nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-08-23 21:12:46 +09:00 committed by GitHub
parent 44831ddba4
commit 250ad7302d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
malware-analysis_ref_and_memo.md
View File

@ -82,10 +82,16 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
### Traffic Analysis tools ### Traffic Analysis tools
- **[Wireshark](https://www.wireshark.org/download.html)** - **[Wireshark](https://www.wireshark.org/download.html)**
-
- http/httpsリクエストを表示/宛先ホスト・サーバ名を確認
```
http.request or ssl.handshake.type == 1
```
- CLI版はTShark - CLI版はTShark
- ref: - ref:
- [Wireshark Tutorial,Unit42(2019)](https://unit42.paloaltonetworks.com/tag/tutorial/) - [Wireshark Tutorial,Unit42(2019)](https://unit42.paloaltonetworks.com/tag/tutorial/)
- [Decrypting SSL/TLS traffic with Wireshark](https://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/) - [Decrypting SSL/TLS traffic with Wireshark](https://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/)
- [Wireshark Tutorial: Decrypting HTTPS Traffic](https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/)
- **tcpdump** - **tcpdump**
- **[Scapy](https://scapy.net/)** - **[Scapy](https://scapy.net/)**
- **[Fiddler](https://www.telerik.com/fiddler)** - **[Fiddler](https://www.telerik.com/fiddler)**