Collaborate Disseminate
Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-lev… Continue reading Traceeshark: Open-source plugin for Wireshark
Following some suspicious activities on my PC, and also out of a general interest, I would like to expand my knowledge in IT forensics.
This quickly makes one aware of the complexity of the subject, and also how vague and elusive it feels … Continue reading What types of events in ProcMon are malicious?
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof methods that can prevent such decryption of… Continue reading How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
I have a Alfa AWUS1900 Wifi adapter in monitor mode running on one laptop. In another laptop, I am downloading something big from the internet (in a home Wifi network) at a speed of approximately 150kB/sec to 250kB/sec.
But in Wireshark, I… Continue reading Wireshark shows fewer Wifi Data packets than expected
After bruteforce (many POST requests to "wp-login.php" from host 10.0.1.85) there were a couple of requests to admin-ajax.php followed by a response from the server (10.0.1.88).
Further connection is conducted via SSH. Could this… Continue reading Does this Wireshark traffic dump show that there was a successful login?
I was given the task to analyze traffic in Wireshark for possible network attacks (all in the local area), I am not very good at it and the only thing I could find (and not sure that it is correct) is SYN-flood and possibly MiTM attack. Mi… Continue reading Help with traffic dump in Wireshark [closed]
I am doing testing with some ethernet device, for which I use an own TLS implementation (using OpenSSL for the actual cryptographic functions). There are pre shared keys used. When I am connecting to the device using the cipher suite TLS_P… Continue reading Anlyzing PSK-TLS handshake (Handshake Finished record) in Wireshark
I am attempting to sniff the Bluetooth between the fitness tracker(GOJI ACTIVE GFITBK20 Activity Tracker) and the application(Goji Active) installed on the phone but I am unable to see any health information such as heart beat rate, calori… Continue reading Sniff Bluetooth traffic using Fitness Tracker [migrated]
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see what kind of data is being set out.
I have… Continue reading export burp certificate to wireshark for inspection
My router (Unifi UDM-SE) has a honeypot configured which is capturing a scan from the iPhone about twice per day. I would like to figure out which App is doing this. I have followed the instructions on this post (Detecting port scanning ac… Continue reading How can I determine which IOS application on my iPhone is scanning my local network? [migrated]