This repository will hold all of my write-ups on investigating Packet Capture (PCAP) files containing malware using Wireshark, as well as performing Open Source Intelligence (OSINT) to support my findings.
- Incident reports will be linked in their respective .md files.
NOTE: Before these investigations, I created a home lab and downloaded VMware Workstation Pro as my primary virtual machine and Kali Linux as the disk image, so I can access the PCAP files -through the VM- safely.
- VMware Workstation Pro: https://www.broadcom.com/
- You must create an account
- Click the drop down menu in the upper right corner and select "VMware Cloud Foundation"
- Search for VMware Workstation Pro
- Download for personal use on Windows or Linux
- Kali Linux: https://www.kali.org/get-kali/#kali-virtual-machines
- For Microsoft Windows: After installing, add the Kali Linux downloaded file as an exclusion in Windows Security > Virus & Threat Protection > Manage Settings > Add or Remove Exclusions > Add Kali Linux.
- Extract all the files, and it can now be used on VMware as your disk image
- Malware Traffic Analysis: https://malware-traffic-analysis.net
- Wireshark pcap filters:
- And a lot of googling. HAHA