Network Forensics: Packet Analysis Using Wireshark
•
3 likes•5,850 views
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
Report
Share
Report
Share
Download to read offline
Recommended
Network forensics and investigating logs
The document discusses various aspects of network forensics and investigating logs. It covers analyzing log files as evidence, maintaining accurate timekeeping across systems, configuring extended logging in IIS servers, and the importance of log file accuracy and authenticity when using logs as evidence in an investigation.
Network forensic
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Open source network forensics and advanced pcap analysis
Speaker: GTKlondike
There is a lot of information freely available out on the internet to get network administrators and security professionals started with network analysis tools such as Wireshark. However, there is a well defined limit on how in depth the topic is covered. This intermediate level talk aims to bridge the gap between a basic understanding of protocol analyzers (I.e. Wireshark and TCPdump), and practical real world usage. Things that will be covered include: network file carving, statistical flow analysis, GeoIP, exfiltration, limitations of Wireshark, and other network based attacks. It is assumed the audience has working knowledge of protocol analysis tools (I.e. Wireshark and TCPdump), OSI and TCP/IP model, and major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.).
Bio
GTKlondike is a local hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.
Firewall presentation
Here are the key advantages of a packet-filtering router firewall:
- Simple and fast - Packet filtering is a simple and fast operation as it only examines packet headers. This makes packet filtering routers suitable for high traffic networks.
- Low cost - Packet filtering routers are generally lower in cost compared to other firewall types as they utilize existing router hardware and software.
- Flexible rulesets - Packet filtering allows for flexible rulesets that can block or allow packets based on many header fields like source/destination IP, port, protocol type etc.
- Transparency - Packet filtering operates at the network/transport layers so it is transparent to users and applications.
- Performance - Packet filtering has minimal impact on network performance since
Network Forensics
Network forensics involves collecting and analyzing network data and traffic to determine how attacks occur. It is important to establish standard forensic procedures and know normal network traffic patterns to detect variations. Tools like packet analyzers, Sysinternals, and honeypots can help monitor traffic and identify intrusions. The Honeynet Project aims to increase security awareness by observing new attacker techniques.
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Physical Penetration Testing (RootedCON 2015)
This document discusses physical penetration testing as part of a red team assessment. It defines physical penetration testing as evaluating physical security controls and procedures at a target facility. The methodology involves planning and intelligence gathering, followed by breaching physical security measures to gain access. A case study example demonstrates bypassing access controls, alarms, and sensors to access different floors within a building. The document concludes that physical intrusions require creativity and lateral thinking, and that red team assessments provide a comprehensive way to evaluate security.
Network Forensics Intro
A 1-day short course developed for visiting guests from Tecsup on network forensics, prepared in a day : ]
The requirements/constraints were 5-7 hours of content and that the target audience had very little forensic or networking knowledge. [For that reason, flow analysis was not included as an exercise, discussion of network monitoring solutions was limited, and the focus was on end-node forensics, not networking devices/appliances themselves]
Recommended
Network forensics and investigating logs
The document discusses various aspects of network forensics and investigating logs. It covers analyzing log files as evidence, maintaining accurate timekeeping across systems, configuring extended logging in IIS servers, and the importance of log file accuracy and authenticity when using logs as evidence in an investigation.
Network forensic
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Open source network forensics and advanced pcap analysis
Speaker: GTKlondike
There is a lot of information freely available out on the internet to get network administrators and security professionals started with network analysis tools such as Wireshark. However, there is a well defined limit on how in depth the topic is covered. This intermediate level talk aims to bridge the gap between a basic understanding of protocol analyzers (I.e. Wireshark and TCPdump), and practical real world usage. Things that will be covered include: network file carving, statistical flow analysis, GeoIP, exfiltration, limitations of Wireshark, and other network based attacks. It is assumed the audience has working knowledge of protocol analysis tools (I.e. Wireshark and TCPdump), OSI and TCP/IP model, and major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.).
Bio
GTKlondike is a local hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.
Firewall presentation
Here are the key advantages of a packet-filtering router firewall:
- Simple and fast - Packet filtering is a simple and fast operation as it only examines packet headers. This makes packet filtering routers suitable for high traffic networks.
- Low cost - Packet filtering routers are generally lower in cost compared to other firewall types as they utilize existing router hardware and software.
- Flexible rulesets - Packet filtering allows for flexible rulesets that can block or allow packets based on many header fields like source/destination IP, port, protocol type etc.
- Transparency - Packet filtering operates at the network/transport layers so it is transparent to users and applications.
- Performance - Packet filtering has minimal impact on network performance since
Network Forensics
Network forensics involves collecting and analyzing network data and traffic to determine how attacks occur. It is important to establish standard forensic procedures and know normal network traffic patterns to detect variations. Tools like packet analyzers, Sysinternals, and honeypots can help monitor traffic and identify intrusions. The Honeynet Project aims to increase security awareness by observing new attacker techniques.
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Physical Penetration Testing (RootedCON 2015)
This document discusses physical penetration testing as part of a red team assessment. It defines physical penetration testing as evaluating physical security controls and procedures at a target facility. The methodology involves planning and intelligence gathering, followed by breaching physical security measures to gain access. A case study example demonstrates bypassing access controls, alarms, and sensors to access different floors within a building. The document concludes that physical intrusions require creativity and lateral thinking, and that red team assessments provide a comprehensive way to evaluate security.
Network Forensics Intro
A 1-day short course developed for visiting guests from Tecsup on network forensics, prepared in a day : ]
The requirements/constraints were 5-7 hours of content and that the target audience had very little forensic or networking knowledge. [For that reason, flow analysis was not included as an exercise, discussion of network monitoring solutions was limited, and the focus was on end-node forensics, not networking devices/appliances themselves]
Malware forensics
This document discusses keyloggers, malware detection, and forensic investigation of infected systems. It defines keyloggers as hardware or software that captures keystrokes and malware as malicious software like viruses and Trojans. It provides tips for detecting keyloggers and malware through artifacts in the system, registry, prefetch files, and suspicious files and entries. It outlines methods for determining the infection source and timeline, and identifying captured data, attacker information, and next steps for investigators.
IDS and IPS
An intrusion detection system (IDS) monitors network traffic and system activities for suspicious activity that could indicate a security threat or attack. An IDS analyzes patterns in traffic to identify potential threats. There are network IDS that monitor entire network traffic and host IDS that monitor individual systems. An IDS detects threats but does not prevent them. An intrusion prevention system (IPS) can detect and prevent threats by blocking malicious traffic in real-time. An IPS combines IDS detection capabilities with preventative blocking functions. Common types of IPS include inline network IPS, layer 7 switches, application firewalls, and hybrid switches.
Firewall and Types of firewall
In this PPT you can learn a firewall and types which help you a lot and you can able to understand. So, that you must read at once I sure that you are understand
Thank you!!!
I
Linux forensics
Linux is well-suited for forensic investigations due to its free and open-source tools, flexible environment, and ability to access low-level interfaces. However, its tools are more complicated to use than commercial packages and typically lack technical support. Linux distributions use a directory tree with essential directories like /bin, /etc, /home, and /var. Important commands provide information on processes, network connections, and disk usage. The Linux boot process involves the BIOS, boot loader, kernel initialization, and starting of processes at designated run levels.
Supply Chain Attacks
This document discusses supply chain attacks and provides examples of recent attacks. It defines supply chain attacks as compromising enterprise networks via third party applications or entities. The document then summarizes the anatomy and timeline of the Kaseya and 3CX ransomware attacks. In the Kaseya attack, a malicious task was deployed to VSA servers which then pushed ransomware downstream. The 3CX attack involved a trojanized software update that bundled a malicious DLL leading to data theft. Finally, the document outlines defenses such as software inventory, access controls, and secure development practices to help prevent supply chain attacks.
Network Miner Network forensics
Introduction
Digital Forensics
Network Forensic
Why?
Network Miner
Network Miner- Features
Screenshots
Demo – Live Capture
Demo – Scenario Analysis
Conclusion
References
Computer Security
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Wired and Wireless Network Forensics
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
Ethical Hacking n VAPT presentation by Suvrat jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Mobile Forensics
This document discusses mobile device forensics. It explains that mobile devices store a variety of personal information, including calls, texts, emails, photos and more. It also outlines the challenges of investigating mobile devices and describes the components of mobile devices like the IMEI, SIM card, and memory. The document provides details on acquiring data from mobile devices, including identifying the device, isolating it to prevent remote wiping, and extracting data from internal memory, SIM cards and external storage.
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
These are slides from a college course. For more info see https://samsclass.info/125/125_S16.shtml
Intrusion detection system
This document summarizes intrusion detection systems (IDS), including that an IDS monitors network traffic to detect unwanted activity like illegal access. IDS can be classified based on anomaly detection, signature-based detection, host-based monitoring of operating systems, or network-based analysis of packet traffic. The document also discusses benefits of IDS like reduced costs and real-time detection, and notes the future includes better integrating network and host-based IDS to detect novel attacks.
Introduction to Malware Analysis
This document provides an overview of malware analysis, including both static and dynamic analysis techniques. Static analysis involves examining a file's code and components without executing it, such as identifying file types, checking hashes, and viewing strings. Dynamic analysis involves executing the malware in a controlled environment and monitoring its behavior and any system changes. Dynamic analysis tools discussed include Process Explorer, Process Monitor, and Autoruns to track malware processes, files accessed, and persistence mechanisms. Both static and dynamic analysis are needed to fully understand malware behavior.
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
IDS is. It’s simply a security software which is termed to help user or system administrator by automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies is taken.
Malware forensic
This document discusses malware forensics. It defines malware as malicious software programs and describes what malware can do. The document outlines different types of malware and explains how malware analysis has become a forensic discipline. It describes malware forensics as investigating malware properties to identify culprits and reasons for attacks. This includes analyzing malicious code, entry points, propagation methods, and system impacts. The document contrasts static and dynamic malware analysis approaches.
Computer Security and Intrusion Detection(IDS/IPS)
This ppt explain you various type of possible attack, security property, Traffic Analysis, Security mechanism Intrusion detection system, vulnerability, Attack framework etc.
Cloud-forensics
Cloud Forensics...this presentation shows you the current state of progress and challenges that stand today in the world of CLOUD FORENSICS.Based on lots of Google search and whites by Josiah Dykstra and Alan Sherman.The presentation builds right from basics and compares the conflicting requirements between traditional and Clod Forensics.
Cloud Forensics
This document summarizes a project on cloud forensics. It discusses cloud computing models like SaaS, PaaS, and IaaS. It describes implementing a private Eucalyptus cloud and testing live forensics via virtual introspection and recovering ephemeral data from previous cloud tenants. It demonstrates recovering data from a physical disk but not from a new virtual instance due to sparse files. The document concludes ephemeral data is not accessible to new tenants in Eucalyptus clouds due to sparse files and zero-filling.
Anti forensic
Encryption, steganography, data hiding, artifact wiping, and trail obfuscation are anti-forensic techniques used to hide digital evidence and make forensic investigations difficult. These techniques aim to conceal criminal activity by hiding data in places that are hard to find and modify file metadata and attributes to cast doubt on evidence. While some argue these methods help improve forensic procedures, they are generally considered malicious since they are designed to cover up illegal acts and prevent authorities from proving criminal cases.
Malware Analysis Made Simple
Malware analysis is important for responding quickly to security incidents and keeping costs down. Malware is the number one external threat and is adapting to evade traditional defenses like firewalls and antivirus software. When incidents do occur, organizations should have an in-house capability to analyze malware using free and open-source tools to understand the scope of infections and prevent recurrences.
Wireshark
Wireshark is a free and open-source packet analyzer that can be used to capture packets on a network for troubleshooting purposes, with options to filter captures by IP address, port number, or other criteria. Wireshark runs either directly on the device being monitored or by configuring port mirroring on a switch to send traffic to a separate machine running Wireshark. The document discusses different locations and methods for capturing packets both on and off the target device.
Network Forensics
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
More Related Content
What's hot
Malware forensics
This document discusses keyloggers, malware detection, and forensic investigation of infected systems. It defines keyloggers as hardware or software that captures keystrokes and malware as malicious software like viruses and Trojans. It provides tips for detecting keyloggers and malware through artifacts in the system, registry, prefetch files, and suspicious files and entries. It outlines methods for determining the infection source and timeline, and identifying captured data, attacker information, and next steps for investigators.
IDS and IPS
An intrusion detection system (IDS) monitors network traffic and system activities for suspicious activity that could indicate a security threat or attack. An IDS analyzes patterns in traffic to identify potential threats. There are network IDS that monitor entire network traffic and host IDS that monitor individual systems. An IDS detects threats but does not prevent them. An intrusion prevention system (IPS) can detect and prevent threats by blocking malicious traffic in real-time. An IPS combines IDS detection capabilities with preventative blocking functions. Common types of IPS include inline network IPS, layer 7 switches, application firewalls, and hybrid switches.
Firewall and Types of firewall
In this PPT you can learn a firewall and types which help you a lot and you can able to understand. So, that you must read at once I sure that you are understand
Thank you!!!
I
Linux forensics
Linux is well-suited for forensic investigations due to its free and open-source tools, flexible environment, and ability to access low-level interfaces. However, its tools are more complicated to use than commercial packages and typically lack technical support. Linux distributions use a directory tree with essential directories like /bin, /etc, /home, and /var. Important commands provide information on processes, network connections, and disk usage. The Linux boot process involves the BIOS, boot loader, kernel initialization, and starting of processes at designated run levels.
Supply Chain Attacks
This document discusses supply chain attacks and provides examples of recent attacks. It defines supply chain attacks as compromising enterprise networks via third party applications or entities. The document then summarizes the anatomy and timeline of the Kaseya and 3CX ransomware attacks. In the Kaseya attack, a malicious task was deployed to VSA servers which then pushed ransomware downstream. The 3CX attack involved a trojanized software update that bundled a malicious DLL leading to data theft. Finally, the document outlines defenses such as software inventory, access controls, and secure development practices to help prevent supply chain attacks.
Network Miner Network forensics
Introduction
Digital Forensics
Network Forensic
Why?
Network Miner
Network Miner- Features
Screenshots
Demo – Live Capture
Demo – Scenario Analysis
Conclusion
References
Computer Security
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Wired and Wireless Network Forensics
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
Ethical Hacking n VAPT presentation by Suvrat jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Mobile Forensics
This document discusses mobile device forensics. It explains that mobile devices store a variety of personal information, including calls, texts, emails, photos and more. It also outlines the challenges of investigating mobile devices and describes the components of mobile devices like the IMEI, SIM card, and memory. The document provides details on acquiring data from mobile devices, including identifying the device, isolating it to prevent remote wiping, and extracting data from internal memory, SIM cards and external storage.
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
These are slides from a college course. For more info see https://samsclass.info/125/125_S16.shtml
Intrusion detection system
This document summarizes intrusion detection systems (IDS), including that an IDS monitors network traffic to detect unwanted activity like illegal access. IDS can be classified based on anomaly detection, signature-based detection, host-based monitoring of operating systems, or network-based analysis of packet traffic. The document also discusses benefits of IDS like reduced costs and real-time detection, and notes the future includes better integrating network and host-based IDS to detect novel attacks.
Introduction to Malware Analysis
This document provides an overview of malware analysis, including both static and dynamic analysis techniques. Static analysis involves examining a file's code and components without executing it, such as identifying file types, checking hashes, and viewing strings. Dynamic analysis involves executing the malware in a controlled environment and monitoring its behavior and any system changes. Dynamic analysis tools discussed include Process Explorer, Process Monitor, and Autoruns to track malware processes, files accessed, and persistence mechanisms. Both static and dynamic analysis are needed to fully understand malware behavior.
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
IDS is. It’s simply a security software which is termed to help user or system administrator by automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies is taken.
Malware forensic
This document discusses malware forensics. It defines malware as malicious software programs and describes what malware can do. The document outlines different types of malware and explains how malware analysis has become a forensic discipline. It describes malware forensics as investigating malware properties to identify culprits and reasons for attacks. This includes analyzing malicious code, entry points, propagation methods, and system impacts. The document contrasts static and dynamic malware analysis approaches.
Computer Security and Intrusion Detection(IDS/IPS)
This ppt explain you various type of possible attack, security property, Traffic Analysis, Security mechanism Intrusion detection system, vulnerability, Attack framework etc.
Cloud-forensics
Cloud Forensics...this presentation shows you the current state of progress and challenges that stand today in the world of CLOUD FORENSICS.Based on lots of Google search and whites by Josiah Dykstra and Alan Sherman.The presentation builds right from basics and compares the conflicting requirements between traditional and Clod Forensics.
Cloud Forensics
This document summarizes a project on cloud forensics. It discusses cloud computing models like SaaS, PaaS, and IaaS. It describes implementing a private Eucalyptus cloud and testing live forensics via virtual introspection and recovering ephemeral data from previous cloud tenants. It demonstrates recovering data from a physical disk but not from a new virtual instance due to sparse files. The document concludes ephemeral data is not accessible to new tenants in Eucalyptus clouds due to sparse files and zero-filling.
Anti forensic
Encryption, steganography, data hiding, artifact wiping, and trail obfuscation are anti-forensic techniques used to hide digital evidence and make forensic investigations difficult. These techniques aim to conceal criminal activity by hiding data in places that are hard to find and modify file metadata and attributes to cast doubt on evidence. While some argue these methods help improve forensic procedures, they are generally considered malicious since they are designed to cover up illegal acts and prevent authorities from proving criminal cases.
Malware Analysis Made Simple
Malware analysis is important for responding quickly to security incidents and keeping costs down. Malware is the number one external threat and is adapting to evade traditional defenses like firewalls and antivirus software. When incidents do occur, organizations should have an in-house capability to analyze malware using free and open-source tools to understand the scope of infections and prevent recurrences.
What's hot (20)
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
Viewers also liked
Wireshark
Wireshark is a free and open-source packet analyzer that can be used to capture packets on a network for troubleshooting purposes, with options to filter captures by IP address, port number, or other criteria. Wireshark runs either directly on the device being monitored or by configuring port mirroring on a switch to send traffic to a separate machine running Wireshark. The document discusses different locations and methods for capturing packets both on and off the target device.
Network Forensics
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
Forensic Analysis - Empower Tech Days 2013
This document provides an agenda for a two-day course on network monitoring and forensics. Day one will cover network forensics, including an introduction to forensic data types like PCAP (full packet capture) and flow data. It will discuss what these data types look like, how to interpret them, and how to obtain them. Day two will recap PCAP and flow data, then cover working with logs and alerts, including how to consolidate these sources and use SIEM tools. It will conclude by discussing how to implement a network monitoring solution. The goal is to provide students with an understanding of network forensic data gathering and concepts needed for network forensics investigations.
Wireshark
This document provides an introduction to the packet analysis tool Wireshark. It introduces key people involved in Wireshark including creator Gerald Combs and trainer Laura Chappell. It reviews common network protocols like Ethernet, IP, TCP and TCP/IP. It provides an overview of how to use Wireshark including capturing packets, filtering displays, saving files and more. The document concludes with resources for learning more about Wireshark and guides for certification.
Wireshark - presentation
Wireshark is a free and open-source packet analyzer that allows users to capture and analyze network traffic. It can be used by network administrators to troubleshoot problems, security engineers to examine security issues, developers to debug protocol implementations, and testers to detect defects. Wireshark works by capturing live packet data on the network, displaying the packet data in detail, and allowing users to interactively browse the packet data.
Network forensics1
Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
Wireshark ppt
Wireshark is a GUI tool that can be used to analyze network traffic on many operating systems. It allows users to apply filters to network packets using parameters like IP addresses, ports, and protocols. The document provides examples of Wireshark filters and links to sample network capture files that can be used for practice analyzing network traffic using different filters.
Network Forensics
Presentazione per il corso di Reti di Calcolatori all'Università Ca' Foscari di Venezia, anno accademico 2012-2013.
Il link nell'ultima slide è stato disattivato, quello corretto per la relazione in PDF è:
https://www.dropbox.com/s/w78uwpsm7xm1yr1/RelazioneNetworkForensics.pdf
Wireshark course, Ch 02: Introduction to wireshark
This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.
Wireshark
The document discusses Wireshark, an open source network packet analyzer software. It can be used for network troubleshooting, monitoring network traffic and analyzing protocol behavior. Key features include live packet capture from network interfaces, detailed packet display, capture file import/export and many filtering options. While useful for security, development and learning, it does not actively manipulate network traffic or detect intrusions. It requires a supported network card and is available for Windows, Mac and various Linux/Unix systems.
Network Analysis Using Wireshark 1
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network Packet Analysis with Wireshark
This document discusses the network packet analysis tool Wireshark. It begins with an introduction to Jim Gilsinn and his background in cybersecurity and industrial control systems. It then provides an overview of Wireshark, describing it as an open-source, multi-platform network protocol analyzer that allows users to capture, interactively browse, and decode network traffic. Key features of Wireshark like its large protocol support and graphical interface are highlighted. The document concludes by discussing advanced analysis features, developing custom protocol decoders, and providing resources for more information on Wireshark.
Wireshark Basics
This document provides an overview and introduction to using the Wireshark network analysis tool. It discusses Wireshark basics and advanced features, including how to capture and filter network traffic, analyze protocols and packets, view statistics and conversations, and use Wireshark to troubleshoot network issues. Several case studies are presented showing how Wireshark can be used to analyze problems like slow connections, high load, and non-stable performance.
Wireshark tutorial
This document provides instructions for using the Wireshark network analysis tool to capture and analyze network packet data. It describes how to install Wireshark, start a packet capture to observe network traffic from browsing a website, filter the captured packets to show only HTTP traffic, and examine the details of an HTTP request packet. The key steps are to start Wireshark, begin capturing packets from a network interface, load a web page to generate network activity, stop the capture, and use Wireshark to inspect the captured HTTP packets in more detail.
Wireshark
This document introduces the packet sniffer Wireshark. It explains that a packet sniffer captures network packets sent and received by a computer and displays the contents of fields within protocols. It describes how Wireshark works, installing Wireshark, and providing step-by-step instructions for conducting a test run of Wireshark to observe HTTP traffic between two computers on a network.
Wireshark
Wireshark is a free and open-source packet analyzer that allows users to capture and analyze network traffic. It can be used to troubleshoot network problems, analyze network security issues, and debug protocol implementations. Wireshark has both a graphical user interface and command line interface and supports filtering, sorting, and color-coding packets to help users analyze network traffic.
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.
Packet analysis using wireshark
Wireshark is a free and open-source packet analyzer that is used for network troubleshooting, analysis, protocol development, and education. It allows for deep inspection of hundreds of protocols, live packet capture, offline analysis, and display filtering. Wireshark can be used to analyze VoIP calls, DNS queries, troubleshoot internet access issues, and understand SSL encrypted traffic flows.
Practical Packet Analysis: Wireshark
The document provides an introduction to Wireshark, including a brief history of its development from Ethereal, the benefits it provides, how to install it, and an overview of fundamental Wireshark concepts like capturing packets, its main window interface, and preferences customization. It explains that Wireshark enables protocol support, usability, program and operating system compatibility and guides the reader through their first packet capture and exploration of Wireshark's interface.
Wireshark Inroduction Li In
WIRESHARK is a free and open-source packet analyzer that allows users to examine network traffic and inspect packets. It can be used for basic network troubleshooting, analysis, development, and education. The tool supports live packet captures from networked interfaces as well as offline analysis of captured packet data files. It decodes hundreds of protocols and can filter traffic based on various packet attributes.
Viewers also liked (20)
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
Similar to Network Forensics: Packet Analysis Using Wireshark
Network Forensics and Practical Packet Analysis
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
WEEK-01.pdf
This document provides an overview of an Ethical Hacking course. It discusses the first lecture which introduces ethical hacking and penetration testing. Key points covered include defining ethical hacking, the role of an ethical hacker, and some common hacking techniques like spoofing, denial of service attacks, and gaining unauthorized access. The document also discusses legal and illegal hacking activities.
mcubed london - data science at the edge
A talk about data gravity, progressively more complex and accurate machine learning models for computer vision and face recognition, in cloud and using Apache NiFi
Covert channels: A Window of Data Exfiltration Opportunities
A covert channel is an attack that creates a capacity to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. Covert channels are easily used to exfltrate data from a secure location especially over a long period of time.
Generally, covert channels are usually very difficult to detect due to their ability to use existing legitimate connections hence, raising as little red flags as possible.
In this talk for CorkSec (December, 2019), Joel Aleburu would give an overview of Covert Channels; what they are, the different types, how they function, how to detect and mitigate against them.
Practical Routers and Switches (Including TCP/IP and Ethernet) for Engineers ...
Routers and switches are primary components of most networks and obviously internetworks. Routers are simultaneously the most complex component of networks and the most important. This workshop goes through the basics of routers, routed and routing protocols and the basic rules to follow in building internetworks. If you are using any form of communication system or are applying modern PLCs/SCADA systems this workshop will give you the essential tools in working with networks. It is not an advanced workshop – but a hands-on one.
MORE INFORMATION: http://www.idc-online.com/content/practical-routers-switches-including-tcpip-and-ethernet-engineers-technicians-12?id=6971
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
AFL that you (probably) do not know discusses the American Fuzzy Lop (AFL) fuzzer. The presentation aims to dispel myths about AFL and encourage its use. It addresses that AFL can be used for languages beyond C/C++ through sister projects, does not require source code, and finds bugs beyond just memory issues. While AFL's interface is dense, it has visualization tools and can leverage multiple CPUs. True, AFL will not automatically report or request CVEs for found issues, and using it can be fun.
Anomaly detection final
This project aims to analyze and emulate anomaly detection techniques for low-rate TCP denial of service attacks using the DETERLab testbed. The researchers plan to design an extensive anomaly checkpoint detection methodology. They propose a modified likelihood ratio algorithm to detect changes in network traffic statistics. The algorithm will be tested on legitimate and attack traffic in DETERLab while analyzing detection statistics and congestion windows. Results will help evaluate the ability to rapidly detect attacks while limiting false alarms.
Server Tips
This document provides an overview of tips and best practices for high performance server programming. It discusses fundamentals like avoiding blocking, using efficient algorithms and data structures, and separating I/O from business logic. It also covers more advanced topics like I/O models, scheduling approaches, buffer management, concurrency models, and security considerations. Finally, it recommends tools and resources for profiling, debugging, and learning more about TCP/IP and networking.
From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets...
The landscape of security threats an enterprise faces is vast. It is imperative for an organization to know when one of the machines within the network has been compromised. One layer of detection can take advantage of the DNS requests made by machines within the network. A request to a Command & Control (CNC) domain can act as an indication of compromise. It is thus advisable to find these domains before they come into play. The team at Akamai aims to do just that.
In this session, Aminov will share Akamai’s experience in porting their PoC detection algorithms, written in Python, to a reliable production-level implementation using Scala and Apache Spark. He will specifically cover their experience regarding an algorithm they developed to detect botnet domains based on passive DNS data. The session will also include some useful insights Akamai has learned while handing out solutions from research to development, including the transition from small-scale to large-scale data consumption, model export/import using PMML and sampling techniques. This information is valuable for researchers and developers alike.
Scanning & Penetration Testing
This document provides instructions for hands-on exercises using the security testing tools in BackTrack 5. It discusses running a live BackTrack CD, configuring network settings, using Wireshark to capture network traffic, Nmap for scanning targets, Hydra for password cracking, and observing the results. Students are warned that any illegal activities outside the classroom are their full responsibility, and basic security best practices like keeping systems patched and using firewalls are recommended. The document concludes by providing questions to analyze the results of exercises using Nmap, Telnet, Wireshark, Hydra and TCPdump to observe network protocols, password cracking attempts, and the three-way handshake process between targets and hosts.
2018 FRSecure CISSP Mentor Program- Session 7
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
The document discusses the intersection of networks and DevOps. It covers challenges with traditional network operations including lack of programmability. It proposes distributed and software-defined networking approaches but notes hard problems remain. It emphasizes lessons learned around prototyping, understanding user needs, reliability, testing changes, and building a collaborative team culture.
TAU on Power 9
The document summarizes the TAU (Tuning and Analysis Utilities) performance profiling tool. TAU can instrument applications to collect timing and callpath information. It supports profiling of MPI, OpenMP, GPU and other parallel programs. TAU includes tools for profiling, tracing, visualization and analysis of performance data. Environment variables control TAU's instrumentation and data collection options. TAU is open source and widely used for performance analysis and optimization.
Recon-Fu @BsidesKyiv 2016
80/20 Rule or «You Cannot Spend Too Much Time Enumerating» – the Recon-Fu for pentesters & bug hunters
The Background Noise of the Internet
The last five to ten years has seen massive advancements in open source Internet-wide mass-scan tooling, on-demand cloud computing, and high speed Internet connectivity. This has lead to a massive influx of different groups mass-scanning all four billion IP address in the IPv4 space on a constant basis. Information security researchers, cyber security companies, search engines, and criminals scan the Internet for various different benign and nefarious reasons (such as the WannaCry ransomware and multiple MongoDB, ElasticSearch, and Memcached ransomware variants). It is increasingly difficult to differentiate between scan/attack traffic targeting your organization specifically and opportunistic mass-scan background radiation packets.
Grey Noise is a system that records and analyzes all the collective omnidirectional background noise of the Internet, performs enrichments and analytics, and makes the data available to researchers for free. Traffic is collected by a large network of geographically and logically diverse “listener” servers distributed around different data centers belonging to different cloud providers and ISPs around the world.
In this talk I will candidly discuss motivations for developing the system, a technical deep dive on the architecture, data pipeline, and analytics, observations and analysis of the traffic collected by the system, business impacts for network operators, pitfalls and lessons learned, and the vision for the system moving forward.
Tcpdump hunter
This document discusses how to use tcpdump and Linux utilities like grep, awk and sed to analyze network traffic for incident response. It provides examples of basic tcpdump syntax and using BPF filters to profile traffic. Specific techniques covered include hunting for suspicious DNS queries, mapping related infrastructure, finding unusual outbound connections, and automating tasks with scripting. The overall message is that security analysts should go beyond automated tools and learn to manually analyze network data to identify compromised systems that tools may miss.
Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using OS performance tools and basic alternatives to troubleshoot production database issues
The document discusses using Linux performance tools like pidstat, ps, and tracing tools like perf, systemtap, and dtrace to troubleshoot complex database problems that may involve issues at the operating system, hardware, or network level. It provides examples of using these tools to diagnose specific issues like memory fragmentation, I/O problems, and network congestion and presents a methodology around reproducing issues, analyzing tool output, identifying root causes, and developing solutions.
Hail hydrate! from stream to lake using open source
(VIRTUAL) Hail Hydrate! From Stream to Lake Using Open Source - Timothy J Spann, StreamNative
https://osselc21.sched.com/event/lAPi?iframe=no
A cloud data lake that is empty is not useful to anyone. How can you quickly, scalably and reliably fill your cloud data lake with diverse sources of data you already have and new ones you never imagined you needed. Utilizing open source tools from Apache, the FLiP stack enables any data engineer, programmer or analyst to build reusable modules with low or no code. FLiP utilizes Apache NiFi, Apache Pulsar, Apache Flink and MiNiFi agents to load CDC, Logs, REST, XML, Images, PDFs, Documents, Text, semistructured data, unstructured data, structured data and a hundred data sources you could never dream of streaming before. I will teach you how to fish in the deep end of the lake and return a data engineering hero. Let's hope everyone is ready to go from 0 to Petabyte hero.
https://osselc21.sched.com/event/lAPi/virtual-hail-hydrate-from-stream-to-lake-using-open-source-timothy-j-spann-streamnative
Introduction to Text Mining
The class outline covers introduction to unstructured data analysis, word-level analysis using vector space model and TF-IDF, beyond word-level analysis using natural language processing, and a text mining demonstration in R mining Twitter data. The document provides background on text mining, defines what text mining is and its tasks. It discusses features of text data and methods for acquiring texts. It also covers word-level analysis methods like vector space model and TF-IDF, and applications. It discusses limitations of word-level analysis and how natural language processing can help. Finally, it demonstrates Twitter mining in R.
Taming the resource tiger
This document discusses various computing concepts related to resources and performance in PHP applications. It covers topics like data storage technologies, areal storage density of hard drives and solid state drives, streams as a way to access input and output generically in PHP, using filters to perform operations on stream data, common issues like running out of memory and how to address them through better programming practices, limitations of CPU and how to distribute load through job queuing, and basics of networking like IP addresses, TCP, and using sockets. The key advice is to assume large amounts of data and potential failures, use appropriate data storage, avoid unnecessary processing in memory, optimize code through profiling, and offload work to other systems when possible.
Similar to Network Forensics: Packet Analysis Using Wireshark (20)
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities
Practical Routers and Switches (Including TCP/IP and Ethernet) for Engineers ...
Practical Routers and Switches (Including TCP/IP and Ethernet) for Engineers ...
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets...
From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets...
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...
Hail hydrate! from stream to lake using open source
Hail hydrate! from stream to lake using open source
More from n|u - The Open Security Community
Hardware security testing 101 (Null - Delhi Chapter)
Arun Mane is the founder and director of AmynaSec Labs. He is a security speaker and trainer who has presented at many conferences including Defcon, Blackhat, Nullcon, and HITB. His areas of expertise include security testing of IoT devices, connected vehicles, medical devices, and industrial control systems. Some common issues he finds include devices being publicly accessible, having backdoors, hardcoded credentials, and crypto or web application management problems. His testing methodology involves assessing web and mobile applications, embedded device communications, hardware testing through reverse engineering, and analyzing communication protocols and stored data.
Osint primer
This document outlines an agenda for a presentation on open-source intelligence (OSINT) gathering techniques. The agenda includes an introduction to OSINT, different types of intelligence gathering, a scenario example, OSINT gathering tactics and tools like Shodan, TheHarvester and Google dorks, applications of OSINT, a demonstration, references for OSINT, and a conclusion. Key OSINT tools that will be demonstrated include Twitter, Shodan, TheHarvester and Google dorks for gathering information from public online sources.
SSRF exploit the trust relationship
This document provides an overview of server-side request forgery (SSRF) vulnerabilities, including what SSRF is, its impact, common attacks, bypassing filters, and mitigations. SSRF allows an attacker to induce the application to make requests to internal or external servers from the server side, bypassing access controls. This can enable attacks on the server itself or other backend systems and escalate privileges. The document discusses techniques for exploiting trust relationships and bypassing blacklists/whitelists to perform SSRF attacks. It also covers blind SSRF and ways to detect them using out-of-band techniques. Mitigations include avoiding user input that can trigger server requests, sanitizing input, whitelist
Nmap basics
Nmap is a network scanning tool that can perform port scanning, operating system detection, and version detection among other features. It works by sending TCP and UDP packets to a target machine and examining the response, comparing it to its database to determine open ports and operating system. There are different scanning techniques that can be used like TCP SYN scanning, UDP scanning, and OS detection. Nmap also includes a scripting engine that allows users to write scripts to automate networking tasks. The presentation concludes with demonstrating Nmap's features through some examples.
Metasploit primary
The document provides an introduction and overview of the Metasploit Framework. It defines key terms like vulnerability, exploit, and payload. It outlines the scenario of testing a subnet to find vulnerabilities. It describes the main features of msfconsole like searching for modules, using specific modules, and configuring options. It promotes understanding and proper use, emphasizing that Metasploit alone does not make someone a hacker.
Api security-testing
1) The document provides guidance on testing APIs for security weaknesses, including enumerating the attack surface, common tools to use, what to test for (e.g. authentication, authorization, injections), and demo apps to practice on.
2) It recommends testing authentication and authorization mechanisms like tokens, injections attacks on state-changing requests, and how data is consumed client-side.
3) The document also discusses testing for denial of service conditions, data smuggling through middleware, API rate limiting, and cross-origin requests.
Introduction to TLS 1.3
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
This document provides an introduction to hacking mainframes in 2020. It begins with an overview of mainframe systems and terminology. It then discusses reconnaissance methods like port scanning and credential theft to gain initial access. Next, it covers conducting internal reconnaissance to escalate privileges by exploiting surrogate users, APF authorized libraries, and UNIX privilege escalation techniques. The document aims to provide enough context for curiosity about hacking mainframe systems.Talking About SSRF,CRLF
The document discusses CRLF injection and SSRF vulnerabilities. CRLF injection occurs when user input is directly parsed into response headers without sanitization, allowing special characters to be injected. SSRF is when a server is induced to make HTTP requests to domains of an attacker's choosing, potentially escalating access. Mitigations include sanitizing user input, implementing whitelists for allowed domains/protocols, and input validation.
Building active directory lab for red teaming
The document provides an overview of Active Directory, including its components and how it is used to centrally manage users, computers, and other objects within a network. It discusses key Active Directory concepts such as forests, domains, organizational units, users, computers, and domain trusts. It also provides step-by-step instructions for setting up an Active Directory lab environment for red teaming purposes and integrating a client machine into the domain.
Owning a company through their logs
A security engineer discusses how logs and passive reconnaissance can reveal sensitive information like AWS credentials. The engineer searched for open Jenkins and SonarQube instances which led to discovering Slack channels containing AWS access keys. Key lessons are to know your boundaries, automate mundane tasks, don't presume systems mask secrets, and persistence is important in security work.
Introduction to shodan
Shodan is a search engine that indexes internet-connected devices and provides information about devices, banners, and metadata. It works by generating random IP addresses and port scans to retrieve banner information from devices. This information is then stored in a searchable database. Users can search Shodan's database using filters like country, city, IP address, operating system, and ports. Shodan can be accessed through its website or command line interface. While useful for security research, Shodan also raises privacy and security concerns by revealing information about unprotected devices.
Cloud security
This document outlines an agenda for discussing cloud security. It begins with an introduction to cloud computing and deployment models. It then discusses challenges of cloud computing and why cloud security is important. Specific threats like data breaches and account hijacking are listed. The document reviews the shared responsibility model and scope of security in public clouds. It describes cloud security penetration testing methods like static and dynamic application testing. Finally, it provides prerequisites and methods for conducting cloud penetration testing, including reconnaissance, threat modeling, and following standard testing methodologies.
Detecting persistence in windows
This document discusses several techniques for maintaining persistence on Windows systems, including modifying accessibility features, injecting into image file execution options, using AppInit DLLs, application shimming, BITS jobs, registry run keys, and Windows Management Instrumentation event subscriptions. It provides details on how each technique works, common implementations, required privileges, relevant data sources, and example event log entries.
Frida - Objection Tool Usage
Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.
OSQuery - Monitoring System Process
Osquery is an open source tool that allows users to perform SQL queries on their system to retrieve information. It supports various platforms and makes it easy to get details about the system. Osquery consists of Osqueryi, Osqueryd, and Osqueryctl components. Basic queries can be run in user context mode to view system information, configuration, and tables. Osqueryd runs in daemon mode and can be configured using packs and decorators to monitor specific events and files. Osqueryctl is used to control the Osquery daemon process.
DevSecOps Jenkins Pipeline -Security
This document discusses DevSecOps, beginning with an introduction from Tibin Lukose. It then covers some challenges in DevSecOps such as developers lacking security skills, cultural challenges, and difficulties balancing speed, coverage and accuracy in testing. The document proposes a model DevSecOps company, Infosys, and provides a demo and contact information for any further questions.
Extensible markup language attacks
This document provides an introduction to XML and related technologies like libxml2, XSLT, XPath, and XML attacks. It discusses the basics of XML including elements, tags, attributes, and validation. It also describes common XML libraries and tools like libxml2, xmllint, and xsltproc. Finally, it provides an overview of different types of XML attacks like XML injection, XPath injection, XXE, and XSLT injection.
Linux for hackers
This document contains the agenda for a presentation on Linux for hackers. The agenda includes discussing the Linux file system, managing virtual machines smartly, command line tools like alias, tee, pipe, grep, cut, uniq, and xargs, Bash scripting, logging, and proxy chaining. It also mentions demonstrating several commands and tools. The presentation aims to be an interactive session where the presenter will answer any questions from attendees.
Android Pentesting
This document provides an overview of Android penetration testing. It discusses requirements and tools for static and dynamic analysis, including Apptitude, Genymotion, and ADB. It covers analyzing the Android manifest and classes.dex files. It also describes vulnerabilities in WebViews, such as loading cleartext content and improper SSL handling. Best practices for coding securely on Android are also presented.
More from n|u - The Open Security Community (20)
Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Recently uploaded
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Recently uploaded (20)
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Network Forensics: Packet Analysis Using Wireshark
- 1. Network S niffing and P acket Analysis Using Wireshark C ombined null and O W A S P meet B angalore 1101/0011/1010 ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda
- 2. • D ifficult to put all these things together • E xisting sessions – 100 – 150 slides • Time C onstraint
- 3. Topics • Why? • What? • How ? • B as ic sniffing techniques • Intro to wireshark • C losure look at protocols • C ase S tudies
- 5. P rerequisite: • P atience • P atience • P atience AND Or M ay be...
- 6. Why sniffing/packet analysis • Why you? • Why M e? • Why O thers?
- 7. P urpose of sniffing and packet analysis ● A million different things can go wrong with a computer network, from a simple spyware infection to a complex router configuration error. ● P acket level is the most basic level where nothing is hidden. ●Understand the network, who is on a network, whom your computer is talking to, What is the network us age, any s uspicious communication (D O S , botnet, Intrus ion attempt etc) ●Find uns ecured and bloated applications – FTP sends cleartext authentication data ●O ne phase of computer forensic - could reveal data otherwise hidden s omewhere in a 150 G B HD D .
- 8. What is this? • Also known as packet sniffing, protocol analysis etc. • Three P hases - • C ollection – promiscuous mode • C onversion – UI based tools are better • Analysis – P rotocol level, setting rules etc • G et various data like text content, files, clear text authentication details etc. • Tools •S niffer – wireshark, cain and abel, tcpdump (commnd line tool), networkminer • P acket Analysis – wireshark, networkminer, xplico etc
- 9. S niffing Techniques • P romiscuous mode • Hub environment • S witch environment • P ort mirroring • Hubbing out the target network/machine • AR P cache poisoning /AR P spoofing
- 10. Wireshark: History G erald C ombs , a computer science graduate of the University of M iss ouri at Kansas C ity, originally developed it out of necessity. The very firs t version of C ombs’ application, called E thereal, was releas ed in 1998 under the G NU P ublic Licens e (GP L). E ight years after releasing E thereal, C ombs left his job and rebranded the project as Wireshark in mid-2006.
- 11. Wireshark: Features • GPL • Available in all platform • Both live and offline analysis • Understands almost all protocols, if not, add it – open source • Filter/search packets, E xpert's comment, Follow TC P S tream, Flow G raph etc • P lenty of tutorials /documentation available • G et sample captured packets for study - http:/ wiki.wireshark.org/ ampleC aptures / S • D em o: L et's s ta rt ea ting . Feed yo ur bra in. :)
- 12. S tarters: P rotocol diagnosis • AR P • D HC P •HTTP / PTC • D NS • FTP • Telnet • IC M P • S M TP
- 13. D eserts: C ase S tudies • FTP C rack • B las ter worm • OS fingerprinting • P ort S canning • IC M P C overt C hannel • B rowser Hijacking - spyware
- 14. M outh Freshner: Honeynet C hallenge • C hallenge 1 • P roblem S tatement • Analysis • Tools used • S olution
- 15. M ainC ourse? ? ? ? “Tell me and I forget. Show me and I remember. Involve me and I understand.” - chinese proverb
- 16. Thank you for witnessing this historical moment... A ns w ers a nd D is c us s io ns ? ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda