Incident Response Training Course, Network Forensics, Day 13

Показать описание

In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-13 and I will show you a real SOC Incident that came from SIEM tool where one of the internal machine is identified behaving abnormally. In this episode, I will show you how can you efficiently and quickly perform the network packet analysis and identify- The Details around the infected host, IP address, domain, users logged in etc. Also, I will show you how can you easily triage to identify what is the malware family if this alert is a True Positive.

We will take 2 such real usecases and I will show you how both the packets turned out to be having presence of Malwares like- Agent Tesla, QuackBot and Hancitor. We will discover everything from the packet analysis.

Analysis of the infection traffic requires Wireshark or some other pcap analysis tool. Wireshark is my tool of choice to review pcaps of infection traffic. However, default settings for Wireshark are not optimized for web-based malware traffic. So in this episode, you will learn some tricks to optimize the filters, tricks to export objects etc. So, if you want to become master in analyzing network packets and looking for easy tricks and techniques to perform network forensics, watch the full episode.

Tools I have used in this Episode-
👉 WireShark
👉 HUNt3r- Malware Analyzer Tool (Coming Soon!)

🙏CREDIT
-------------------------------------------------------------------------------------------------------------------------
Thanks to Brad Duncan for sharing the pcaps! Please download them from below links-

🔴DISCLIAMER
-------------------------------------------------------------------------------------------------------------------------
Of note, the pcap from this repository contains actual Windows-based malware within the traffic. That poses a risk of infection when reviewing the pcap on a Windows-based host. I recommend people review the pcap in a non-Windows environment.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------

⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Introduction
0:58 ⏩ Usecase1(QuackBot)
5:08 ⏩ Usecase1 Packet Analysis
24:16 ⏩ Usecase2(Agent Tesla, Hancitor)
25:39 ⏩ Usecase2 Packet Analysis
40:27 ⏩ Support Me and Summarize

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir

SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment

-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞

#wireshark #networksecurity #dfir

Рекомендации по теме

Комментарии

Though I have spent a lot of time doing Incident response....I alwayz get to learn few new things from your videos.Keep up the good work.

parulkhedwal

Loved it ❤️. It's absolutely real world scenario.

debarghaya

Neat explanation. Keep up the good work

cararose

It will be great bro if u great a video on how to analyze packets using wireshark

MdHasan-pdmn

Crystal clear explanation 🙌🙌 Beginners friendly content. Hope we will get much more videos like this ❤️. Thanks

sampathbajar

Amazing Archan, A real time analysis, Please share some knowledge for python for cyber security ..

cute-animals

Hi Bro, Ur video is really interesting and useful and am requesting to do a wire shark full tutorial because analyzing packet capture is the basic things to make a good SOC analyst.

shijothomas

Hello Bro Can you please share your mail

isba

Incident Response Training Course, Network Forensics, Day 13

Cybersecurity IDR: Incident Detection & Response | Google Cybersecurity Certificate

SOC 101: Real-time Incident Response Walkthrough

CertMike Explains Incident Response Process

Incident Response - CompTIA Security+ SY0-701 - 4.8

8 key steps for Incident response and disaster recovery for OT cybersecurity

Incident Response Training Course - SANS Institute - DFIR - FOR508 - Chad Tilbury

Network Forensics & Incident Response | Troy Wojewoda | Course Introduction

INCIDENT RESPONSE TRAINING FREE || Course Outline || Day 0

SOC Live Training Announcement (TCSA)#soc #cybersecuritytraining

Incident Response Training Course, Network Forensics, Day 13

Incident Response Training Course - SANS Institute - DFIR - FOR508 - Rob Lee

Preparing Your Team for Incident Response: Training and Simulation Exercises

CompTIA Security+ Full Course: Incident Response

Incident Response in Cyber Security Mini Course | Learn Incident Response in Under Two Hours

Incident Response Planning: Preparing for Network Security Breaches

Introduction to Incident Response

Understanding Incident Handling and Response in Under 3 Minutes | EC-Council

Incident Management Process: A Step by Step guide

Cybersecurity Incident Handling and Response - Course Overview

Cyber Security Incident Response Plan - Basics

The 6 Steps of the Incident Response Life Cycle and What Is a Security Incident?

Success Metrics in Cyber Security Incident Response Training

What is SOAR (Security, Orchestration, Automation & Response)

Incident Response Process - SY0-601 CompTIA Security+ : 4.2