Raspberry Pi 4 Model B running PolarProxy

Raspberry PI WiFi Access Point with TLS Inspection

This is a how-to guide for setting up a Raspberry Pi as a WiFi Access Point, which acts as a transparent TLS proxy and saves the decrypted traffic in PCAP files. Image: Raspberry Pi 4 Model B running PolarProxyStep 1: Install PolarProxy for Linux ARM We will start with installing ... Read More
PolarProxy flow chart

PolarProxy Released

I'm very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic. PolarProxy enables you to do lots of things that have previously been impossible, or at leas[...] ... Read More
CapLoader 1.8

CapLoader 1.8 Released

We are happy to announce the release of CapLoader 1.8 today! CapLoader is primarily used to filter, slice and dice large PCAP datasets into smaller ones. This new version contains several new features that improves this filtering functionality even further. To start with, the 'Keyword Filter' can no[...] ... Read More
Network Diagram

Video: TrickBot and ETERNALCHAMPION

This video tutorial is a walkthrough of how you can analyze the PCAP file UISGCON-traffic-analysis-task-pcap-2-of-2.pcap (created by Brad Duncan). The capture file contains a malicious Word Document (macro downloader), Emotet (banking trojan), TrickBot/Trickster (banking trojan) and an EternalChampi[...] ... Read More
NetworkMiner 2.4

NetworkMiner 2.4 Released

We are proud to announce the release of NetworkMiner 2.4 today! The new version comes with several improvements, such as username extraction from Kerberos traffic, better OS fingerprinting and even better Linux support. Protocol Updates The Kerberos v5 implementation in NetworkMiner 2.4 can be used[...] ... Read More
PacketCache logo

Remote Packet Dumps from PacketCache

This blog post describes how to dump a packet capture (pcap file) on a remote computer, which runs the PacketCache service, and retrieve that pcap file using only PowerShell. PacketCache is a free Windows service that continously sniffs network traffic on all interfaces (Ethernet, WiFi, 3G, LTE etc)[...] ... Read More
SEC-T 0x0B: Steve Miller - Reversing the TriStation Network Protocol

Reverse Engineering Proprietary ICS Protocols

One of the highlights at this year's SEC-T conference in Stockholm was Steve Miller's talk titled 'Reversing the TriStation Network Protocol'. In this talk Steve covered his quest to better understand the TRITON malware, which had been used in a targeted attack of an industrial control system (ICS).[...] ... Read More
yaay

NetworkMiner 2.3.2 Released!

NetworkMiner 2.3.2 was released this morning, and there was much rejoicing! Image: U.S. Navy photo by Stuart Phillips (source) This new release primarily fixes bugs related to extraction of emails and VoIP calls. We have also corrected a bug affecting the json/CASE export function in NetworkMiner Pr[...] ... Read More
Pony using curl to set: Accept-Encoding: identity, *;q=0

Detecting the Pony Trojan with RegEx using CapLoader

This short video demonstrates how you can search through PCAP files with regular expressions (regex) using CapLoader and how this can be leveraged in order to improve IDS signatures. Your browser does not support the video tag. The EmergingThreats snort/suricata rule mentioned in the video is SID 20[...] ... Read More
CapLoader 1.7 logo

CapLoader 1.7 Released

We are happy to announce the release of CapLoader 1.7! Here's an overview of what's new in this release: Regular expression searchingLookup of IP addresses using online servicesLookup of domain names using online servicesImproved protocol fingerprinting speed and precisionSupport for GRE, IGMP and I[...] ... Read More