In session three in which I exported suspicious and malicious content, I used the following for example to identify the name of the malicious file: However, when looking at packets for patterns, sequence of bytes, etc., do we really need to leverage grep or another external tool? Let's see. Many times, when looking at packets or logs, I leverage " grep -perl-regexp". While I did not do blog posts for those (and I wish I had thought about it before), I've chosen to do a blog post for the TShark and working with regular expressions, In a session prior to these, I focused on Full Packet Capturing with TShark for Continuous Monitoring & Threat Intel via IP, Domains, & URLS. In the 3rd session, we extracted suspicious and malicious content from PCAPS. In the second session, we focused on reconnaissance at the transport layer and working with some common application protocols. In the first of those videos, we did an intro to TShark by focusing on reconnaissance at the IP layer. As a result, I produced some videos using TShark.
Recently, I've been working with the SANS Institute on some Livestream sessions, promoting the SEC503: Intrusion Detection In Depth class.
0 kommentar(er)
