BlackPerl DFIR || INCIDENT RESPONSE TRAINING || Full Course - Incident Response Training Course, Network Forensics, Day 13

In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-13 and I will show you a real SOC Incident that came from SIEM tool where one of the internal machine is identified behaving abnormally. In this episode, I will show you how can you efficiently and quickly perform the network packet analysis and identify- The Details around the infected host, IP address, domain, users logged in etc. Also, I will show you how can you easily triage to identify what is the malware family if this alert is a True Positive. We will take 2 such real usecases and I will show you how both the packets turned out to be having presence of Malwares like- Agent Tesla, QuackBot and Hancitor. We will discover everything from the packet analysis. Analysis of the infection traffic requires Wireshark or some other pcap analysis tool. Wireshark is my tool of choice to review pcaps of infection traffic. However, default settings for Wireshark are not optimized for web-based malware traffic. So in this episode, you will learn some tricks to optimize the filters, tricks to export objects etc. So, if you want to become master in analyzing network packets and looking for easy tricks and techniques to perform network forensics, watch the full episode. Tools I have used in this Episode- 👉 WireShark 👉 HUNt3r- Malware Analyzer Tool (Coming Soon!) 🙏CREDIT ------------------------------------------------------------------------------------------------------------------------- Thanks to Brad Duncan for sharing the pcaps! Please download them from below links- 🔗https://github.com/brad-duncan/June-2021-forensic-quiz/blob/main/June-2021-forensic-contest.pcap.zip 🔗https://github.com/brad-duncan/May-2021-forensic-quiz/blob/main/May-2021-forensic-contest.pcap.zip 🔴DISCLIAMER ------------------------------------------------------------------------------------------------------------------------- Of note, the pcap from this repository contains actual Windows-based malware within the traffic. That poses a risk of infection when reviewing the pcap on a Windows-based host. I recommend people review the pcap in a non-Windows environment. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉https://youtube.com/playlist?list=PLjWEV7pmvSa4yvhzNsCjOJovOn1LLyBXB DFIR Free Tools and Techniques 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa6f-NTpXsaUYWZLjLAB_0TS Windows and Memory Forensics 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH Malware Analysis 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa6u32RongesgDtkfKBfrFWW SIEM Tutorial 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa7cXTkCppnYHERUdy8Dd71x Threat Hunt & Threat Intelligence 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa5UTZlsWp5wRnURNbeMS-fu ⌚ Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 ⏩ Introduction 0:58 ⏩ Usecase1(QuackBot) 5:08 ⏩ Usecase1 Packet Analysis 24:16 ⏩ Usecase2(Agent Tesla, Hancitor) 25:39 ⏩ Usecase2 Packet Analysis 40:27 ⏩ Support Me and Summarize 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: https://www.linkedin.com/company/blackperl ✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: https://github.com/archanchoudhury ✔ Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/ ✔ Can be reached via archan.fiem.it@gmail.com SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ ➡️ SUBSCRIBE, Share, Like, Comment ☕ Buy me a Coffee 👉 https://www.buymeacoffee.com/BlackPerl 📧 Sponsorship Inquiries: archan.fiem.it@gmail.com ------------------------------------------------------------------------------------------------------------------------- 🙏 Thanks for watching!! Be CyberAware!! 🤞 #wireshark #networksecurity #dfir