• Video Tutorial: Installing NetworkMiner Professional

    Updated: 2024-10-15 22:28:36
    This video tutorial covers how to install NetworkMiner Professional. Use the official 7-zip tool to extract the password protected 7zip archive. Recommended locations for NetworkMiner: DesktopMy DocumentsC:\Users\{user}\AppData\Local\Programs\USB flash drive See our NetworkMiner Professional tutoria[...]

  • Opening capture files with NetworkMiner Professional

    Updated: 2024-10-15 22:28:36
    This video tutorial demonstrates how to open capture files with NetworkMiner Professional The analyzed pcap-ng file is github.pcapng from CloudShark. More info about this capture file can be found in our blog post Forensics of Chinese MITM on GitHub. See our NetworkMiner Professional tutorial videos[...]

  • Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)

    Updated: 2024-10-15 15:08:01
    Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.

  • ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)

    Updated: 2024-10-15 02:00:02
    Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.

  • Phishing Page Delivered Through a Blob URL, (Mon, Oct 14th)

    Updated: 2024-10-14 07:37:44
    I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I&#;x26;#;39;ll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers.

  • ISC Stormcast For Monday, October 14th, 2024 https://isc.sans.edu/podcastdetail/9178, (Mon, Oct 14th)

    Updated: 2024-10-14 02:00:01
    I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I&#;x26;#;39;ll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers.

  • Wireshark 4.4.1 Released, (Sun, Oct 13th)

    Updated: 2024-10-13 06:05:59
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Friday, October 11th, 2024 https://isc.sans.edu/podcastdetail/9176, (Fri, Oct 11th)

    Updated: 2024-10-11 02:00:02
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)

    Updated: 2024-10-10 02:00:02
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Wednesday, October 9th, 2024 https://isc.sans.edu/podcastdetail/9172, (Wed, Oct 9th)

    Updated: 2024-10-09 02:00:02
    A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I won't repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13)[2]. I dropped the malware in my lab to see how it detonated. I infected the lab without root privileges and detected the same behavior except files were not written to some locations due to a lack of access (not root). When executing without root privileges, the rootkit feature is unavailable and the malware runs "disclosed".

  • Microsoft Patch Tuesday - October 2024, (Tue, Oct 8th)

    Updated: 2024-10-08 19:18:33
    Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical.

  • VoIP tab in NetworkMiner Professional

    Updated: 2024-10-04 06:20:00
    The VoIP tab is a unique feature only available in NetworkMiner Professional. The analyzed PcapNG file comes from a blog post by Johannes Weber titled VoIP Captures. See our NetworkMiner Professional tutorial videos for more tips and hints.

  • Browsers tab in NetworkMiner Professional

    Updated: 2024-10-03 09:10:00
    The Browsers tab is a unique feature only available in NetworkMiner Professional. The PCAP files analyzed in this video are pwned-se_150312_outgoing.pcap and pwned-se_150312_incoming.pcap, which are snippets of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides). More information[...]

  • Files tab in NetworkMiner Professional

    Updated: 2024-10-02 07:10:00
    The PCAP file analyzed in this video is pwned-se_150312_outgoing.pcap, which is a snippet of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides). See our NetworkMiner Professional tutorial videos for more tips and hints.

  • Hosts tab in NetworkMiner Professional

    Updated: 2024-10-01 08:25:00
    The PCAP file analyzed in this video is MD_2015-07-22_112601.pcap, which is a snippet of the training data used in our network forensics classes from 2015 to 2019. Techniques, tools and databases mentioned in the tutorial: CIDR notationSatorip0fmac-ages Check out our Passive OS Fingerprinting blog p[...]

Current Feed Items | Previous Months Items

Sep 2024 | Aug 2024 | Jul 2024 | Jun 2024 | May 2024 | Apr 2024