Wireshark

Video: TrickBot and ETERNALCHAMPION
Erik Hjelmvik | | CapLoader, Emotet, ETERNALCHAMPION, HybridAnalysis, malware-traffic-analysis, Network Forensics, NetworkMiner, pcap, TrickBot, trickster, video, videotutorial, VirusTotal, Wireshark
This video tutorial is a walkthrough of how you can analyze the PCAP file UISGCON-traffic-analysis-task-pcap-2-of-2.pcap (created by Brad Duncan). The capture file contains a malicious Word Document (macro downloader), Emotet (banking trojan), ...

Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?
David Sopas | | android, BLEAH, Blog, data exfiltration, Internet of things, iot, mobile application, Smart Bulbs, Sniffing, Technical Blog, Ubertooth, Wireshark, Zengge
Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and ...

Reverse Engineering Proprietary ICS Protocols
Erik Hjelmvik | | BSI, Dragos, ICS, Nozomi, pcap, protocol, reverse, SCADA, SEC-T, snort, Steve Miller, TRISIS, TriStation, triton, Wireshark
One of the highlights at this year's SEC-T conference in Stockholm was Steve Miller's talk titled 'Reversing the TriStation Network Protocol'. In this talk Steve covered his quest to better understand the ...

Interesting Screenshots at Revolution 3 Tour
Recently, my wife and I attended the Revolution 3 tour with Stone Temple Pilots, Bush, and The Cult. During Bush’s set, we heard “This is War” from the deluxe edition of 2017’s ...

Free tools: Internet traffic monitoring
Pieter Arntz | | bitmeter, fiddler, network monitoring, resmon, tcpview, technology, url revealer, Windows, Wireshark
There are many reasons why you might want to start Internet traffic monitoring, especially if you're a security enthusiast or amateur analyst. We list some free tools that have different use cases ...
Searching for a needle in a pcap haystack with pyshark
Faced with a bit of a challenge recently: I had a large (multi-megabyte) packet capture file from Wireshark and needed to extract information from the start of each SSL/TLS session in the ...