WIRESHARK SETTINGS FOR IR AND MALWARE TRAFFIC ANALYSIS

The Wireshark profile settings and notes from the tutorials posted at http://www.malware-traffic-analysis.net/about.html

How to Add the Wireshark Settings

  1. Get Profile Settings Directory: Help -> About Wireshark -> Folders -> Personal configuration
  2. Add this repository to the Wireshark profile settings directory to obtain the customizations from www.malware-traffic-analysis.net

Notes

  1. Quick Notes
  2. Example incident report

Investigation Resources

  1. Automated Malware Analysis Including PCAPS
  2. Virus Share, Malware Samples
  3. CAPE Sandbox
  4. Reverse IT Malware Analysis