I'm curious to know what you think about Intel ME. There's some claims that ME is spyware from Intel. Do you think it's more of a risk or benefit to keep ME, being there's a way to disable it with me_cleaner

thanks bro

I appreciate that! Thanks for the comment!

Great to hear. Thanks for the feedback!

Thanks!

Awesome! Yeah those two are VERY useful. Glad the video helped. I'll be posting another as soon as I can get my hands on that script. Stay tuned!

Thank you!

Glad it was helpful! More to come about this vuln as I get more pcaps.

Thanks, will do!

Thank you Andy!

My pleasure!

Glad you liked it! Thank you for the comment.

😂 I was wondering when someone would comment on my cat.

My pleasure Derrick!

Awesome! Reach out if you have any questions.

We were thinking the same thing... I just had to get my hands on the pcap!

Thanks Vyas!

Thanks for the comment Ryan. No kidding! I do too... as soon as I can get my hands on a clean, share-able pcap I will get the video out.

Thanks for the comment Jorge!

Thank you so much Kiran!

Nice detail! Thanks for sharing.

Glad it was helpful!

Thank you!

Glad it was helpful!

Thanks for the comment!

You are so welcome!

You are welcome!

Thanks, will do!

Glad it was helpful!

Glad you liked it! It's always hard to strike a balance in pacing. Keep the advanced folks interested while not losing the new folks. Thank you for the comment.

Glad it was helpful!

Thanks a lot!

I need one monitor extra for this wireshark map ;-)

Thanks! 👍

Thanks!

Thanks Fay!

Glad you liked it!

You are welcome! More to come as I get more pcaps!

Glad you enjoy it!

Glad it was helpful!

Thanks!

Thanks for the comment Kevin!

Hey - can you tell me a bit more about exactly what you see? by 802.11 do you mean control and mgt frames?

Glad you liked it!

Hmmmm, nice. Thanks for the comment!

Hey! This particular one wasn't captured. However I did get my hands on a pcap with a similar attack and the script was captured too. I'm prepping the content for that video now. Stay tuned!

@@ChrisGreer Thanks !

Glad you liked it!

Many thanks! Glad you liked it!

Thank you too!

Not much yet - but the more I learn the more I will share. Thanks for the comment!

Hey Giorgio! So the server could totally start a stream back to the callback server, no rules against that. It may use another utility to do so however. I haven't tried using wget over UDP so I'm not sure on that one.

@@ChrisGreer Thanks Chris!:)

You're welcome 😊

Do you have the geoIP databases loaded?

Thanks 😊

No problem!

Hey Chris thanks for the comment. I was able to get my hands on a pcap with more detail, so I plan to release a follow-on video soon. Stay tuned!

@@ChrisGreer Sure, sure, I subbed for sure. I have also a ethical hacker course. I really have to fit in with everything else I'm trying to wrap my head. We standing by.

Hey German, good question! So the outbound TCP SYN filter would still work. I would probably add "!ip.dst==10.0.0.0/8" or whatever my internal address range was. Just because even though I might miss lateral movement from the server, I would definitely catch anytime it is going external to connect to somebody out there. I'd also keep a close eye on the number of small https connections that are made and the payload sizes. The post is a TCP connection all its own and is just a quick exchange. If I saw that behavior, followed by the server connecting externally, that would be suspect.

I wonder if it is the way the file is being unzipped?

Great question. I think it is great info for a CCNA to know, but it will not be on the exam. As far as TCP and Wireshark goes, the exam is very light on the details.

I usually just double click it, or find it from within the Wireshark user interface.

@@ChrisGreer Thank you!

Welcome!

Thank you!