This video demonstrates how one could use the SecurityOnion distribution to analyze a pcap, captured during a malware infection. This video will demonstrate this by using tcpreplay to "replay" a pcap of an Angler EK infection. Using various tools provided in the SecurityOnion distribution you will discover the chain of events that led up to the compromise.
Tools used are SecurityOnion, SGUIL, WHOIS, SNORT, ELSA, BRO and more
PCAP provided by http://www.malware-traffic-analysis.net/
More videos: https://github.com/Security-Onion-Solutions/security-onion/wiki/Videos
This video is a demo used in the workshops of the CyberSecurity Operations Networking Academy course.
Comments