Netresec - Tagged - Security Boulevard
PCAP in the mornining

Network Forensics Classes for EU and US

We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American ...
Services tab in CapLoader

Detecting Cobalt Strike and Hancitor traffic in PCAP

This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: 😱 OMG he's analyzing Windows ...
CapLoader 1.9 Logo

CapLoader 1.9 Released

A new version of the PCAP filtering tool CapLoader has been released today. The new CapLoader version 1.9 is now even better at identifying protocols and periodic beacons than before. The user ...
Windows Sandbox

Running NetworkMiner in Windows Sandbox

NetworkMiner can be run in a highly efficient Windows Sandbox in order to analyze malicious PCAP files in Windows without accidentally infecting your Windows PC. This blog post shows how to set ...
I love the smell of PCAP in the Morning

Live Online Training – PCAP in the Morning

Would you like to spend four mornings in May analyzing capture files together with me? I have now scheduled a live online network forensics training called 'PCAP in the Morning' that will ...
Sunburst stages 1 to 3 (passive, associated and active)

Finding Targeted SUNBURST Victims with pDNS

Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...
PolarProxy 0.8.16

PolarProxy 0.8.16 Released

We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...
PolarProxy 0.8.16

PolarProxy 0.8.16 Released

We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...
RawCap

RawCap Redux

A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to ...
PacketCache logo

Remote Packet Dumps from PacketCache

This blog post describes how to dump a packet capture (pcap file) on a remote computer, which runs the PacketCache service, and retrieve that pcap file using only PowerShell. PacketCache is a ...