MALWARE Analysis with Wireshark // TRICKBOT Infection

Подписаться 132 тыс.

Просмотров 45 тыс.

50% 1

Download the pcap here and follow along:
malware-traffic-analysis.net/...
The password to unzip the file is "infected"
If you liked this video, I’d really appreciate you giving me a like and subscribing, it helps me a whole lot. Also don't be shy, chat it up in the comments!
Video for configuring GeoIP in Wireshark:
• Map IP Address Locatio...
// Contact Me //
LinkedIn: / cgreer
RU-vid: / chrisgreer
Twitter: / packetpioneer
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...
Links above contain affiliate links where I will receive a small amount for any goods purchased. I thank you for clicking because it really helps to support me!!
0:00 Intro
0:48 DNS Filters
2:00 HTTP Requests/Replies
5:00 Using GeoIP
5:48 Exporting Usernames and Passwords
6:48 Exporting System Info
8:50 Extracting Hidden EXE Files
11:44 TLS Handshake Signatures

Наука

Опубликовано:

5 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 234

@mytechnotalent 2 года назад

Nice job Chris. This really shows the detail of how Malware traverses a network. Love the practical breakdown.

@ChrisGreer 2 года назад

Thanks Kevin! I agree, this was a fun one to work through.

@skizz_ 2 года назад

That was amazing, would love to see deeper dives on malware analysis . JA3 was mindblowing. Keep them coming! All the best.

@drakezen 2 года назад

Brilliant. You should create a course for people to do some basic verification on their systems for malware, viruses, etc

@ChrisGreer 2 года назад

Hey it is definitely something I am considering. Let me know if you'd like to see that Packet Heads! 🙂

@jaredteaches894 2 года назад

@@ChrisGreer I’d love to. I bought Pluralsight just for your courses!

@viktor.madarasz 2 года назад

@matimematime2867 2 года назад

@CyberNancy 2 года назад

@@ChrisGreer Nice idea - it would be educational to see the impact this has on a Windows system. You could use Volatility for process listing and network connection artifacts. You could also do some registry or file system analysis as well.

@Astro-Stock 2 года назад

Chris, great content as always! Thank you for these short little "deep dives".

@Brutatech 9 месяцев назад

Must say that i am pleasantly shocked from your videos and the way you present the analysis- i am working with captures almost 21 years and i still learning something from each of your videos- you are amazing !!!

@itguy1 2 года назад

Recently discovered your channel and I must admit that everything you cover is pure gold - Thank you so much for sharing your knowledge Chris!

@ChrisGreer 2 года назад

Thank you! Thanks for stopping by the channel.

@michalczapnik1988 2 года назад

I just wanted to take a glance at the video as i really appreciate your work and got totally sucked in! Great content and presentation. Simple, clear and effective. Would love to see more.

@ChrisGreer 2 года назад

Thanks for the feedback Michal! I'll get on it.

@SoulJah876 2 года назад

Very cool video - looking forward to the rest.

@muhammadawais5974 2 года назад

Thanks Chris. I appreciate this effort and would love to see more of 'em in this domain.

@nd.b77 2 года назад

Hi Chris. I just want to say that I LIKE THIS KIND OF CONTENT A LOT!👍

@ChrisGreer 2 года назад

Thank you for the feedback!

@robtot1934 Год назад

There are too many words to describe the material you have offered here. Impressive, is one..... your talent to present material, it just makes you the right person for the job... Congratulation

@matimematime2867 2 года назад

Brilliant C.G. Please do more of these. Helps to understand the capabilites of wireshark

@ChrisGreer 2 года назад

More on the way!

@JRenfrow83 2 года назад

That was great, could definitely sit through more videos like this.

@ChrisGreer 2 года назад

More to come!

@maumotec2345 2 года назад

This is not just a high technical valuable content but enjoyable 👏🏻 someone give a award to this man 🙌🏻 as always, amazing content.

@ChrisGreer 2 года назад

Much appreciated!

@alaudet 2 года назад

That's a great site for practicing with infected pcaps. Been downloading and analyzing them to cut my teeth a bit. Looking forward to future videos of files I have analyzed to see how I compare to your methodology. Excellent content as usual.

@bricejackson1576 6 месяцев назад

Thanks Chris, really enjoyed this video! Very informative and to the point!

@CyberNancy 2 года назад

If you're interested in learning about SOC work, this is a fast and great intro into some of the often encountered technology and trends.

@shivadhanrityalaya9328 Год назад

Every video of Chris is an eye opener in packet analysis. To the point.. Thank you very much Chris..

@ChrisGreer Год назад

My pleasure! Thank you for the comment!

@pedrobarthacking Год назад

A good user friendly malware analysis! Congrats! 🏴‍☠️

@chekov6668 2 года назад

Thank you Chris for another brilliant session! Very interesting tip with the ja3 hash and I guess that's the voodoo the new next gen firewall use to identify application level traffic?! I am looking forward to your next videos :-)

@ChrisGreer 2 года назад

Agreed. I'm totally nerding out on JA3 stuff right now. Super cool.

@shruthesh 2 года назад

This was insightful! Please create more videos like this.

@SinisterSpatula 2 года назад

Discovered you from the david bombal video and man, I'm excited to learn from your videos, this one was great! So cool to see malware attacks from a packet level perspective. If they had taken extra steps to use SSL and a normal user-agent string, aside from the foreign IP it might be a bit harder to spot.

@ChrisGreer 2 года назад

Thanks for the comment! Welcome to the channel. Suggestions always welcome. 👍

@Bahlkris100 2 года назад

Definitely love this kind of video Chris. Great content.

@ChrisGreer 2 года назад

Thanks Eric!

@CosmeFulanito008 2 года назад

Thanks Chris for all the information you bring to us, its incredible how much we can do with wireshark! A lot of things that some people maybe didn't know. Please don't stop doing this type of content, i'll be waitint for your next videos. Greetings.

@Das_lst_Gut_Ja 7 месяцев назад

You did an amazing job analyzing this infected PCAP file

@melonscratcher Год назад

Keep making the real world examples, love videos like this.

@vinyldown8490 Год назад

what a dope video dude! thank you so much! I learned so many things from this!

@I_hate_HANDLES 9 месяцев назад

i begin with your master class and try to understand wireshark more and more before actually using it

@xaviervillalobos3958 4 месяца назад

This was great! I'm also taking your wireshark master class on Udemy and it's awesome! Great content. Thanks!

@wie145 2 года назад

Valuable tips from you. Thanks a lot. Look forward to seeing more videos

@ChrisGreer 2 года назад

More to come!

@lorieforchia3896 Год назад

Thank you or making this video. I'm getting a degree in Cyber Security and I'm recommending this to everyone!

@ravenmccoy0440 11 месяцев назад

Mate, you are the pope of the Wireshark 🙏 it’s the greatest video I’ve ever seen about a Malware network activity. Thanks and we need more and more videos! 🤜💥🤛🙌🦈

@ChrisGreer 11 месяцев назад

on it!

@vicky5573 9 месяцев назад

Thank you. Yes, I like this type of training using Wireshark

@mrbrown6421 Год назад

I love this stuff! 45 years ago I would hand disassemble Z80 code to figure out what it did, and then modify it as needed. I spent many hours digging into binary and hex files until I found this thing called a disassembler that converted it to 'readable' mnemonics along with an assembler that would do the opposite. (No internet back then) It was a wonderful place for a curious 18 year old and I loved it and it launched my career into other microprocessors and debugging methods. You, sir, are doing the same thing with that enthusiasm, but I do not know the 'language'! A neighbor flies his drone over my property all the time, and I just wanted to capture his GPS data to prove to the law both his altitude and position over my property. I would be forever thankful if someone could point me in that direction for this data collection effort. I do not know what types of drones he flies, but they are all VERY annoying and it is clearly an intimidation effort considering his darting around while we are outside (9 acres). Many thanks. Mr. Brown North Central Florida.

@kevingendron5586 2 года назад

More content like this, please! This is amazing and scary. Thanks very much for sharing this.

@ChrisGreer 2 года назад

Thanks Kevin!

@zdzisawdyrma3319 2 года назад

This is very good stuff! It's a shame there wasn't material like this 10+ years ago.

@bbowling619 7 месяцев назад

Loving it ! Keep em coming good sir !

@RR-vy7jd 2 года назад

Love it. More malware analysis will be great. Great content thx

@ChrisGreer 2 года назад

More to come! Thank you.

@x0rZ15t 2 года назад

Love those malware analysis videos!!!

@ChrisGreer 2 года назад

Glad you like them!

@fredrikgustafsson7861 2 года назад

This comment isent just for this video, its for your whole channel. Thank you, mr Greer, for everything! You rock brother. Hope all is well and wish you all the best.

@ChrisGreer 2 года назад

Thank you for the comment!

@yhytuncer Год назад

Awesome Video ! You should do more this kind of malware analysis videos with wireshark cause it’s a great skill for defenders

@benoitburdet7869 2 года назад

Yes I liked it !! Your videos are really intesresting. Thank you

@ChrisGreer 2 года назад

Glad you like them!

@Closer80IT 2 года назад

Very clear and interesting!

@ChrisGreer 2 года назад

Thanks for the comment Fab!

@siabelle Год назад

Hello Chris, Love the way you are able to balance on more levels of difficulty and still keep in short, interesting and applicable: you go deep in the packets but seem to avoid long tails where one shoe might fit but than the pathway to the second one zzzzz … btw I learned a lot, enough to be able to identify my ex-boss -as the sneaky-creep-hacker who harassed me more than a year- I would never ever have know whiteout your video’s- thank you Mr C. next week -

@tranxn7971 2 года назад

That was very good thanks, this new malware analysis is really interesting.

@ChrisGreer 2 года назад

Glad you liked it!

@vijay85cisco 2 года назад

why iam thankful to chris. because his video and sharing his knowledge saved me in my career many times.. when my application team easily pointing anything to my network team.

@ChrisGreer 2 года назад

Thank you for the comment!

@zdrasbuytye Год назад

I love this guy. Thank for your time

@jarbystark 2 года назад

Great video as always. spent 4 hours looking for malware in my network and cant stop ;))

@ChrisGreer 2 года назад

Nice! Keep going!

@joerockhead7246 2 года назад

That was so cool. Would love to see more. Thank you.

@ChrisGreer 2 года назад

You got it! Thanks Joe.

@sugaobilboa 2 года назад

I really enjoyed your video! Thank you very much for posting such incredibly interesting stuff! We want more!!! 😀

@ChrisGreer 2 года назад

Well more you will get! Thanks for the comment.

@thiagocaval8799 2 года назад

Great work Chris, thanks.

@cryptoknight5927 2 года назад

Pretty good infos. Thank you chris, i hope to know more about you actual career and how can i get useful from this great informations

@alaahaider 2 года назад

Man… that was excellent video. You are a super star 🌟

@ChrisGreer 2 года назад

Thanks for watching!

@ruttalaabhinav8105 Год назад

Looking forward for more malware analysis with wireshark

@isabelledelmas5332 Год назад

Excellent content, very informative. Please, create more of those!

@ChrisGreer Год назад

Thanks, will do!

@nourmaslouhi3183 2 года назад

Genious. Like these type of videos will be very helpful identifying which type of malware by just using pcap file. Please post more videos.

@ChrisGreer 2 года назад

Thank you!

@AlexDan123 4 месяца назад

Just discovered you, thanks for a great guide. i hope you make more security analyst related videos.

@bakri99 11 месяцев назад

Awesome! Love this kind of videos, we need more like this 👌👌

@skynet.yousha 2 года назад

Amazing lectures, this will help me in my Network forensics analysis cases. Really you make my life much easier.

@ChrisGreer 2 года назад

Glad to hear that!

@duscraftphoto 2 года назад

This was great! About to check out the GeoIP video!

@ChrisGreer 2 года назад

Awesome! Let me know if you like that one. Watch out for my cat to make an appearance on that one too. :-)

@duscraftphoto 2 года назад

@@ChrisGreer ha ha! I saw that and it reminded me of a buddy of mine when I worked at Apple who had two cats that were in all of his video calls. Great content, on your channel, Chris. I never cared to really mess with Wireshark until I found your channel and now I'm wanting to learn all I can about packet analysis! Thank you for making amazing content and keep it up!

@ChrisGreer 2 года назад

@@duscraftphoto Haha - awesome. Hey be sure to check out my new Udemy class when you get a chance - bit.ly/udemywireshark - it's full of this kind of stuff!

@IamKhoramdin 10 месяцев назад

Amazing, i really enjoy and learned alot

@patrickspaceman305 9 месяцев назад

Glorious work, thank you.

@madayag408 Год назад

I love your videos. I'm learning a lot. Thank you.

@ChrisGreer Год назад

Great! I am having a bunch of fun making them.

@madayag408 Год назад

@@ChrisGreer keep it up! We love more!

@onrcrn 2 года назад

Great!! Thank you Chris

@utkarshmishra1928 Год назад

Brilliant video Chris!!!!

@majiddehbi9186 2 года назад

Woow Chris u are so generous with knowledge u share this the way that gentil People act thx a million a god bless u

@ChrisGreer 2 года назад

Glad you liked it! Thank you for the comment!

@majiddehbi9186 2 года назад

@@ChrisGreer Just to add something in medcin the radiologist is the Guy who see the inside thé organs. And it s the same for u see inside thé packets (data) u heal thé network :)

@ChrisGreer 2 года назад

@@majiddehbi9186 Very true! Thanks for the interesting comment.

@danmcd490 Год назад

Love this walkthroughs

@PalazonPhotograpy 2 года назад

Hi, your lessons are really great ! thanks and please keep doing it. I have a question for You...what will your first reaction if when doing a capture of a pc you see no tcp packets ? beacause i got the pb in my network... for one pc i only see NBNS, MDNS, LLMNR but no TCP... i'm a bit confuse...

@ltfdagci666 День назад

Thank you for this informative video. ❤

@saikiranlingadally1036 Год назад

Great Video Love These videos!!!

@SeroeKrevedko1 2 года назад

Great content Mr Greer, thank you. Why attackers use plaintext for transmitting sensitive information?

@dezejongeman 2 года назад

awesome; more of this please!

@user-to8pm7ng1d 4 месяца назад

such a wonderful explanation.......

@anders6671 2 года назад

This is awesome! More of this!

@ChrisGreer 2 года назад

Ok will do!

@albertescaraugustin3981 Год назад

Yes I love it , make more of this

@mrj4264 Год назад

Loved the video, just wished you went more into details such as how to remove the malware (such as what ips to blacklist).

@Love-yv1fc Год назад

Excellent work sir❤keep it up😊

@DEDEPLDEDE 10 месяцев назад

Nice video Chris. Where to find the updated database of JA3 hashes ?

@jj691 Год назад

Love these videos, you are truly an amazing teacher!

@vyasG 2 года назад

Thank you Chris for this exciting video. Loved the content. Will you be adding more videos to the "Masterclass" playlist?

@ChrisGreer 2 года назад

Hey Vyas! Probably not - now that the Udemy course is out there - bit.ly/udemywireshark

@osmantuncbilek4031 2 года назад

Thank you, this video is very helpful.

@ChrisGreer 2 года назад

Glad it was helpful!

@zoranzasovski 2 года назад

Great video Chris!!!

@ChrisGreer 2 года назад

Thank you!

@otienofredrick9972 Год назад

Thank you very much, Mr Chris. Please make a series of such videos for malware analysis using Wireshark.

@ChrisGreer Год назад

I need to add more on this topic, I know!

@otienofredrick9972 Год назад

@@ChrisGreer Thank you sir, I will really appreciate it! You just don't know how much you have helped me with your videos...You're impacting the world! Thank you once more Mr Chris. God bless.

@jrelic Год назад

Hey Chris, nice video. I've been practicing Pentesting on my VM's on VMWare. Any videos available for that type of scenario--seeing a hack in real time through Wireshark? Or at least, detecting one after the fact through Wireshark?

@viktor.madarasz 2 года назад

Need more of this