Extracting ZIP files from PCAP with Wireshhark & NetworkMiner, plus analysis with CyberChef

preview_player
Показать описание
Extracting files from network traffic is a common task. However, it isn't always as straight-forward as you may hope. In this video, we'll look at extracting a ZIP file from a PCAP. The ZIP file was a means of data exfiltration from some malware. We'll discuss how to extract the ZIP in Wireshark and NetworkMiner. We'll also discuss using CyberChef to convert the raw bytes from the network traffic, unzip the file and view the contents.

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
  1. Dr Josh Stroschein - The Cyber Yeti
  2. cyber
  3. cybersecurity
  4. training
  5. malware
  6. malware analysis
Рекомендации по теме
Extracting ZIP files 0:06:51

Extracting ZIP files from PCAP with Wireshhark & NetworkMiner, plus analysis with CyberChef

Extracting Files from 0:05:03

Extracting Files from PCAPs with Wireshark // Lesson 9 // Wireshark Tutorial

Wireshark - Extracting 0:02:05

Wireshark - Extracting .zip file from TCP packets in a wireshark capture/pcap/pcapng

How to download 0:05:29

How to download files from a Wireshark capture. (Follow TCP Stream)

Wireshark Quick PDF 0:06:04

Wireshark Quick PDF Intercept

BASIC WIRESHARK - 0:02:22

BASIC WIRESHARK - EXTRACT IMAGE FROM PCAP FILE IN HTTP PROTOCOL AND RECONSTRUCT WITH HxD

Open or record 0:05:00

Open or record a Pcap or Pcapng file in Wireshark

Examining Intercepts:Finding hidden 0:30:20

Examining Intercepts:Finding hidden flag using scapy to retrieve data in DNS & breaking a ZIP ...

28. Extract files 0:02:49

28. Extract files from FTP using Wireshark

ZIP File Magic 0:08:05

ZIP File Magic Bytes | PicoCTF 2017 [41] 'Missing Identity'

Learning Wireshark - 0:17:29

Learning Wireshark - Analyzing a pcap file Ep:1

Using Packaged Analytic 0:02:48

Using Packaged Analytic to Create Quick Summary of PCAP and Extract File

Decrypting HTTPS Traffic 0:15:49

Decrypting HTTPS Traffic With Wireshark

HSCTF - Hiding 0:04:23

HSCTF - Hiding in ZIP Files (LockedUp)

Analyzing PCAP Files 0:02:09

Analyzing PCAP Files With NetworkMiner

PicoCTF - Trivial 0:15:19

PicoCTF - Trivial File Transfer Protocol - File Forensics - Pcap File extractions

How hackers crack 0:05:23

How hackers crack ZIP files password? - TOO EASY! (Educational Purposes ONLY!)

WCT02-S6: Open Various 0:15:39

WCT02-S6: Open Various Trace File Types [WCT02: Introduction to Wireshark Course]

Extract GZ File 0:01:26

Extract GZ File - Instructions gz unzip

Analyzing the live 0:09:27

Analyzing the live capture using Wireshark

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

How hackers crack 0:09:07

How hackers crack password protected ZIP files

How To Get 0:35:16

How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN

Bryobio Network Pcap 0:04:25

Bryobio Network Pcap File Analysis: Uncovering Insights and Patterns

Комментарии
Автор

In every video I learn something new !!!, I'm really appreciate this, thank you

Manavetri
Автор

This was a good one. I didn't know that unzip was also available in cyberchef. Thanks!

stunnx
Автор

Well explained and easy to follow! Definitely going to check out your other videos

ryanleong
Автор

This protocol used in Enthiran (Robot) Movie 😅

SasidharanCS
Автор

The extraction and the unzip functions, where is the difference? Is the extraction based on extracting application data bytes after separating delimiters, null/padding values etc from raw data? I mean when I run an Hex through extraction which is supposedly a PKZIP, it gives out doc files, so are there overlapping functionalities?

kunalforvideos
Автор

Hi Josh,

thanks for the video.

I'm new to Wireshark. I wonder how to extract a PDF file from a .PCAP file?

Cheers!
Michael

mtan