Skip to content

Latest commit

 

History

History
24 lines (20 loc) · 1.41 KB

File metadata and controls

24 lines (20 loc) · 1.41 KB

Malware Network Traffic Analysis w/ Wireshark

This repository will hold all of my write-ups on investigating Packet Capture (PCAP) files containing malware using Wireshark, as well as performing Open Source Intelligence (OSINT) to support my findings.

- Incident reports will be linked in their respective .md files.

NOTE: Before these investigations, I created a home lab and downloaded VMware Workstation Pro as my primary virtual machine and Kali Linux as the disk image, so I can access the PCAP files -through the VM- safely.

Programs we will be using:

  • VMware Workstation Pro: https://www.broadcom.com/
    • You must create an account
    • Click the drop down menu in the upper right corner and select "VMware Cloud Foundation"
    • Search for VMware Workstation Pro
    • Download for personal use on Windows or Linux
  • Kali Linux: https://www.kali.org/get-kali/#kali-virtual-machines
    • For Microsoft Windows: After installing, add the Kali Linux downloaded file as an exclusion in Windows Security > Virus & Threat Protection > Manage Settings > Add or Remove Exclusions > Add Kali Linux.
    • Extract all the files, and it can now be used on VMware as your disk image

Source for Malware PCAP files:

Documentation used: