Hacker hunting with Wireshark (even if SSL encrypted!)

The packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks. // Get Wireshark Certified // Check out the official training course 📘 GET TRAINING: https://courses.davidbombal.com/l/pdp/wireshark-certified-analyst-wca-the-complete-hands-on-course?coupon_code=WIRESHARKHACK Use code "WiresharkHack" to get a $50 discount 🔗 Learn more: https://wireshark.org/certifications // PCAP download // Get the pcap here: https://malware-traffic-analysis.net/2020/05/28/index.html // Websites mentioned // ja3: https://ja3er.com If ja3er doesn't work, try this site: https://sslbl.abuse.ch/ja3-fingerprints Malware Analysis pcaps: https://malware-traffic-analysis.net //CHRIS GREER // Wireshark course: https://davidbombal.wiki/chriswireshark Nmap course: https://davidbombal.wiki/chrisnmap LinkedIn: https://www.linkedin.com/in/cgreer/ YouTube: https://www.youtube.com/c/ChrisGreer Twitter: https://twitter.com/packetpioneer // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Intro 04:24 - Sharkfest / DEFCON 05:55 - What is Threat Hunting? 07:33 - Why threat hunt with Wireshark? 10:05 - What are IOCs 10:30 - Why should we care? 12:23 - Packets/PCAPs 18:48 - 'Low hanging fruit' 21:10 - TCP Stream 27:29 - Stream 35:00 - How to know what to look for? 37:49 - JA3 Client Fingerprint 41:25 - ja3er.com 48:08 - Brim 52:20 - TSHARK 58