SOC Analyst Skills - Wireshark Malicious Traffic Analysis
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- In this video I walk through the analysis of a malicious PCAP file. PCAP files are captured network traffic, and analysis of it is often done to understand what happened in an incident. Security Operations Center (SOC) Analysts often have to do use this tool and do this type of work.
We pull a malicious PCAP file "Okay Boomer" from www.malware-tr... and open it with Wireshark. SOC analysts analyze endpoints and network traffic as part of their regular job duties. Knowing how to use Wireshark at a basic level will serve you well.
Empower yourself to confiently share at a SOC anlayst interview that you have proactively done malicious network traffic analysis using Wireshark.
Wireshark Download: wireshark.org
Malware PCAP files: www.malware-tr...
VirusTotal: www.virustotal...
📱 Social Media
LinkedIn: / geraldauger
Twitter: / gerald_auger
TH-cam: / geraldauger
Discord: / discord
Twitch: / gerald_auger_simplycyber
🔥 My Curated Website of Free Cyber Resources
SimplyCyber.io
📷 🎙 💡 MY STUDIO SETUP
📷 Camera / Video
Sony Alpha a6400 amzn.to/2TZliEb
Sigma 30mm F1.4 amzn.to/3hEJFA2
Gonine AC-PW20 AC Adapter (for a6400) amzn.to/3wDZBqc
Fotga 52mm Slim Fader amzn.to/3khne5w
Boom Scissor Arm Stand amzn.to/3efSv5b
Logitech C922 Pro Stream Webcam 1080P amzn.to/3i8AI0B
BlueAVS HDMI to USB Video Capture Card 1080P amzn.to/3i5JAEk
Anker USB C to HDMI Adapter amzn.to/3kjjoJ4
60-Inch Lightweight Tripod amzn.to/36B5j1u
5X 6.5ft Portable Green Screen Chromakey Collapsible amzn.to/3efW9Mp
Glide Gear TMP100 Adjustable Teleprompter amzn.to/3B36DrZ
🎙 Audio
Blue Yeti Nano Premium USB Mic amzn.to/3efWcb3
BOYA BY-M1 3.5mm Electret Condenser Microphone amzn.to/3AZzJIN
Boom Scissor Arm Stand amzn.to/3efSv5b
Neewer Professional Microphone Pop Filter Shield amzn.to/3ekdZOi
💡 Lighting
UBeesize 10’’ LED Ring Light amzn.to/3i23qAm
Neewer Ring Light Kit:18"/48cm Outer 55W 5500K Dimmable LED Ring Light amzn.to/2U0slwo
Fovitec 2-Light High-Power Fluorescent Studio Lighting Kit amzn.to/36zDS8A
Neewer 2-Pack Dimmable 5600K USB LED amzn.to/3B0crCQ
Neewer 480 RGB Led Light amzn.to/2Vzwmbf
60-Inch Lightweight Tripod amzn.to/36B5j1u
🧑🏻💻 Workstation
2020 Apple Mac Mini with Apple M1 Chip amzn.to/3wybMVL
Logitech MX Master 3 Advanced Wireless Mouse amzn.to/3xFCkWp
Apple Magic Keyboard amzn.to/3ehMRiP
Huanuo Dual Monitor Stand Mount amzn.to/3keFZqc
Dell U2717D IPS 27" UltraSharp InfinityEdge Slim Widescreen amzn.to/36znqoG
USB C to SD Card Reader amzn.to/2VG1RRd
StarTech 2 Port USB C KVM Switchamzn.to/3efWoa7
Toshiba Canvio Basics 1TB Portable External Hard Drive USB 3.0 amzn.to/3hZOK4A
External Hard Drive Portable Carrying Case amzn.to/3r62XRM
Mountable Surge Protector Power Strip with USB 5 Outlets 3 USB Ports amzn.to/3wDmlqv
🥼 Raspberry Pi Lab
Raspberry SC15184 Pi 4 Model B 2019 Quad Core 64 Bit WiFi Bluetooth (2GB) amzn.to/3i61EhI
Miuzei Case for Raspberry Pi amzn.to/2Vzyrnz
Micro Center 32GB Class 10 Micro SDHC Flash Memory Card with Adapter amzn.to/3B0Qm6X
Micro HDMI to HDMI Cable 6FT amzn.to/3ekpiG3
👉 Some product links are affiliate links which means if you buy something SimplyCyber receives a small commission (but it all costs the same to you, so consider it supporting the channel 😉 )
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoff...
😎 Merch 😎
👉🏼 SimplyCyber Branded Gear: teespring.com/...
🎥 Livestreams are produced through StreamYard.
$10 credit using my referral link below if you ever upgrade to pro plan.
streamyard.com?pal=6534222448689152
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated.
Hell yeah man, I'm studying for the sec+ and can't find many good videos on the tools I'll be using so thank you for this! Definitely gonna sub & check out your other videos after this one
Happy to help! Best wishes on Sec+.
such a young buckgrow up so fast
I am preparing for a SOC I technical interview. This is at least the 3rd video of yours that I have found extremely helpful. Thank you for continuing to make amazing content.
I hope the interview went wonderful. Any similar questions come up??
How was the technical interview? were u asked about wireshark?
How long should traffic be captured which is indicative of malware, RAT,?
Do malware send beacons if the phone is idle yet connected to the internet ?
Kindly advice.
Is there anyone on TH-cam that worked each exercise? Can't find anyone or a playlist. Would be awesome.
Not that I know of but a fun content idea. Thx
@@SimplyCyber YOU SHOULD!!! It would be a game changer.
You can run malicious files inside a Sandbox such as VirtualBox / VMware etc ... As long as you disable VM to host sharing it should be safe
ThugLife another great option. Just measure twice cut once. 😉
Around Tshark tcpdump are important tools as analyst?
This is pure gold!!!
Thanks for the kind words! Appreciate you taking the time.
Any chance you could do videos on other tools and how to get practice at home? Can't find anything like that
Based on the response from this video, sure. I do more than just tools in order to support many angles/needs for folks in the field but I hear you. Was thinking of doing a reverse engineering one, more useful for security researchers , but still fun and can be done at home. Thoughts?
@@SimplyCyber absolutely do that. That'd be super interesting to see that process. And something like that might spark interest in people who aren't in this field already!
@@xboutdattime89 Coming back now after making a few more tech tool videos. I did do one on reversing: th-cam.com/video/n5j6uJXtJW8/w-d-xo.html and I did one on malware research tools: th-cam.com/video/x0mGxucyZmk/w-d-xo.html
Great video as someone who wants to get into an SOC analyst role!
Thanks for taking the time to comment. Glad you enjoyed it.
amazing video. subbed.
Thanks so much for the feedback.
Love your content man. Very insightful. Thanks so much
I appreciate that!
great video but bad resolution... my eyes gave up.
Thanks for feedback. I've been working on trying to make screen caps better. Its hard to tell when filming what it will look like to audience. I'll keep working at it.
@@SimplyCyber it's alright. The content you are giving is extremely good.
You’re simply the best! Just wanted to comment something for the algorithm 🙏🏻🙏🏻♾️
You should consider paying someone to market you around TH-cam or something. Your content is incredible. I stumbled on your channel by accident/error. I was about to click on David Bombals video and missed. Instant subscibe.
I'm just curious, how did you find that Website ?
I knew I wanted a PCAP with malicious traffic. I just googled 'malicious pcaps' and clicked on the first result. Pretty awesome resource.
@@SimplyCyber Search for Brad Duncan. He teaches excellent malware analysis courses at Bsides. He works for Palo Alto, Unit 42.
Any chance we can get a video like this but on the Kali box we built in AWS ? Thanks ! Keep up the great work
Thanks for the comment and request. Great idea! I'll drop an episode June 8th that uses the Kali box we built in the AWS video. Really appreciate you watching.
Today’s show is reversing a firmware using......the kali box
Just seeing this comment but yes absolutely. I may even do a kali in aws series. Would that be interesting?
Guess I did see this comment months ago, but still the question sustains today. Let me know
how i become good at wireshark?
Do a bunch of the exercises at that site
@@SimplyCyber yes i think exercise it the key.your interractions with us is so amazing thank we learn a lot of you.Also i see people speak among wireshark with Tshark or tcpdump evenso and zeep.Due to overwhelming what do you thing are important for everyday job all of these stuffs?
Jerry, Tremendous!
Thanks Gracie. Did you dig into the PCAPS? Appreciate the kind words.
why i can't find download video option ?
Thaks sir this will helo me alot in ctfs
You are super cool and this excerise is very useful.. keep posting more videos👍🏻
Thanks Jeyapaul! Appreciate the support and I'm pushing every monday at noon.
how do you get dark mode for wireshark? also, is this available for windows
Windows download _ www.wireshark.org/#download
I do not believe dark mode is a feature in Windows version at this time.
Thanks so much! So helpful ❤️
thank you mannn
“Per say“?
Great resourceful video
Glad it was helpful!
I love this channel!!
YES! 🔥
thanks man I actually have an SOC 2 interview on Monday I'm gunna smash this malware traffic analysis site all weekend.
It will ready you up. Both practically and if you happen to drop ur doing pcap analysis on the side
How do you know it’s endpoint
Kay, Not sure what you are referencing here, but taking a guess at what you are asking. An endpoint is a host system on the network, so a laptop, server, IOT, Ring doorbell, smart bulb, etc. They all are assigned IP addresses on the network, and the IP (and MAC address) are what allows endpoints to communicate with other endpoints and network services. If that was your question I hope it answers it.
@@SimplyCyber thank you soo much
Great video. You've made it really easy to understand. Thank you
Yes! Thats my goal. Thanks for sharing.
Can you explain please how do I add Cname string column?
Can you rephrase the question?