The packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks. // MENU // 00:26 - Intro 04:24 - Sharkfest / DEFCON 05:55 - What is Threat Hunting? 07:33 - Why threat hunt with Wireshark? 10:05 - What are IOCs 10:30 - Why should we care? 12:23 - Packets/PCAPs 18:48 - 'Low hanging fruit' 21:10 - TCP Stream 27:29 - Stream 35:00 - How to know what to look for? 37:49 - JA3 Client Fingerprint 41:25 - ja3er.com 48:08 - Brim 52:20 - TSHARK 58:50 - Large Data Example 01:04:00 - Chris' Course 01:06:20 - Outro // PCAP download // Get the pcap here: malware-traffic-analysis.net/2020/05/28/index.html // Websites mentioned // ja3: ja3er.com Malware Analysis pcaps: malware-traffic-analysis.net //CHRIS GREER // Udemy course: davidbombal.wiki/chriswireshark LinkedIn: www.linkedin.com/in/cgreer/ TH-cam: th-cam.com/users/ChrisGreer Twitter: twitter.com/packetpioneer // David SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
I know Chris mentioned it a few times, but I think it's worth emphasizing that one of the most powerful skills in all Wireshark analysis is just scanning through a capture file looking for things that seem even a little bit unusual. Pretty much all the other smart Wireshark people, such as Kary Rogers, Jasper Bongertz, Hansang Bae, and Laura Chappell, preach this as well. This is one of the main reasons for just looking at a lot of capture files as Chris also suggests (even just normal traffic), since it gives you the experience to more quickly recognize more things that may be out of the ordinary. Yet another excellent video, David & Chris. Well done!!! Also one little note: "sort -u" does the same thing as "sort | uniq"
David, you have managed to bring so many talented experts to your channel, including your experience accumulated over the years... Thank you for your contribution
The more I read and learn about Blue Hatting and Purple Hatting, the more I feel like that is where I want to go. Red Team is super cool, but all the blue team threat hunting stuff is intensely interesting and cool. I know that learning how to Pen Test is a vital part of really building a great defense, I am really excited to keep diving into Cyber Security. I'm going through a Software Development Degree in College, and I am seriously considering adding a Cyber Security minor. Thank you gentlemen for the excellent discussion and lesson
Wow, This fascinates me. I have always thought that looking at what your machine or network is sending out is the key to finding whether you are compromised or not. I am an old newbie at this. David your channel ROCKS!
Fantastic video, David. Thanks to Chris also. God, I learnt so much from this video. I'm frequently doing scans on my home network to what is I class as normal traffic etc. Just fantastic video
Thanks David and Chris for sharing the knowledge and providing relevant content. Wirewatching is real and relevant separating the good beans from those that are bad👨💻
I had a short course years ago in Wireshark with Laura Chappell. I have a signed copy of her book. It was an awesome class. She showed us how to set up all sorts of filters for Wireshark, but I never really used it and forgot it all. LOL
Brilliant video! Wireshark always seems overwhelming and somewhat intimidating to me, this at the very least shows you how you can effectively use it to threat hunt with some simple processes. Well done!
As always, amazing content from David and Chris. I found this one especially interesting because I’ve been working on writing malware (to see if I can ha ha) and seeing the traffic at the packet level is awesome. Keep it up and ROCK ON!
Great content and I’m a master barber 💈 and I have been on the edge of my seat from the very beginning to the end so this is how it gets done and it’s been interesting to watch so I’m thinking about doing this as fun 🤩 and like you said a beginner tech guy could get lucky 🍀 so my goal is to understand the hunt. Thanks 🙏 for being your self.
Thank you for your great lecture!! I and my friends and neighbors have been hacked by a hacking group. I can find a hacking clue, because Chris and David teach sophisticated method. I expect your next great teaching movie for hunting hackers!
It's really a superb video, obvious to someone with little experience, clear and audible, really great work, I love this kind of content, many thanks :-). (Addressed to David Bombal and Chris Greer).
Thank you for your great lecture!! I am a victim of hacking. I can get hacking clue, because David and Chris taught sophisticatid method. I hope you upload further method for hunting hackers!
A really useful video. Thesis is so powerful and every day is a learning day. Have an anan 8000fle. Glad I have not updated sunsdr2 software form vs2.only thing I miss on thesis is recording band activity and the ability to variably change FM rx bandwidth
Cowboy is a popular web server in the erlang world, so Server: Cowboy doesn't immediately raise a red flag on its own, but also that web service puts headers in lowercase, so not seeing it as server: Cowboy does trigger curiosity.
@David Bombal Thanks , from india, myself farhan, studying in 10th std and also learning ethical hacking and Networking and coding my age is 17 , i am goona start learning linux and I think ubuntu is a very beginner Friendly linux Distribution , and also its gui is Fantastic, i don't wanna install it manually, Please Dear david sir, There are many People who want ubuntu 22.04 not 20.10 running in windows with wsl2 Make sure you will make a video on it, Your content is helpful and awesome. I Always learn something new from your video Love from india, Farhan😍😍😍❤💓
@chrisGreer, Thanks for the such a wonderful information. I am little bit confuse like if I use the Wireshark in production environment then how to capture the packets to analysis any malicious traffic on daily basis ? Is there any function in Wireshark so that we can analysis and filter out the all the malicious easily? And provide some kind of alert alram or notification something like that.
Trying to follow along.. and possibly purchase some of Chris' training, but I notice on my Wireshark installation VM on our domain (domain admin rights) my country columns aren't populated at all (when viewing endpoints to check for nefarious countries). Am I missing a cfg or something somewhere??? Thanks for this video - very helpful!!
Hi David, thanks for setting this up with Chris, I’m just starting off with wire shark and have already purchased your Udemy core skills course, its on my to do list! Was just looking to purchase the joint one ‘getting started’ In which order do you recommend completing?
Chris, what are your views on Network Detection & Response (NDR) solutions? What are your thoughts on enterprises moving to the cloud? How do you perform threat hunting in such an environment. Thanks!
Very wonderful video and very useful video's in your channel sir thank you 😊. I am watch in tamil nadu for two year very most information I know and develop my knowledge with your videos sir. I am also a youtuber channel is " Tamizha Info Tech " that channel like hacking and programming videos sir😇😀...
Hey Chris and Dave, Ja3er had a pull request for providing wrong fingerprint information. Is there an alternative to parsing JA3 fingerprints you can recommend?
I’m new with wireshark and am so confused on what to look for and where to look even after your master class. We have issues at work that I want to identify problems but I still feel as though I know nothing.
One point that was maybe glazed over was again the Host: field in any http/1.1 request being an IP address. That field is specifically meant for virtual hosts, meaning it's how a server can return different websites based on the requested domain, this is the only way the server knows that you connected via a certain domain name..you don't connect to a domain name ever, you ask a DNS server what IP address is associated with that domain name and then connect to that IP. Thus there is no reason, ever for an IP address to be in the host field (except perhaps bad/lazy implementation of the http protocol in a legitimate app, or somehow your server has a vhost defined as an IP address which is also weird and I'm not even sure most webservers like Apache would allow you to make a vhost as just an IP).. If you're not requesting a specific host name on the server, then it should be omitted rather than set to an IP address, I could even see vhost enabled servers choking and 404ing because they're attempting to lookup a vhost using the IP which wouldn't exist instead of serving the default vhost (though that could also be implementation specific, some servers are likely smart enough to deal with lazy clients that may do this..) but point is, it's weird and would stand out as a red flag to me even if it is technically allowed by the spec and even used in some clients..You're literally telling the server something it should already know, its own ip, unless connecting through a reverse proxy but then you're still telling the server to look up/serve a vhost based on an IP address that's associated with the proxy itself which is likely not that useful..plus, aside from all that and perhaps a main point is how often does legitimate traffic connect directly to an IP address instead of doing a DNS lookup first? Any proper client will have inserted the host it sent for the dns request here and most legitimate traffic is going to make requests by DNS, easier to remember and if the IP changes it's not an issue as DNS provides a new IP. Threat actors often are using hijacked or temporary systems and it would only be more work for them to setup DNS for their c2 IPs plus theh would need a domain name and also it wouldn't be difficult for ISPs and central DNS providers to block requests. I suppose you could also use this knowledge to filter out requests to IPs that don't have a corresponding DNS lookup happening beforehand, though DNS caching especially local could make such a filter have false positives though if you have traffic far enough back and know that a certain request is the first (at least within local cache ttl) for that IP then you can be pretty sure.. the TLS-equivalent which can be more important with h2 and h3/quic (as well as any other protocol over tls) is SNI or server name indication. The host field is also easily spoofable like any http header while SNI isn't as easily spoofed, thus might be a good option for origin verification and vhost identification on servers using tls.
@@olkidolkie true, but that's not technically a virtual host at that point, it's just a method of configuring apache to serve multiple sites to multiple IPs.
So use wire guard the vpn that for life work the laptop plus you have manage which proxy handler for TCP choose and more plenty option settings that dedicated for IT hacker like su and root and etchetera
Chris can you show us how to capture packets from modem egress port? I am interested in all the outgoing traffics from LAN but wireshark captures only one NIC on my Desktop.
The packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks.
// MENU //
00:26 - Intro
04:24 - Sharkfest / DEFCON
05:55 - What is Threat Hunting?
07:33 - Why threat hunt with Wireshark?
10:05 - What are IOCs
10:30 - Why should we care?
12:23 - Packets/PCAPs
18:48 - 'Low hanging fruit'
21:10 - TCP Stream
27:29 - Stream
35:00 - How to know what to look for?
37:49 - JA3 Client Fingerprint
41:25 - ja3er.com
48:08 - Brim
52:20 - TSHARK
58:50 - Large Data Example
01:04:00 - Chris' Course
01:06:20 - Outro
// PCAP download //
Get the pcap here: malware-traffic-analysis.net/2020/05/28/index.html
// Websites mentioned //
ja3: ja3er.com
Malware Analysis pcaps: malware-traffic-analysis.net
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
TH-cam: th-cam.com/users/ChrisGreer
Twitter: twitter.com/packetpioneer
// David SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Please make a video on how to install ubuntu 22.04 with gui in wsl2
Please make a video on how to install ubuntu 22.04 with gui in wsl2
Please make a video on how to install ubuntu 22.04 with gui in wsl2
Love from India
Please make a video on how to install ubuntu 22.04 with gui in wsl2
Love from india
I know Chris mentioned it a few times, but I think it's worth emphasizing that one of the most powerful skills in all Wireshark analysis is just scanning through a capture file looking for things that seem even a little bit unusual. Pretty much all the other smart Wireshark people, such as Kary Rogers, Jasper Bongertz, Hansang Bae, and Laura Chappell, preach this as well. This is one of the main reasons for just looking at a lot of capture files as Chris also suggests (even just normal traffic), since it gives you the experience to more quickly recognize more things that may be out of the ordinary. Yet another excellent video, David & Chris. Well done!!!
Also one little note: "sort -u" does the same thing as "sort | uniq"
David, you have managed to bring so many talented experts to your channel, including your experience accumulated over the years... Thank you for your contribution
Thank you David. I find that whether you are the one sharing or a guest, I always leave each video much more knowledgeable and wanting to know more.
Wireshark is a great threat hunting tool! Had fun digging with David into the packets with this one.
Thanks so much for sharing your knowledge and experience with us Chris! Looking forward to more and especially the course :)
@@davidbombal Thank you both for everything you do :)
Hey Chris, how do you get endpoints to show country?
@@JohnMandersonBM Map IP Address Locations with Wireshark (Using GeoIP)
th-cam.com/video/IlVppluWTHw/w-d-xo.html here is a video of how to do it.
Спасибо за урок!! Thanks for lesson!!! Obrigado pela lição. Não tenho palavras!!
The more I read and learn about Blue Hatting and Purple Hatting, the more I feel like that is where I want to go. Red Team is super cool, but all the blue team threat hunting stuff is intensely interesting and cool. I know that learning how to Pen Test is a vital part of really building a great defense, I am really excited to keep diving into Cyber Security. I'm going through a Software Development Degree in College, and I am seriously considering adding a Cyber Security minor. Thank you gentlemen for the excellent discussion and lesson
Wow, This fascinates me. I have always thought that looking at what your machine or network is sending out is the key to finding whether you are compromised or not. I am an old newbie at this. David your channel ROCKS!
the extent to which we can analyse the packets and go deep inside is making me ready to take the course. thanks for all your efforts.
You're welcome Abhishek!
Thanks Chris and David putting this together, really amazing to brush up the packet analysis skills.
Fantastic video, David. Thanks to Chris also. God, I learnt so much from this video. I'm frequently doing scans on my home network to what is I class as normal traffic etc. Just fantastic video
Thanks David and Chris for sharing the knowledge and providing relevant content. Wirewatching is real and relevant separating the good beans from those that are bad👨💻
You're welcome! We can all learn so much from Chris :)
I had a short course years ago in Wireshark with Laura Chappell. I have a signed copy of her book. It was an awesome class. She showed us how to set up all sorts of filters for Wireshark, but I never really used it and forgot it all. LOL
lol... Wireshark gives you a lot of power! Well worth learning how to use it.
Awesome video. Thanks Chris and David for putting this out there.
I’m 14 minutes in and I’m so stoked that you guys are doing this video. There is nothing I would rather be doing right now. Thanks dudes!
Brilliant video! Wireshark always seems overwhelming and somewhat intimidating to me, this at the very least shows you how you can effectively use it to threat hunt with some simple processes. Well done!
Chris is amazing :)
As always, amazing content from David and Chris. I found this one especially interesting because I’ve been working on writing malware (to see if I can ha ha) and seeing the traffic at the packet level is awesome.
Keep it up and ROCK ON!
Thank you! Glad you enjoyed it Dustin :)
Curl is not kernel level…..it’s a command line tool. It’s odd to see bc it’s a web request not coming from a browser.
David's podcasts are always fun, interesting and valuable topic thank you for inspiring to get back to learning about cyber security.
Great content and I’m a master barber 💈 and I have been on the edge of my seat from the very beginning to the end so this is how it gets done and it’s been interesting to watch so I’m thinking about doing this as fun 🤩 and like you said a beginner tech guy could get lucky 🍀 so my goal is to understand the hunt. Thanks 🙏 for being your self.
Thank you for your great lecture!! I and my friends and neighbors have been hacked by a hacking group. I can find a hacking clue, because Chris and David teach sophisticated method. I expect your next great teaching movie for hunting hackers!
i really love how Chris Greer explains pcap
Thank you so so much David and Chris. You are the best! Appreciate it :)
The quality of this video is off the charts! Thank you both for your work.
@Chris Greer - it was great meeting you at DefCon this year. Great class as well.
You too! Great to meet you and thanks for watching/commenting!
thanks for another insightful video David
this is an awesome collaboration. hope we'd get to see more
I love Chris! He's always got the nitty gritty useful info.
Chis is great!
One of my favorite videos David, this guys good.
It's really a superb video, obvious to someone with little experience, clear and audible, really great work, I love this kind of content, many thanks :-). (Addressed to David Bombal and Chris Greer).
Chris Greer, putting the FUN in fundamentals.
... or is it the mental... ?
Cheers Guys. That was Awesome and amazing to watch and understand as much as possible. Looking forward to more of this content.
Great great stuff you guys, you’ve got my creative juices flowing……thank you both very much.
Thank you for your great lecture!! I am a victim of hacking. I can get hacking clue, because David and Chris taught sophisticatid method. I hope you upload further method for hunting hackers!
This is GOLD! Thanks to you both for the extraordinary work you do AND teach!
Nice channel. Fellow analyst pointed me here a few days ago. First thing I recognised, the SA accent.
@Chris Greer you're amazing. I'm always watching your videos. Congrats!!! David thanks a lot to share this content with us...
You're welcome!
I'm liking that Shark 🦈 stuff man!! I'm actually taking the Google IT support certificate! 😅
Love wireshark and the mode monitor ever, is a open door to the real time traffic
Thanks for the content! Chris is awesome!
Amazing content... Thanks David & Chris
Perfect Timing!
Hope you enjoy the video Muhammad!
@@davidbombal sure will do..
Thanks a ton 🙂Chris and David
A really useful video. Thesis is so powerful and every day is a learning day. Have an anan 8000fle. Glad I have not updated sunsdr2 software form vs2.only thing I miss on thesis is recording band activity and the ability to variably change FM rx bandwidth
Great video! Thanks David and Chris!
Amazing video David!!! I learned a lot! :) Thanks Chris too, you are a Gigachad!
Great content David and Chris
Thanks Chris and David for this very informative session.
You're welcome!
Best hacker channel on TH-cam ❤
Cowboy is a popular web server in the erlang world, so Server: Cowboy doesn't immediately raise a red flag on its own, but also that web service puts headers in lowercase, so not seeing it as server: Cowboy does trigger curiosity.
I was able to see how insecure smb was over network connections when I was new in IT
Amazing methodology- very usable
Extremely entertaining and informative!
This is public service! Thank you!
Great duo as always thx for ever and god bless u
That PewDiePie Handshake reference was sublime
Thank you so much for the lesson
@David Bombal Thanks , from india, myself farhan, studying in 10th std and also learning ethical hacking and Networking and coding my age is 17 , i am goona start learning linux and I think ubuntu is a very beginner Friendly linux Distribution , and also its gui is Fantastic, i don't wanna install it manually,
Please Dear david sir,
There are many People who want ubuntu 22.04 not 20.10 running in windows with wsl2
Make sure you will make a video on it,
Your content is helpful and awesome. I Always learn something new from your video
Love from india,
Farhan😍😍😍❤💓
Love the videos! Can you guys make one that is dedicated to setting up Wireshark profiles?
Great subject and wish to dive on similar subjects in future episodes.
BTW I prefer wired earsets lool : D
You Create Awesome cotent
As always, great stuff.
Thank you :)
Could make a smart box for the average business/ consumer to alert
Thank you so much for these videos! How do you load P-caps into wire shark? That nuts and bolts kind of content would be great!
@chrisGreer,
Thanks for the such a wonderful information. I am little bit confuse like if I use the Wireshark in production environment then how to capture the packets to analysis any malicious traffic on daily basis ? Is there any function in Wireshark so that we can analysis and filter out the all the malicious easily? And provide some kind of alert alram or notification something like that.
Ngl name "Catbomber" goes hard
“I’m wearing the wrong color hat” switches to black “alright now let’s go see what’s on this server in china”
Awesome video guys! 🦈
Thank you David.
Great stuff.
David. I like your channel.
Amazing content!
This video was awesome. Question? When you found that malware threatbot thingy how do you then get rid of it
Trying to follow along.. and possibly purchase some of Chris' training, but I notice on my Wireshark installation VM on our domain (domain admin rights) my country columns aren't populated at all (when viewing endpoints to check for nefarious countries). Am I missing a cfg or something somewhere??? Thanks for this video - very helpful!!
oh wow packets sure are amazing thing !!
Great info! Thanks for sharing.
Hi David, thanks for setting this up with Chris, I’m just starting off with wire shark and have already purchased your Udemy core skills course, its on my to do list! Was just looking to purchase the joint one ‘getting started’ In which order do you recommend completing?
Hi Chris, what did you install to show the country in wireshark ?
This is the kind of stuff... that gives people nightmares.
Is this Guy the real Jack Resyder, that is his voice!
Chris, what are your views on Network Detection & Response (NDR) solutions? What are your thoughts on enterprises moving to the cloud? How do you perform threat hunting in such an environment. Thanks!
I just started diving into wire shark and what do you know - this was posted. Thanks :)
Very wonderful video and very useful video's in your channel sir thank you 😊.
I am watch in tamil nadu for two year very most information I know and develop my knowledge with your videos sir.
I am also a youtuber channel is " Tamizha Info Tech " that channel like hacking and programming videos sir😇😀...
Просто Крутой чуваки! Нет слова!!!! Спасибо
Hey Chris and Dave, Ja3er had a pull request for providing wrong fingerprint information. Is there an alternative to parsing JA3 fingerprints you can recommend?
I’m new with wireshark and am so confused on what to look for and where to look even after your master class. We have issues at work that I want to identify problems but I still feel as though I know nothing.
One point that was maybe glazed over was again the Host: field in any http/1.1 request being an IP address. That field is specifically meant for virtual hosts, meaning it's how a server can return different websites based on the requested domain, this is the only way the server knows that you connected via a certain domain name..you don't connect to a domain name ever, you ask a DNS server what IP address is associated with that domain name and then connect to that IP. Thus there is no reason, ever for an IP address to be in the host field (except perhaps bad/lazy implementation of the http protocol in a legitimate app, or somehow your server has a vhost defined as an IP address which is also weird and I'm not even sure most webservers like Apache would allow you to make a vhost as just an IP).. If you're not requesting a specific host name on the server, then it should be omitted rather than set to an IP address, I could even see vhost enabled servers choking and 404ing because they're attempting to lookup a vhost using the IP which wouldn't exist instead of serving the default vhost (though that could also be implementation specific, some servers are likely smart enough to deal with lazy clients that may do this..) but point is, it's weird and would stand out as a red flag to me even if it is technically allowed by the spec and even used in some clients..You're literally telling the server something it should already know, its own ip, unless connecting through a reverse proxy but then you're still telling the server to look up/serve a vhost based on an IP address that's associated with the proxy itself which is likely not that useful..plus, aside from all that and perhaps a main point is how often does legitimate traffic connect directly to an IP address instead of doing a DNS lookup first? Any proper client will have inserted the host it sent for the dns request here and most legitimate traffic is going to make requests by DNS, easier to remember and if the IP changes it's not an issue as DNS provides a new IP. Threat actors often are using hijacked or temporary systems and it would only be more work for them to setup DNS for their c2 IPs plus theh would need a domain name and also it wouldn't be difficult for ISPs and central DNS providers to block requests. I suppose you could also use this knowledge to filter out requests to IPs that don't have a corresponding DNS lookup happening beforehand, though DNS caching especially local could make such a filter have false positives though if you have traffic far enough back and know that a certain request is the first (at least within local cache ttl) for that IP then you can be pretty sure.. the TLS-equivalent which can be more important with h2 and h3/quic (as well as any other protocol over tls) is SNI or server name indication. The host field is also easily spoofable like any http header while SNI isn't as easily spoofed, thus might be a good option for origin verification and vhost identification on servers using tls.
Apache does allow you to add a virtual host to an IP.
@@olkidolkie true, but that's not technically a virtual host at that point, it's just a method of configuring apache to serve multiple sites to multiple IPs.
Nice video 😊
Thank you!
Ok
So use wire guard the vpn that for life work the laptop plus you have manage which proxy handler for TCP choose and more plenty option settings that dedicated for IT hacker like su and root and etchetera
Chrise for me is like Krissh from bollywood :)
Interesting, I think I understand to some degree what you are looking for, but what's the 'cure'? How do you get rid of the code/malware?
there! Thanks a lot for the help, I'm going to subscribe to your channel and keep up with all the videos!
Let's gooooooooo!!!!
Hope you enjoy the video Ayush!
Hi, quick question. I downloaded a .pcap file, than go to "statistics" --> "Endpoints" --> IPv4, but cannot find any country data. Could tell why?
How to know if a windows installed laptop is hacked or not. And how to solve the problem of slow processing or hi Ram usage in unknown processes
Great, great content as always 👏 thanks for the content! @david and @chris.
Chris can you show us how to capture packets from modem egress port? I am interested in all the outgoing traffics from LAN but wireshark captures only one NIC on my Desktop.
So I’m looking through my traffic and find something sketchy. How do I stop them. What’s the next step to hardening my home network.
Went to a workshop Chris hosted at DefCon 30, it was awesome! Learned so much
nice 1!
Dont understand how its possible to hide dos executable behind a png file,can anybody explain
The course, is it available? I'd like to purchase it but where can I find it? UDEMY?
Also how to use the tshark uniq function in Windows.