Netresec
Network Forensics Training – Spring 2024
I will teach two live online network forensics classes in March, one on European morning time, and the other on US morning time. The subject for both classes is network forensics in ...
Online Network Forensics Class
I will be teaching two live online network forensics classes this spring, one in March and one in April. The March class is adapted to American time and the April one is ...
Network Forensics Classes for EU and US
We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American ...
Detecting Cobalt Strike and Hancitor traffic in PCAP
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: 😱 OMG he's analyzing Windows ...
CapLoader 1.9 Released
A new version of the PCAP filtering tool CapLoader has been released today. The new CapLoader version 1.9 is now even better at identifying protocols and periodic beacons than before. The user ...
Running NetworkMiner in Windows Sandbox
NetworkMiner can be run in a highly efficient Windows Sandbox in order to analyze malicious PCAP files in Windows without accidentally infecting your Windows PC. This blog post shows how to set ...
Live Online Training – PCAP in the Morning
Would you like to spend four mornings in May analyzing capture files together with me? I have now scheduled a live online network forensics training called 'PCAP in the Morning' that will ...
Finding Targeted SUNBURST Victims with pDNS
Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...
PolarProxy 0.8.16 Released
We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...
PolarProxy 0.8.16 Released
We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...