I'm curious to know what you think about Intel ME. There's some claims that ME is spyware from Intel. Do you think it's more of a risk or benefit to keep ME, being there's a way to disable it with me_cleaner

thanks bro

I appreciate that! Thanks for the comment!

Thank you so much Kiran!

Thank you!

Awesome! Yeah those two are VERY useful. Glad the video helped. I'll be posting another as soon as I can get my hands on that script. Stay tuned!

Thanks, will do!

Thank you Andy!

Thanks!

My pleasure Derrick!

😂 I was wondering when someone would comment on my cat.

Awesome! Reach out if you have any questions.

Glad you liked it! Thank you for the comment.

Great to hear. Thanks for the feedback!

My pleasure!

Thanks for the comment Jorge!

Glad it was helpful! More to come about this vuln as I get more pcaps.

Thanks Vyas!

We were thinking the same thing... I just had to get my hands on the pcap!

Thanks for the comment!

Thanks a lot!

Glad you liked it! It's always hard to strike a balance in pacing. Keep the advanced folks interested while not losing the new folks. Thank you for the comment.

Glad it was helpful!

Thank you!

Glad it was helpful!

Thanks for the comment Ryan. No kidding! I do too... as soon as I can get my hands on a clean, share-able pcap I will get the video out.

Thanks, will do!

I need one monitor extra for this wireshark map ;-)

Thanks! 👍

Do you have the geoIP databases loaded?

You are welcome!

You are so welcome!

Glad you liked it!

You are welcome! More to come as I get more pcaps!

Hey - can you tell me a bit more about exactly what you see? by 802.11 do you mean control and mgt frames?

Glad it was helpful!

Thanks!

Thanks!

Thanks for the comment Kevin!

Glad it was helpful!

Hey! This particular one wasn't captured. However I did get my hands on a pcap with a similar attack and the script was captured too. I'm prepping the content for that video now. Stay tuned!

@@ChrisGreer Thanks !

Hmmmm, nice. Thanks for the comment!

Glad it was helpful!

Glad you enjoy it!

Not much yet - but the more I learn the more I will share. Thanks for the comment!

Hey Giorgio! So the server could totally start a stream back to the callback server, no rules against that. It may use another utility to do so however. I haven't tried using wget over UDP so I'm not sure on that one.

@@ChrisGreer Thanks Chris!:)

Thanks Fay!

Nice detail! Thanks for sharing.

Hey Chris thanks for the comment. I was able to get my hands on a pcap with more detail, so I plan to release a follow-on video soon. Stay tuned!

@@ChrisGreer Sure, sure, I subbed for sure. I have also a ethical hacker course. I really have to fit in with everything else I'm trying to wrap my head. We standing by.

Hey German, good question! So the outbound TCP SYN filter would still work. I would probably add "!ip.dst==10.0.0.0/8" or whatever my internal address range was. Just because even though I might miss lateral movement from the server, I would definitely catch anytime it is going external to connect to somebody out there. I'd also keep a close eye on the number of small https connections that are made and the payload sizes. The post is a TCP connection all its own and is just a quick exchange. If I saw that behavior, followed by the server connecting externally, that would be suspect.

Glad you liked it!

Great question. I think it is great info for a CCNA to know, but it will not be on the exam. As far as TCP and Wireshark goes, the exam is very light on the details.

I wonder if it is the way the file is being unzipped?

I usually just double click it, or find it from within the Wireshark user interface.

@@ChrisGreer Thank you!

No problem!

You're welcome 😊

Thank you too!

Glad you liked it!

Many thanks! Glad you liked it!

Thanks 😊

Welcome!

Thank you!