a question. You said that using HTTP (not HTTPS) is a mark you should pay attention at. Also, using HTTP makes all the traffic visible and available for analizyng by security specialists, some security tools and application. If the attacker didn't use HTTP but HTTPS, it wouldn't catch your eye just as you wouldn't be able to look into the traffic, because the traffic would be encrypted.
The question is: what is the reason why an attacker prefers using HTTP against HTTPS?
Great content Mr Greer, thank you. Why attackers use plaintext for transmitting sensitive information?
Hi Chris, great video. Pls how do I get that JA3 stuffs in my wireshark. It's not in my packet I downloaded from the same link
This was great! I'm also taking your wireshark master class on Udemy and it's awesome! Great content. Thanks!
Discovered you from the david bombal video and man, I'm excited to learn from your videos, this one was great! So cool to see malware attacks from a packet level perspective. If they had taken extra steps to use SSL and a normal user-agent string, aside from the foreign IP it might be a bit harder to spot.
Thanks for the comment! Welcome to the channel. Suggestions always welcome. 👍
I had the pleasure of chasing trickbot and emotet around my org at my very first IT job....that was fun. This one sucks!
Good stuff! definitely make more and if possible in your own website and charge a small fees for a certificate of completion 😅
Thanks Chris, really enjoyed this video! Very informative and to the point!
Good morning Chris. Please can you make a video on how to preprocess network packets (PCAP)? For example to extract payload information and convert them into image to be use for CNN as its done in this paper "Malware traffic classification using convolutional neural network for representation learning"
Just discovered you, thanks for a great guide. i hope you make more security analyst related videos.
Hey Chris , Win 10 does not like the pcap file. What to do ? :O) ie...the malware-traffic file.
Awesome content
I have complete your Udemy course and
I want small help like
Creating perfect analysis report on those malware traffic analysis?
Can you please help me out
Loved the video, just wished you went more into details such as how to remove the malware (such as what ips to blacklist).
Do this through virtual machine, download the files, transfer to vm, shut off network connect to vm (host only) then execute and test it.
Instructions unclear, payload extraction and execution complete: send help
Hi Chris, i cant get access to ja3 site at all. please what can i do? i really need it as you have done in this video ASAP. Thank you.
what a dope video dude! thank you so much! I learned so many things from this!
Nice video Chris. Where to find the updated database of JA3 hashes ?
Is IT possible to do Videos about how to get Into a soc Position and what Tools to get familiär with?
Thank you for this informative video. ❤
Looking forward for more malware analysis with wireshark
Genious. Like these type of videos will be very helpful identifying which type of malware by just using pcap file. Please post more videos.
Thank you!
such a wonderful explanation.......
Thank you Chris for this exciting video. Loved the content.
Will you be adding more videos to the "Masterclass" playlist?
Hey Vyas! Probably not - now that the Udemy course is out there - bit.ly/udemywireshark
Chris, great content as always! Thank you for these short little "deep dives".
more malware analyze video please,thank you
I love this guy. Thank for your time
why iam thankful to chris. because his video and sharing his knowledge saved me in my career many times.. when my application team easily pointing anything to my network team.
Thank you for the comment!
Amazing lectures, this will help me in my Network forensics analysis cases. Really you make my life much easier.
Glad to hear that!
i need one of them packethead tshirts broski
Hey Lane, so my Spring store got disconnected and I am working on getting it reconnected. until then: packetpioneer.creator-spring.com/
@@ChrisGreer youre a god
download website link not working
Excellent work sir❤keep it up😊
Amazing, i really enjoy and learned alot
Great!! Thank you Chris
You are a F***ing Genius! Great Video, Great Explanation. Please more video like this. But here we have a filtered pcapng file,.The investigations star from an IDS alarm or periodic human monitoring. Real life cases are very difficult to detect without apply best practice.
True - it isn’t easy to find this stuff on the wire. That is why we have to have a good idea of the types of traffic to focus on. I will keep up this kind of content!
Can you do one for ipv6 dns takeover?
Loving it ! Keep em coming good sir !
Love this walkthroughs
hi Chris, is there a way you can keep highlighted text while analyzing your pcap? for example if you want to keep anything "ip" flagged while you are monitoring. new to WS so sorry if this is redundant. tnx
Hmm... haven't done that yet. Even the find feature doesn't really work that way. You might have to export the cap info to csv or another format to be able to search it like that.
Great Video Love These videos!!!
Brilliant video Chris!!!!
You are my f#$(%&* hero.
Great work Chris, thanks.
Ja3er is down now - see github discussion. Otherwise, professional video - straight to the point
Thank you I gotta fix that.
Password not working
Great video as always. spent 4 hours looking for malware in my network and cant stop ;))
Nice! Keep going!
@Chris Hey Hi, I thought you will start this series and many more such malware analysis vlog will come but not seen any new after this
Hey Praveen, you are right. I have been busy but I need to get more of these out. Thank you for the prod!!
amazing. keeep it going please
awesome; more of this please!
Yes I love it , make more of this
Love it. More malware analysis will be great. Great content thx
More to come! Thank you.
Hey Chris, nice video. I've been practicing Pentesting on my VM's on VMWare. Any videos available for that type of scenario--seeing a hack in real time through Wireshark? Or at least, detecting one after the fact through Wireshark?
Thanks Chris for all the information you bring to us, its incredible how much we can do with wireshark! A lot of things that some people maybe didn't know.
Please don't stop doing this type of content, i'll be waitint for your next videos.
Greetings.
Excellent content, very informative. Please, create more of those!
Thanks, will do!
Hello Chris,
Love the way you are able to balance on more levels of difficulty and still keep in short, interesting and applicable: you go deep in the packets but seem to avoid long tails where one shoe might fit but than the pathway to the second one zzzzz … btw I learned a lot, enough to be able to identify my ex-boss -as the sneaky-creep-hacker who harassed me more than a year- I would never ever have know whiteout your video’s- thank you Mr C.
next week -
That was very good thanks, this new malware analysis is really interesting.
Glad you liked it!
thanks heaps Chris.
That's a great site for practicing with infected pcaps. Been downloading and analyzing them to cut my teeth a bit. Looking forward to future videos of files I have analyzed to see how I compare to your methodology. Excellent content as usual.
Awesome video, please make more content on malware analysis
Thanks, will do!
That was so cool. Would love to see more. Thank you.
You got it! Thanks Joe.
Thank you or making this video. I'm getting a degree in Cyber Security and I'm recommending this to everyone!
Hi! I need a help!
what the mean in pcap file(http protocol)
"user-agent: ??????????????????????????????????????????????? ??�??????6"
There are too many words to describe the material you have offered here. Impressive, is one..... your talent to present material, it just makes you the right person for the job... Congratulation
A good user friendly malware analysis! Congrats! 🏴☠️
Must say that i am pleasantly shocked from your videos and the way you present the analysis- i am working with captures almost 21 years and i still learning something from each of your videos- you are amazing !!!
Thank you, this video is very helpful.
Glad it was helpful!
Need more of this
Please make a video for traffic analysis of DDoS attack.
That is a great idea!
Awesome
Video ! You should do more this kind of malware analysis videos with wireshark cause it’s a great skill for defenders
yes do more like this
Great work 👏 👍
Man… that was excellent video. You are a super star 🌟
Thanks for watching!
You did an amazing job analyzing this infected PCAP file