SBN

Top 10 Uses of Wireshark for Hackers Part II

EH-Net - Chappell - Top 10 Uses of Wireshark for Hackers Part IIIn a world… OK, just kidding. This isn’t a movie trailer. However, the ever-increasing sophistication of attacks on our networks is no joking matter. To bypass firewalls, IDS/IPS, EPS, DLP and a plethora of solutions aimed at stemming the tide, criminal hackers are upping their game regularly. It’s up to us in the ethical hacking world to keep up both in understanding their attacks from an offensive perspective (red team) but also how to then find them for future prevention from the defensive side (blue team). In the end, all of the evidence is right there in the packets somewhere. You just need the advanced skills to help you and your team become the movie stars of your organization. Good thing we have the best tool in Wireshark for the job, and extensive research and experience on that tool to show you the Top 10 Uses of Wireshark.

In Top 10 Uses of Wireshark for Hackers Part I, we started with a crawl by creating a baseline and some passive discovery hacks. We then detected suspicious traffic on the network and later reassembled the traffic elements to pick out some particularly interesting content. Here in Part II, we force Wireshark to properly dissect traffic that is using a non-standard port number and add some columns to speed up the detection of a malicious HTTP redirection. We will finish up by decrypting TLS traffic and creating a trace file that contains an embedded TLS session key for easing interactions with other team members. It’s time to get your advanced Wireshark skills a kick in the pants with 5 more hands-on hacks. Are you ready for some network forensics swagger?


EH-Net Live! Aug: Join Laura Chappell forWireshark for Hackers on Thurs Aug 29 @ 1:00 EDT.

EH-Net Live! January 2019 - A Perfect Crime


NOTE: Trace (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Laura Chappell. Read the original post at: http://feedproxy.google.com/~r/eh-net/~3/10lUT-bYmB8/