CloudShark

Tagged: Security

Tuesday, Oct 9, 2018

How to Identify and Analyze BitTorrent Alerts in Your Network

Tracking down BitTorrent activity with packet captures We love the exercises at malware-traffic-analysis.net, and occasionally we’ll pick some that we try to solve using CloudShark and its tools. This time however, we’re going through one armed with tools that we learned from Brad’s class (the author of malware-traffic-analysis) at Sharkfest US 2018, where he gave an in-depth class on using packet captures for malware analysis, as well as a presentation on Analyzing Windows malware traffic.

Read the whole entry »


Monday, Sep 10, 2018

Using CloudShark to ensure HIPAA privacy compliance

Network packet captures present an interesting problem for HIPAA compliance, but they don’t have to be one that causes headaches. When it comes to securing electronic assets, packet captures are often overlooked more than other network and IT related resources. This is because they tend to be esoteric - compliance officers don’t need or want to have packets on their minds. Also, the methods through which they are obtained trend towards creating local, unaccountable copies of the traffic going over your network.

Read the whole entry »


Monday, Jul 23, 2018

What is new with TLS 1.3 - some capture examples

In August of 2018, the Internet Engineering Task Force (IETF) moved Transport Layer Security (TLS) Version 1.3 to RFC 8446. In the world of networking standards, this means it has been properly vetted by the community and is officially ready for showtime on clients and servers. About these captures We're able to look at TLS 1.3 handshakes thanks to support for the protocol in tshark 2.6. CloudShark 3.5 and later versions have support for TLS 1.

Read the whole entry »


Monday, Mar 5, 2018

Exploring the memcached DDoS attack

During the last week of February in 2018, several big internet sites started seeing a huge increase in a particular style of DDoS attack, taking advantage of the memcached protocol. Being the packet geeks we are, we wanted to explore the attack on one of our own internal servers and get a capture of what’s happening at the packet level so you can see it in action. What is memcached?

Read the whole entry »


Friday, Feb 2, 2018

Malware Analysis Exercise - When Your Users Run Email Attachments

CloudShark developer and packet guru Tom Peterson gives us another example from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. The exercise: Two Malicious E-mails, Two PCAPs to Analyze In this exercise, we need to find out what happened when some users downloaded some suspicious attachments and executed the attachments contained therein.

Read the whole entry »


Thursday, Dec 21, 2017

Six Malware Traffic Analysis Exercises in One

CloudShark developer and packet guru Tom Peterson gives us another example from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. The exercise: 6 different pcaps with different malicious activity The 2017-11-21 malware traffic analysis exercise is a bit different than the past two I’ve dug into. This exercise is simply 6 PCAPs and our task is to just figure out what’s happening in each one.

Read the whole entry »


Wednesday, Dec 6, 2017

Windows 10 Malware Analysis Exercise in CloudShark

CloudShark developer and packet guru Tom Peterson has been deep in the trenches doing malware analysis exercises from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. What’s up with this Windows 10 PC? Hi all! Tom here from CloudShark Support. One of the latest exercises from malware-traffic-analysis.net involves seeing some malicious traffic coming from a Windows 10 PC, as set up in the 2017-10-21 malware traffic analysis exercise.

Read the whole entry »


Thursday, Oct 5, 2017

Malware Analysis Exercise in CloudShark - 2017-09-19

Hi all! Tom here. You may remember me as the face of CloudShark Support, and your host in our last malware analysis packet capture challenge. I’ve been working through more of the traffic analysis exercises posted at malware-traffic-analysis.net, that we featured in our challenge. These exercises have been a great way to learn how to jump to packet captures first when looking at a potential malware attack. I found them really fun to go through and really digging deep into specific examples of malware and how it infects hosts and networks.

Read the whole entry »


Thursday, Sep 7, 2017

Malware Analysis Webinar Challenge

Thanks to those who participated in our latest Challenge! You can watch the webinar walkthrough here: We’ve been a big fan of malware-traffic-analysis.net. They have a huge archive with cool examples of malicious network attacks and malware attempts, and do a great job taking even newbies through the examples. We wanted to bring one of those examples to our users to see how to solve it in CloudShark.

Read the whole entry »


Tuesday, Mar 7, 2017

Search Engine Indexing and CloudShark

The news cycle about cyber-security has been more active than ever before. When we launched CloudShark back in 2010, we knew there would be some hesitation in putting something as sensitive as packet captures in the cloud. While the world has grown since then, we wanted to write a quick note for transparency about how CloudShark data is contained and shared. How CloudShark Sessions Work Each upload to CloudShark generates a unique “session” URL.

Read the whole entry »


Monday, Sep 19, 2016

Best Practices for Managing and Securing Network Capture Files

This article is the full text of our white paper on the same topic Packet Capture Files: Valuable but Vulnerable Packet capture files - files that record network traffic—are invaluable resources for network administrators, help desk staff, and IT security experts. Filled with application data and protocols, timestamps, and error codes, these files provide IT engineers with a detailed view of what took place on a network during a specific period of time.

Read the whole entry »


Friday, Sep 16, 2016

HIPAA, shadow IT, and the packet capture problem

Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. Recently we’ve been having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”. HIPAA and packet captures The relevant parts of HIPAA to packet capture security include sections on workstation use and security, device and media controls (including rules for backup and storage), access controls to electronic resources, and a section that addresses transmission security, which requires encryption of those record during transmission.

Read the whole entry »


Wednesday, Feb 17, 2016

Capture of recently discovered glibc getaddrinfo() vulnerability

The folks at Google Security recently discovered a vulnerability in glibc’s getaddrinfo() library function, allowing attackers to execute malicious code transmitted in oversized DNS replies. Scary stuff! Luckily, there’s already a patch, and the developers generated some proof of concept code to demonstrate the vulnerability. We took that code and ran it against some of our own systems. You can see a packet capture of the whole thing here: https://www.cloudshark.org/captures/0a13d445cb31

Read the whole entry »


Thursday, Jul 2, 2015

How do you debug web applications that use encrypted channels?

Well, it’s official; the IETF has officially deprecated SSLv3.0. This means that it’s now a protocol violation to fall back to it. This is good news, since the number and types of attacks have been on the rise for awhile now. We’d like to take the opportunity to explore how to debug web applications that use HTTPS over SSL/TLS in CloudShark. It’s undeniable that debugging HTTP traffic is one of the most common use-cases for a packet decoder.

Read the whole entry »


Friday, Apr 24, 2015

Captures and Analysis of the QUANTUMINSERT Attack

We now know a lot about the NSA’s various techniques in its QUANTUM program. One of the most prolific (and sneaky) of these attacks is the “QUANTUMINSERT”, which exploits a long-known TCP vulnerability that will cause, effectively, a redirect to a malicious resource. It’s tricky, since it requires careful timing; the spoofed packet needs to arrive before the expected packet. One of our most engaging customers, Fox-IT, is an active team of hackers, programmers, and cybersecurity experts that provides innovative solutions for government, defense, law enforcement, critical infrastructure, banking, and commercial enterprise clients worldwide.

Read the whole entry »


Published Thursday, Feb 19, 2015

Senior Certified SANS Instructor Paul Henry Uses CloudShark to Enhance Network Security Courses

Here is a case study with Vnet Security’s Paul A. Henry, a senior certified SANS instructor who explains how using CloudShark in his coursework has made network security education faster and clearer for his students.

Read the whole case study »


Monday, Feb 9, 2015

HIPAA, shadow IT, and the packet capture problem

Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. We’ve been harping lately on network security, which is one of the reasons we included secure delete as a new feature in CloudShark 2.4. This got us having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”.

Read the whole entry »


Wednesday, Jan 7, 2015

2014 Was a Year of Big Security Breaches

If there’s one thing we noticed about 2014, it was the year of Really Big Vulnerabilities ™. Sure, these sorts of things happen all the time, but now more than ever it is becoming obvious that perimeter security is not sufficient and each constituent system in a network must be regarded as a public system, regardless of assumption. Systems will be compromised, and preparing for what to do after an attack is just as important as preventing attacks in the first place.

Read the whole entry »


Wednesday, Jan 7, 2015

Heartbleed, Poodle, Shellshock, and the Sony Hack - Big Security Breaches of 2014

If there’s one thing we noticed about 2014, it was a year of many security announcements. It is becoming obvious that perimeter security is not sufficient and each constituent system in a network must be regarded as a public system, regardless of assumption. Systems will be compromised, and preparing for what to do after an attack is just as important as preventing attacks in the first place. In any case, we thought we’d do a quick review:

Read the whole entry »


Tuesday, Nov 25, 2014

Packet Capture Challenge - Attacking a Secure Wifi Connection

This challenge is complete! Try it yourself or scroll to the solution below. It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network. The Challenge Take a look at this capture.

Read the whole entry »


Published Wednesday, May 7, 2014

Defense.net Uses CloudShark in the Fight Against DDoS

Defense.net in the business of DDoS mitigation. The task of capturing, detecting, and filtering such massive attacks means they often go directly to raw packet data to root out customer problems. CloudShark’s collaboration tools have changed the way they deal with packet captures, saving them valuable time in an industry where seconds matter.

Read the whole case study »


Wednesday, Apr 9, 2014

Packet Capture of Heartbleed in Action

As many are aware (as it’s now become national news), a vulnerability was recently discovered in OpenSSL dubbed Heartbleed. The attack centers around the implementation of the Heartbeat extension in OpenSSL which causes a server to return the contents of memory that should be protected. This blogpost by Troy Hunt describes the vulnerability in detail: Everything you need to know about the Heartbleed SSL bug. Being packet geeks, naturally we wanted to get a capture of the Heartbleed attack in action.

Read the whole entry »


Published Tuesday, Jan 7, 2014

Fox IT Uses CloudShark Appliance to Organize and Streamline Network Security Monitoring

We got a chance to sit down with one of CloudShark’s most engaging customers, Fox-IT, who sit on the front lines of the exciting Cybersecurity world. Here’s what they had to say about using CloudShark!

Read the whole case study »


Tuesday, Nov 19, 2013

Kerberos Decryption Support

If you don’t already know, one of CloudShark’s main features is the ability to manage RSA keys and allow those keys to be used to decrypt SSL traffic, allowing users to view encrypted data without ever having to give out your RSA keys. But what about other types of encryption? We were recently approached about support for Kerberos in CloudShark captures. CloudShark can actually support the decryption of Kerberos encrypted data using the Wireshark preferences file that we showed you before for fixing your RTP decode settings.

Read the whole entry »


Thursday, Feb 7, 2013

Intel "Packet of Death" Capture

UPDATE: Here is Intel’s official statement - it is important to note that this had little to do with Intel and only a specific manufacturer. The creator of AstLinux, Kristian Kielhofner, recently discovered a bug in certain model and version of Intel based Gigabit Ethernet implementations that can result in a “packet of death” that will bring down the network interface, requiring a power cycle of the interface in order to restore functionality.

Read the whole entry »


Tuesday, Jan 29, 2013

MITM Attack Capture Shared Through CloudShark

Last weekend, an apparent Man-In-The-Middle (MITM) Attack on the popular code sharing site github.com occurred, which seemed to originate from China for users trying to traverse the “Great Firewall”. This was strange, as there had been many news stories not even two days before about China blocking and then subsequently unblocking access to github. Whatever the reason, a subject of the attack was able to create a packet trace of it, and uploaded it to our free cloudshark.

Read the whole entry »


Thursday, Dec 13, 2012

Solution - Packet Capture Challenge 6

This capture challenge has concluded! Thank you for all of your answers! You can find the solution below, or try the challenge for yourself. The Challenge Happy Holidays from CloudShark! We’ve had a lot of new followers and users of CloudShark.org in the network security field, so we have a special intrusion capture challenge for you this month. It requires very little description, but you can use CloudShark’s web-based analysis tools and packet view to figure it out.

Read the whole entry »


Thursday, Sep 6, 2012

Network Security Toolkit Integrates CloudShark

Read this great article by ISSA Journal on Cloudshark/NST integration! We are pleased to announce that Network Security Toolkit has integrated CloudShark upload capability into their 12.16.0-4104 release. NST is a very comprehensive suite of open source network security and analysis tools with a complete web interface, allowing you to perform a number of functions remotely by accessing the system on which NST is installed. The addition of the CloudShark Upload Manager lets NST users perform multi-tap packet capture and instantly upload those captures to a CloudShark Appliance - centralizing your captures and letting you view and analyze them anywhere on any device.

Read the whole entry »


About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: