Collaborate Disseminate
I’ve been experiencing attacks on my macOS computer that seem to coincide with MDNS broadcasts that occur when my iPhone is connected to the same network.
My basic understanding is that my phone requests all (ANY) DNS records, in the same … Continue reading What is the purpose of MDNS supportsRP-22._apple-mobdev2._tcp.local?
Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-lev… Continue reading Traceeshark: Open-source plugin for Wireshark
Following some suspicious activities on my PC, and also out of a general interest, I would like to expand my knowledge in IT forensics.
This quickly makes one aware of the complexity of the subject, and also how vague and elusive it feels … Continue reading What types of events in ProcMon are malicious?
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof methods that can prevent such decryption of… Continue reading How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
I have a Alfa AWUS1900 Wifi adapter in monitor mode running on one laptop. In another laptop, I am downloading something big from the internet (in a home Wifi network) at a speed of approximately 150kB/sec to 250kB/sec.
But in Wireshark, I… Continue reading Wireshark shows fewer Wifi Data packets than expected
After bruteforce (many POST requests to "wp-login.php" from host 10.0.1.85) there were a couple of requests to admin-ajax.php followed by a response from the server (10.0.1.88).
Further connection is conducted via SSH. Could this… Continue reading Does this Wireshark traffic dump show that there was a successful login?
I was given the task to analyze traffic in Wireshark for possible network attacks (all in the local area), I am not very good at it and the only thing I could find (and not sure that it is correct) is SYN-flood and possibly MiTM attack. Mi… Continue reading Help with traffic dump in Wireshark [closed]
I am doing testing with some ethernet device, for which I use an own TLS implementation (using OpenSSL for the actual cryptographic functions). There are pre shared keys used. When I am connecting to the device using the cipher suite TLS_P… Continue reading Anlyzing PSK-TLS handshake (Handshake Finished record) in Wireshark
I am attempting to sniff the Bluetooth between the fitness tracker(GOJI ACTIVE GFITBK20 Activity Tracker) and the application(Goji Active) installed on the phone but I am unable to see any health information such as heart beat rate, calori… Continue reading Sniff Bluetooth traffic using Fitness Tracker [migrated]
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see what kind of data is being set out.
I have… Continue reading export burp certificate to wireshark for inspection