Pony using curl to set: Accept-Encoding: identity, *;q=0

Detecting the Pony Trojan with RegEx using CapLoader

This short video demonstrates how you can search through PCAP files with regular expressions (regex) using CapLoader and how this can be leveraged in order to improve IDS signatures. Your browser does not support the video tag. The EmergingThreats snort/suricata rule mentioned in the video is SID 20[...] ... Read More
CapLoader 1.7 logo

CapLoader 1.7 Released

We are happy to announce the release of CapLoader 1.7! Here's an overview of what's new in this release: Regular expression searchingLookup of IP addresses using online servicesLookup of domain names using online servicesImproved protocol fingerprinting speed and precisionSupport for GRE, IGMP and I[...] ... Read More
SNMP Community Strings in NetworkMiner's Credential tab

NetworkMiner 2.3 Released!

The free and open source network forensics tool NetworkMiner now comes with improved extraction of files and metadata from several protocols as well as a few GUI updates. But the biggest improvements for version 2.3 are in the commercial tool NetworkMiner Professional, which now supports VoIP call a[...] ... Read More

Examining Malware Redirects with NetworkMiner Professional

This network forensics video tutorial covers analysis of a malware redirect chain, where a PC is infected through the RIG Exploit Kit. A PCAP file, from Brad Duncan's malware-traffic-analysis.net website, is opened in NetworkMiner Professional in order to follow a redirect chain via a couple of hack[...] ... Read More

Analyzing Kelihos SPAM in CapLoader and NetworkMiner

This network forensics video tutorial covers how to analyze SPAM email traffic from the Kelihos botnet. The analyzed PCAP file comes from the Stratosphere IPS project, where Sebastian Garcia and his colleagues execute malware samples in sandboxes. The particular malware sample execution we are looki[...] ... Read More

Antivirus Scanning of a PCAP File

This second video in our series of network forensic video tutorials covers a quick and crude way to scan a PCAP file for malware. It's all done locally without having to run the PCAP through an IDS. Kudos to Lenny Hanson for showing me this little trick! Antivirus Scanning of ... Read More
2017BSidesSpfd Jason Reaves Malware C2 over x509 Certificate Exchange

Examining an x509 Covert Channel

Jason Reaves gave a talk titled 'Malware C2 over x509 certificate exchange' at BSides Springfield 2017, where he demonstrated that the SSL handshake can be abused by malware as a covert command-and-control (C2) channel. He got the idea while analyzing the Vawtrak malware after discovering that it re[...] ... Read More

Zyklon Malware Network Forensics Video Tutorial

We are releasing a series of network forensics video tutorials throughout the next few weeks. First up is this analysis of a PCAP file containing network traffic from the 'Zyklon H.T.T.P.' malware. Analyzing a Zyklon Trojan with Suricata and NetworkMiner Your browser does not support the video tag.[...] ... Read More

Don’t Delete PCAP Files – Trim Them!

We are happy to release TrimPCAP today! TrimPCAP is a free open source tool that reduces the size of capture files in an intelligent way. The retention period of a packet capture solution is typically limited by either legal requirements or available disk space. In the latter case the oldest ... Read More
CapLoader 1.6

CapLoader 1.6 Released

CapLoader is designed to simplify complex tasks, such as digging through gigabytes of PCAP data looking for traffic that sticks out or shouldn't be there. Improved usability has therefore been the primary goal, when developing CapLoader 1.6, in order to help our users do their work even more efficie[...] ... Read More