Packet Detectives

12/04/2023

New for 2024: 3 Lines of Defense with Bard, ChatGPT & Claude:
Alignment is a Full Duplex Network!

For our 3 Lines of Defense, I plan to use ChatGPT, Bard and making its first appearance in one of classes, please give big round of applause to Claude 2!

And please be nice. Claude is very shy about security and does not cache session data (at least in a way I can use), so he really can't keep up with the class over the days the way our ChatGPT & Bard can. Might make him the perfect AI to play the 3rd Line of Defense as an independent auditor!

11/03/2023

It's time for DNS with ! I have been learning from his blog for years, https://zurl.co/LJx0.

11/02/2023

Learning and tricks to capture traffic in with aka Uli Heilmeier. Knowing the limitations is key. Side note, I love presenters who use qr codes!

11/02/2023

I love seeing the geeky t-shirts at . Here is Ross rocking his Ethernet diagram that Bob Metcalfe drew for the original proposal. I wonder how many people knew what it was at the airport 😎. https://zurl.co/E6ii

11/01/2023

My favorite time at is when the are introduced in the . Not all of them come to each conference though 😥. We found out there are approximately 60 core Developers at any given moment. People's lives change, and they come and go. However, each gentlemen on the stage has been core for over 10 years, and some for over 20. None of them get paid except Gerald (Thanks Sysdig!) They do it for the love and the glory, it is their passion project. 🦈

11/01/2023

Hanging with the awesome "author" learning about the ins and outs of . Biggest key is that if you write a polite prompt will generate a polite answer, which is usually wrong. Prompt how you actually talk.

10/09/2023

Every want to filter for all of the Client Hello's for in ?

tls.handshake.extensions_server_name ~ "microsoft|teams|live\\.com|skype|msedge\\.net|office|msauth|aka\\.ms|onedrive|msecnd\\.net|msftncsi"

Even catch those using .

09/22/2023

To make open faster, I turn off most of the dissectors. Realized with my customer last week, I left off QinQ. If you use my shared profiles, and your layer 3-7 protocols aren't dissecting, go to Analyze>Enabled Protocols to turn back on 802.1a.

09/22/2023

is starting! You should be here, https://zurl.co/Foik

The Open-Source Intelligence (OSINT) Summit will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Register now for FREE.

09/08/2023

Want access to profiles? https://zurl.co/Scpz They all use the same color rule and filter set. I just updated them all today. Enjoy.

Analyze Pcaps Faster - Profiles Repository Have Wireshark ready when you need it the most. Use the whole profile or just the parts you need. Flexible yet consistent.

08/18/2023

Ever need to filter for IP multicasts?

(ip.dst ge 224.0.0.0 and ip.dst lt 240.0.0.0) or ipv6.dst ge ff00::

ge stands for greater than or equal to.