• Video Tutorial: Installing NetworkMiner Professional

    Updated: 2024-10-15 14:25:00
    This video tutorial covers how to install NetworkMiner Professional. Use the official 7-zip tool to extract the password protected 7zip archive. Recommended locations for NetworkMiner: DesktopMy DocumentsC:\Users\{user}\AppData\Local\Programs\USB flash drive See our NetworkMiner Professional tutoria[...]

  • Opening capture files with NetworkMiner Professional

    Updated: 2024-10-15 14:25:00
    This video tutorial demonstrates how to open capture files with NetworkMiner Professional The analyzed pcap-ng file is github.pcapng from CloudShark. More info about this capture file can be found in our blog post Forensics of Chinese MITM on GitHub. See our NetworkMiner Professional tutorial videos[...]

  • ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)

    Updated: 2024-10-15 02:00:02
    , , : Internet Storm Center Sign In Sign Up SANS Network Security : Las Vegas Sept 4-9. Handler on Duty : Johannes Ullrich Threat Level : green previous My next : class Network Monitoring and Threat Detection In-Depth Singapore Nov 18th Nov 23rd 2024 ISC Stormcast For Tuesday , October 15th , 2024 https : isc.sans.edu podcastdetail 9180 My next : class Network Monitoring and Threat Detection In-Depth Singapore Nov 18th Nov 23rd 2024 previous Comments Login here to join the . discussion Top of page Ø Diary Archives Homepage Diaries Podcasts Jobs Data TCP UDP Port Activity Port Trends SSH Telnet Scanning Activity Weblogs Threat Feeds Activity Threat Feeds Map Useful InfoSec Links Presentations Papers Research Papers API Tools DShield Sensor DNS Looking Glass Honeypot RPi AWS InfoSec Glossary

  • Phishing Page Delivered Through a Blob URL, (Mon, Oct 14th)

    Updated: 2024-10-14 07:37:44
    I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I&#;x26;#;39;ll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers.

  • ISC Stormcast For Monday, October 14th, 2024 https://isc.sans.edu/podcastdetail/9178, (Mon, Oct 14th)

    Updated: 2024-10-14 02:00:01
    I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I&#;x26;#;39;ll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers.

  • Wireshark 4.4.1 Released, (Sun, Oct 13th)

    Updated: 2024-10-13 06:05:59
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Friday, October 11th, 2024 https://isc.sans.edu/podcastdetail/9176, (Fri, Oct 11th)

    Updated: 2024-10-11 02:00:02
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)

    Updated: 2024-10-10 02:00:02
    Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see "Wireshark 4.4&#;x26;#;39;s IP Address Functions".

  • ISC Stormcast For Wednesday, October 9th, 2024 https://isc.sans.edu/podcastdetail/9172, (Wed, Oct 9th)

    Updated: 2024-10-09 02:00:02
    A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I won't repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13)[2]. I dropped the malware in my lab to see how it detonated. I infected the lab without root privileges and detected the same behavior except files were not written to some locations due to a lack of access (not root). When executing without root privileges, the rootkit feature is unavailable and the malware runs "disclosed".

  • Microsoft Patch Tuesday - October 2024, (Tue, Oct 8th)

    Updated: 2024-10-08 19:18:33
    Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical.

  • ISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)

    Updated: 2024-10-08 02:00:03
    Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical.

  • VoIP tab in NetworkMiner Professional

    Updated: 2024-10-04 06:20:00
    The VoIP tab is a unique feature only available in NetworkMiner Professional. The analyzed PcapNG file comes from a blog post by Johannes Weber titled VoIP Captures. See our NetworkMiner Professional tutorial videos for more tips and hints.

  • Files tab in NetworkMiner Professional

    Updated: 2024-10-02 07:10:00
    The PCAP file analyzed in this video is pwned-se_150312_outgoing.pcap, which is a snippet of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides). See our NetworkMiner Professional tutorial videos for more tips and hints.

  • Hosts tab in NetworkMiner Professional

    Updated: 2024-10-01 08:25:00
    The PCAP file analyzed in this video is MD_2015-07-22_112601.pcap, which is a snippet of the training data used in our network forensics classes from 2015 to 2019. Techniques, tools and databases mentioned in the tutorial: CIDR notationSatorip0fmac-ages Check out our Passive OS Fingerprinting blog p[...]

Previous Months Items

Sep 2024 | Aug 2024 | Jul 2024 | Jun 2024 | May 2024 | Apr 2024