Exploring interesting network traffic with Wireshark

This is a past event

8 people went

Virginia International University

4401 Village Dr. · Fairfax, VA

How to find us

MeetUp is located in the Global Bistro returant

Location image of event venue

Details

This meeting will be an extension to our previous meeting where Metasploit was used to exploit a MS Windows machine vulnerable to MS17-10.

We'll discuss using Wireshark filers, the suite of Sysinternals tools, PSExec, and more.

-----Lab/Live demo---
Capturing network traffic and analyzing while:
-Running psexec.exe and sending remote commands
-Exploiting MS17-10 with Metasploit and getting a reverse shell

References:

Microsoft Security Bulletin MS[masked]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010

Sysinternals Suite:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

PsExec:
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

PsExec is also available in Metasploit under exploit/windows/smb/psexec
https://www.gracefulsecurity.com/when-anti-virus-eats-metasploits-psexec-running-windows-commands-remotely/

WireShark Display Filters:
https://www.thegeekstuff.com/2012/07/wireshark-filter/

So bring a laptop with an updated version of Kali, an open mind, a willingness to learn and share your cyber security experiences.