Hacker hunting with Wireshark (even if SSL encrypted!)
Рет қаралды 257,866
Күн бұрынThe packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks.
// PCAP download //
Get the pcap here: malware-traffic-analysis.net/...
// Websites mentioned //
ja3: ja3er.com
If ja3er doesn't work, try this site: sslbl.abuse.ch/ja3-fingerprints
Malware Analysis pcaps: malware-traffic-analysis.net
//CHRIS GREER //
Wireshark course: davidbombal.wiki/chriswireshark
Nmap course: davidbombal.wiki/chrisnmap
LinkedIn: / cgreer
KZfaq: / chrisgreer
Twitter: / packetpioneer
// David SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZfaq: / davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Intro
04:24 - Sharkfest / DEFCON
05:55 - What is Threat Hunting?
07:33 - Why threat hunt with Wireshark?
10:05 - What are IOCs
10:30 - Why should we care?
12:23 - Packets/PCAPs
18:48 - 'Low hanging fruit'
21:10 - TCP Stream
27:29 - Stream
35:00 - How to know what to look for?
37:49 - JA3 Client Fingerprint
41:25 - ja3er.com
48:08 - Brim
52:20 - TSHARK
58:50 - Large Data Example
01:04:00 - Chris' Course
01:06:20 - Outro
malware
hacking
hacker
wireshark
udp
http
https
quic
tcp
firewall
firewall quic
quic firewall
threat hunting
hack
hackers
blue team
red team
tshark
chris greer
http
https
ssl
nmap
ja3
ja3 ssl
ssl fingerprint
nmap tutorial
defcon
sharkfest,
acket analysis
wireshark training
wireshark tutorial
free wireshark training
wireshark tips
wireshark for beginners
wireshark analysis
packet capture
wireshark tutorial kali linux
wireshark course
introduction to wireshark
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#malware #hacking #wireshark
@davidbombal Жыл бұрын
The packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks. // MENU // 00:26 - Intro 04:24 - Sharkfest / DEFCON 05:55 - What is Threat Hunting? 07:33 - Why threat hunt with Wireshark? 10:05 - What are IOCs 10:30 - Why should we care? 12:23 - Packets/PCAPs 18:48 - 'Low hanging fruit' 21:10 - TCP Stream 27:29 - Stream 35:00 - How to know what to look for? 37:49 - JA3 Client Fingerprint 41:25 - ja3er.com 48:08 - Brim 52:20 - TSHARK 58:50 - Large Data Example 01:04:00 - Chris' Course 01:06:20 - Outro // PCAP download // Get the pcap here: malware-traffic-analysis.net/2020/05/28/index.html // Websites mentioned // ja3: ja3er.com Malware Analysis pcaps: malware-traffic-analysis.net //CHRIS GREER // Udemy course: davidbombal.wiki/chriswireshark LinkedIn: www.linkedin.com/in/cgreer/ KZfaq: kzfaq.info Twitter: twitter.com/packetpioneer // David SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZfaq: kzfaq.info // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
@Twdsheikh2931 Жыл бұрын
Please make a video on how to install ubuntu 22.04 with gui in wsl2
@Twdsheikh2931 Жыл бұрын
Please make a video on how to install ubuntu 22.04 with gui in wsl2
@Twdsheikh2931 Жыл бұрын
Please make a video on how to install ubuntu 22.04 with gui in wsl2
@Twdsheikh2931 Жыл бұрын
Love from India Please make a video on how to install ubuntu 22.04 with gui in wsl2
@Twdsheikh2931 Жыл бұрын
Love from india
@ChrisGreer Жыл бұрын
Wireshark is a great threat hunting tool! Had fun digging with David into the packets with this one.
@davidbombal Жыл бұрын
Thanks so much for sharing your knowledge and experience with us Chris! Looking forward to more and especially the course :)
@mrskeptic9957 Жыл бұрын
@@davidbombal Thank you both for everything you do :)
@JohnMandersonBM Жыл бұрын
Hey Chris, how do you get endpoints to show country?
@ChrisGreer Жыл бұрын
@@JohnMandersonBM Map IP Address Locations with Wireshark (Using GeoIP) kzfaq.info/get/bejne/f9KGo9Od2r24eKs.html here is a video of how to do it.
@admar-nelson Жыл бұрын
Спасибо за урок!! Thanks for lesson!!! Obrigado pela lição. Não tenho palavras!!
@francorreaccna 7 ай бұрын
I love how professionals are both the way they talk and kind of complement each other with their personalities
@djdawso Жыл бұрын
I know Chris mentioned it a few times, but I think it's worth emphasizing that one of the most powerful skills in all Wireshark analysis is just scanning through a capture file looking for things that seem even a little bit unusual. Pretty much all the other smart Wireshark people, such as Kary Rogers, Jasper Bongertz, Hansang Bae, and Laura Chappell, preach this as well. This is one of the main reasons for just looking at a lot of capture files as Chris also suggests (even just normal traffic), since it gives you the experience to more quickly recognize more things that may be out of the ordinary. Yet another excellent video, David & Chris. Well done!!! Also one little note: "sort -u" does the same thing as "sort | uniq"
@Sound_Stable Жыл бұрын
Using Wireshark on your home network will make you want to throw out all of your smart devices. So many apps on your smart devices request things like voice and camera data when they have absolutely no associated functionality or reason to be doing so. It's very alarming.
@GuardDog42 Жыл бұрын
Thanks for the heads up dude
@billzade8158 9 ай бұрын
The more I read and learn about Blue Hatting and Purple Hatting, the more I feel like that is where I want to go. Red Team is super cool, but all the blue team threat hunting stuff is intensely interesting and cool. I know that learning how to Pen Test is a vital part of really building a great defense, I am really excited to keep diving into Cyber Security. I'm going through a Software Development Degree in College, and I am seriously considering adding a Cyber Security minor. Thank you gentlemen for the excellent discussion and lesson
@ronin2167 Жыл бұрын
I had a short course years ago in Wireshark with Laura Chappell. I have a signed copy of her book. It was an awesome class. She showed us how to set up all sorts of filters for Wireshark, but I never really used it and forgot it all. LOL
@davidbombal Жыл бұрын
lol... Wireshark gives you a lot of power! Well worth learning how to use it.
@mo938 Жыл бұрын
Curl is not kernel level…..it’s a command line tool. It’s odd to see bc it’s a web request not coming from a browser.
@robtot1934 Жыл бұрын
David, you have managed to bring so many talented experts to your channel, including your experience accumulated over the years... Thank you for your contribution
@verolyn8459 Жыл бұрын
David and his friend is giving us another level of knowledge again.
@davidbombal Жыл бұрын
Thank you Verolyn! Chris is absolutely amazing! Grateful that he is sharing his knowledge with all of us :)
@onikira3115 Жыл бұрын
for some reason Wireshark was never one of the best tool I would have liked to use in the future but now my Perspective in viewing this tool has been far broadened😅 Thanks David and also much thanks to Chris
@dokkin9549 18 күн бұрын
I'm a student and I really appreciate and understand this content. Im still longway to go to obtain such skill and knowledge. hope more vids like this
@massterrbarber 4 ай бұрын
Great content and I’m a master barber 💈 and I have been on the edge of my seat from the very beginning to the end so this is how it gets done and it’s been interesting to watch so I’m thinking about doing this as fun 🤩 and like you said a beginner tech guy could get lucky 🍀 so my goal is to understand the hunt. Thanks 🙏 for being your self.
@fun_iqp Жыл бұрын
I think is absolutely necessary to understand packets in order to prevent new forms of malware, and not just with WireShark, NetScat or tools alike. But having a great knowledge abput network with these kind of tools should be great for counterattack and hunting, so I demand a full master course from this brilliant gentleman so I can put my own blue cap on :)
@BobBob-qm2bm Жыл бұрын
Thanks David and Chris for sharing the knowledge and providing relevant content. Wirewatching is real and relevant separating the good beans from those that are bad👨💻
@davidbombal Жыл бұрын
You're welcome! We can all learn so much from Chris :)
@shadowcipher4068 8 ай бұрын
Good stuff. This guy Chris Greer is awesome. Thanks, both of you.
@Ebi_J Жыл бұрын
Thank you David. I find that whether you are the one sharing or a guest, I always leave each video much more knowledgeable and wanting to know more.
@rustybolts8953 Жыл бұрын
I am old enough to recall the days when even at MIT, the password was usually "Password" or just hit enter. How far we have come since those days.. This is by far the best anti hacking videos I have seen so far. Thanks David.
@SupItsJ Жыл бұрын
David, this channel is so underrated. You take real world threats and break them into understandable bits that average users can grasp. Whether or not they believe the threats are actually more common than not is another topic, but trust that this man is peeling back the layers of otherwise invisible crimes that are common. Taking a few easy steps can put off attackers to move on to easier prey, just takes some getting used to getting into new, safer habits.
@JonDoe-gi5zf 8 ай бұрын
How is it underrated? He has over 2 million subs 😂😂😂
@SupItsJ 8 ай бұрын
Should be 20 million. As an IT security pro and graduate I have seen and attended lots of classes, but the planning in David's content is evident in the presentation and engagements.@@JonDoe-gi5zf
@temynator 6 ай бұрын
I'm liking that Shark 🦈 stuff man!! I'm actually taking the Google IT support certificate! 😅
@Stuloud 9 ай бұрын
Wow, This fascinates me. I have always thought that looking at what your machine or network is sending out is the key to finding whether you are compromised or not. I am an old newbie at this. David your channel ROCKS!
@OLDMANDOM42.Dominic Жыл бұрын
WOW! I have been in IT for over 25 years. This guy just got me interested in another facet of IT.. just splendid! Thanks!
@bAd-sf7iu 5 ай бұрын
Thank you for your great lecture!! I and my friends and neighbors have been hacked by a hacking group. I can find a hacking clue, because Chris and David teach sophisticated method. I expect your next great teaching movie for hunting hackers!
@DirtyChungus Жыл бұрын
Went to a workshop Chris hosted at DefCon 30, it was awesome! Learned so much
@rajneeshrai1781 Жыл бұрын
Another episode... Time to grab the packet cap 🧢 💯
@davidbombal Жыл бұрын
Hope you enjoy the video Rajneesh!
@MarathonMade 2 ай бұрын
watching this im thinking to my self and someone whos just started learning "I can learn and do this" :) thank you two for this video 1 year ago
@Uncle_Buzz 3 ай бұрын
Chris Greer, putting the FUN in fundamentals.
@Uncle_Buzz 3 ай бұрын
... or is it the mental... ?
@criptovida 9 ай бұрын
Thanks Chris and David putting this together, really amazing to brush up the packet analysis skills.
@sidalexis Жыл бұрын
Currently studying Chris Greer's Wireshark course on Udemy. Fantastic experience
@jzk224 11 ай бұрын
Great video. I just spent months on a QUIC baddy for a big org. Thanks and I’ll definitely check out your channel
@cryptombt5880 Жыл бұрын
Fantastic video, David. Thanks to Chris also. God, I learnt so much from this video. I'm frequently doing scans on my home network to what is I class as normal traffic etc. Just fantastic video
@davidgreening173 Жыл бұрын
Nice channel. Fellow analyst pointed me here a few days ago. First thing I recognised, the SA accent.
@jasonb2221 Жыл бұрын
Thank you David amd Chris, this was awesome! I don't know about you guys, but I can't wait to see Chris showcase his tshark custom scripts course.
@dummyload7803 7 ай бұрын
wow, that was very interessting. People call me a hacker sometimes only because i know the "anykey" :) After this video i learned i know nothing. Never used wireshark however i am familiar with the programname. Too little time left to learn all the stuff that is out there
@bAd-sf7iu 5 ай бұрын
Thank you for your great lecture!! I am a victim of hacking. I can get hacking clue, because David and Chris taught sophisticatid method. I hope you upload further method for hunting hackers!
@tjmarx Жыл бұрын
I like this cut much better than some of your earlier videos. Very frequently these interviews seem to ramble, get a little repetitive and unstructured. I really enjoyed how the cut improved that in this video. Whoever the editor is give them a big thumbs up.
@duscraftphoto Жыл бұрын
As always, amazing content from David and Chris. I found this one especially interesting because I’ve been working on writing malware (to see if I can ha ha) and seeing the traffic at the packet level is awesome. Keep it up and ROCK ON!
@davidbombal Жыл бұрын
Thank you! Glad you enjoyed it Dustin :)
@francon9586 8 ай бұрын
Awesome video. Thanks Chris and David for putting this out there.
@augustedrifande6017 7 ай бұрын
It's really a superb video, obvious to someone with little experience, clear and audible, really great work, I love this kind of content, many thanks :-). (Addressed to David Bombal and Chris Greer).
@oshalabashiya9058 Жыл бұрын
I’m 14 minutes in and I’m so stoked that you guys are doing this video. There is nothing I would rather be doing right now. Thanks dudes!
@joerockhead7246 Жыл бұрын
Thanks, David, & Chris, this was a great episode. I really enjoy when you have Chris on.
@davidbombal Жыл бұрын
Glad you enjoyed it Joe! Chris is amazing :)
@pivot3india Жыл бұрын
the extent to which we can analyse the packets and go deep inside is making me ready to take the course. thanks for all your efforts.
@davidbombal Жыл бұрын
You're welcome Abhishek!
@Awooga765 Жыл бұрын
Whoa! I remember doing this level of analysis in graduate school. I loved it but was told by others that this wasn't an in-demand skill.
@lora4624 Жыл бұрын
What?? Why wouldnt it be?
@jasonb2221 Жыл бұрын
@@lora4624 I was thinking the exact same thing. Why wouldn't knowing how to detect malware and know how it operates in a deep level not relevant in today's cyber space?
@TS-jd6rh 7 ай бұрын
David's podcasts are always fun, interesting and valuable topic thank you for inspiring to get back to learning about cyber security.
@madankhatri2080 Жыл бұрын
Nice video David, Please invite digital forensic hackers
@davidbombal Жыл бұрын
Great suggestion :)
@MrBitviper Жыл бұрын
thanks for another insightful video David this is an awesome collaboration. hope we'd get to see more
@buraksahin7297 Жыл бұрын
Thank you so so much David and Chris. You are the best! Appreciate it :)
@centralscrutinizer5116 Жыл бұрын
Hey David. Yet another great video. Just so you know, I watch MOST of your videos on the youtube app on my smart tv. Unfortunately, I can't like, subscribe or comment on videos when viewing them this way( I don't log into youtube there). Therefore, only about 1 in 10 videos get a like by me, but the truth is, I like them all!!!
@cwain96 7 ай бұрын
This is GOLD! Thanks to you both for the extraordinary work you do AND teach!
@roadkill1896 Жыл бұрын
Brilliant video! Wireshark always seems overwhelming and somewhat intimidating to me, this at the very least shows you how you can effectively use it to threat hunt with some simple processes. Well done!
@davidbombal Жыл бұрын
Chris is amazing :)
@upup5133 Жыл бұрын
My man... This is awesome for those who has time to watch... Even for me cuz I can't wait to watch your another video. Content is amazing and I really like it, keep it going David!!!
@druzzzzzz Жыл бұрын
This was a fantastic video! I could not see the JA3 fingerprint on my version of Wireshark, will be trying to figure out how to add it to the packets. I will definitely be looking for Chris Greers course on this, I had fun.
@kmonto1971 Жыл бұрын
@Chris Greer - it was great meeting you at DefCon this year. Great class as well.
@ChrisGreer Жыл бұрын
You too! Great to meet you and thanks for watching/commenting!
@isaacfalero 6 ай бұрын
The quality of this video is off the charts! Thank you both for your work.
@jesussaeta8383 Жыл бұрын
Great great stuff you guys, you’ve got my creative juices flowing……thank you both very much.
@factoidsandquotations Жыл бұрын
One of my favorite videos David, this guys good.
@tawabullas5058 Жыл бұрын
We need more contents like this
@davidbombal Жыл бұрын
Chris is working on a full course :) Hopefully also get him back on the channel soon.
@Abdirahmaann Жыл бұрын
@@davidbombal What is that’s course David can you name that course Chris doing
@ballons789 11 ай бұрын
Hi David. Recently passed my CCNA and started learning about wireshark by following Chris Greers videos. I wanted to learn more about networking at the packet level but now im hooked with threat hunting. Finding out what could be lurking in your network it’s exciting. Have you guys dropped the threat hunting course?
@Supahelt98 7 ай бұрын
Thanks to you both for creating such valuable content!
@romemadali84 Жыл бұрын
i really love how Chris Greer explains pcap
@cacurazi Жыл бұрын
Amazing content... Thanks David & Chris
@Lucas-md8gg Жыл бұрын
Thanks for the content! Chris is awesome!
@refaiabdeen5943 Жыл бұрын
Cheers Guys. That was Awesome and amazing to watch and understand as much as possible. Looking forward to more of this content.
@Glenners Жыл бұрын
I love Chris! He's always got the nitty gritty useful info.
@davidbombal Жыл бұрын
Chis is great!
@muhammadabdul7696 Жыл бұрын
Perfect Timing!
@davidbombal Жыл бұрын
Hope you enjoy the video Muhammad!
@muhammadabdul7696 Жыл бұрын
@@davidbombal sure will do.. Thanks a ton 🙂Chris and David
@Dani-cr7cj Жыл бұрын
Amazing video, thank you Chris and David for this amazing content.
@davidbombal Жыл бұрын
You're welcome!
@fahmimohamadramadhan3978 Жыл бұрын
What a great video, helps A LOT in the beginning.
@coolboy288 Жыл бұрын
Thanks Chris and David for this very informative session.
@davidbombal Жыл бұрын
You're welcome!
@Pursuitdnb Жыл бұрын
Great video! Thanks David and Chris!
@eyup8267 Жыл бұрын
Thank's you David for informations 🌙
@MichaelSmith-bi8pc 6 ай бұрын
A really useful video. Thesis is so powerful and every day is a learning day. Have an anan 8000fle. Glad I have not updated sunsdr2 software form vs2.only thing I miss on thesis is recording band activity and the ability to variably change FM rx bandwidth
@williambarrett7108 Жыл бұрын
Thank you so much for these videos! How do you load P-caps into wire shark? That nuts and bolts kind of content would be great!
@peacefulencounters9466 7 ай бұрын
Great content David and Chris
@evodefense 8 ай бұрын
Amazing video thank you for this video!
@mahato-khushboo19 8 ай бұрын
@chrisGreer, Thanks for the such a wonderful information. I am little bit confuse like if I use the Wireshark in production environment then how to capture the packets to analysis any malicious traffic on daily basis ? Is there any function in Wireshark so that we can analysis and filter out the all the malicious easily? And provide some kind of alert alram or notification something like that.
@michelantoniovio934 Жыл бұрын
@Chris Greer you're amazing. I'm always watching your videos. Congrats!!! David thanks a lot to share this content with us...
@davidbombal Жыл бұрын
You're welcome!
@jmatuus Жыл бұрын
This is public service! Thank you!
@majiddehbi9186 Жыл бұрын
Great duo as always thx for ever and god bless u
@dirty9496 6 ай бұрын
Love the videos! Can you guys make one that is dedicated to setting up Wireshark profiles?
@alexandrohdez3982 Жыл бұрын
Previous video and this are GREAT. 👏👏👏👏👏
@m3ntas Жыл бұрын
Amazing video David!!! I learned a lot! :) Thanks Chris too, you are a Gigachad!
@canoozie Жыл бұрын
Cowboy is a popular web server in the erlang world, so Server: Cowboy doesn't immediately raise a red flag on its own, but also that web service puts headers in lowercase, so not seeing it as server: Cowboy does trigger curiosity.
@satoshiborishi6898 3 ай бұрын
Great tutorial with a real life example!
@anjanbora7943 8 ай бұрын
Best hacker channel on KZfaq ❤
@hacmuratkaraman1583 Жыл бұрын
Thank you David.
@sid8880 Жыл бұрын
Hi David, thanks for setting this up with Chris, I’m just starting off with wire shark and have already purchased your Udemy core skills course, its on my to do list! Was just looking to purchase the joint one ‘getting started’ In which order do you recommend completing?
@danjoseph5707 Жыл бұрын
Really informative video. Thank you
@dustinhxc Жыл бұрын
Extremely entertaining and informative!
@johnsnow1062 Жыл бұрын
Thank you so much for the lesson
@privateinfo4820 Жыл бұрын
Trying to follow along.. and possibly purchase some of Chris' training, but I notice on my Wireshark installation VM on our domain (domain admin rights) my country columns aren't populated at all (when viewing endpoints to check for nefarious countries). Am I missing a cfg or something somewhere??? Thanks for this video - very helpful!!
@puetzranch Жыл бұрын
Great info! Thanks for sharing.
@Twdsheikh2931 Жыл бұрын
@David Bombal Thanks , from india, myself farhan, studying in 10th std and also learning ethical hacking and Networking and coding my age is 17 , i am goona start learning linux and I think ubuntu is a very beginner Friendly linux Distribution , and also its gui is Fantastic, i don't wanna install it manually, Please Dear david sir, There are many People who want ubuntu 22.04 not 20.10 running in windows with wsl2 Make sure you will make a video on it, Your content is helpful and awesome. I Always learn something new from your video Love from india, Farhan😍😍😍❤💓
@nickadams2361 Жыл бұрын
Second video I've watched on the channel. You def have a different style. The videos are longer but there's much more depth, I enjoy it better than 12 minute in your face videos with a strange thumbnail
@kialim Жыл бұрын
Chris, what are your views on Network Detection & Response (NDR) solutions? What are your thoughts on enterprises moving to the cloud? How do you perform threat hunting in such an environment. Thanks!
@handymangirl6018 7 ай бұрын
This video was awesome. Question? When you found that malware threatbot thingy how do you then get rid of it
@gtoo9499 8 ай бұрын
OMG u Asome! Thank you for your video, this is really helpful =)
@harahatchi9923 Жыл бұрын
Great subject and wish to dive on similar subjects in future episodes. BTW I prefer wired earsets lool : D
@ricosan7341 Жыл бұрын
David. I like your channel.
@ihatesignupsgrrrrrrr 9 ай бұрын
Sad to say that the 'high' hanging fruit is the ones you may especially want to be looking for when working for a large corporation such as a financial institution or the like... I'd say there are several layers of security that can protect the low-hanging fruit without packet analysis, yet if you are the IT admin of a company, you will have many using your system that may not be that wise to protect against such, leaving the low-hanging fruit type of attacks important to find!
@MrWwatsonn Жыл бұрын
Hi Chris, what did you install to show the country in wireshark ?
Chris Greer
Рет қаралды 81 М.
Oscar's Funny World
Рет қаралды 134 МЛН
VideoFromSpace
Рет қаралды 35 М.
Haitham Ramadan
Рет қаралды 7 М.