Wireshark and Malicious PCAP Analysis

什麼是Wireshark?

是一個流量封包分析工具

Wireshark • Go DeepWireshark

選擇適合自己作業系統的Wireshark

會看相關階層的協定

網路封包分析的好幫手—Wireshark　擷取分析、防範攻擊無所不包 | 網管人www.netadmin.com.tw

有很多別人準備好的PCAP可以玩～（謹慎使用）

Public PCAP files for downloadNetresec

malware-traffic-analysis.netmalware-traffic-analysis.net

下載PCAP，用自己的Wireshark安裝起來研究

https://www.malware-traffic-analysis.net/2021/04/09/2021-04-09-IcedID-infection-traffic.zipwww.malware-traffic-analysis.net

某種惡意程式的惡意流量現形記

封包分析是有課程與認證的 https://www.uuu.com.tw/Course/Show/930/%E7%B6%B2%E8%B7%AF%E5%AE%89%E5%85%A8%E5%B0%81%E5%8C%85%E5%88%86%E6%9E%90%E8%AA%8D%E8%AD%89%E8%AA%B2%E7%A8%8B

Network Forensics Training ***

Network Forensics, Wireshark Basics, Part 1

Network Forensics: Wireshark Basics, Part 01Hackers Arise

Network Forensics: Wireshark Basics, Part 2

https://www.hackers-arise.com/post/2018/11/30/network-forensics-part-2-packet-level-analysis-of-the-eternalblue-exploitwww.hackers-arise.com

https://www.eset.com/afr/about/newsroom/press-releases-afr/awards/%E6%B0%B8%E6%81%92%E4%B9%8B%E8%97%8D%E9%87%9D%E5%B0%8Dwannacryptor%E8%A0%95%E8%9F%B2%E6%82%A8%E7%9A%84%E9%9B%BB%E8%85%A6%E6%89%93%E4%BA%86%E6%BC%8F%E6%B4%9E%E8%A3%9C%E4%B8%81%E5%97%8E-%E6%96%B0%E8%81%9E%E4%B8%AD%E5%BF%83/

資安的流量防護

Firewall- linux firewall iptables

IDS/IPS- 入侵偵測系統- suricata