Netresec

I will teach two live online network forensics classes in March, one on European morning time, and the other on US morning time. The subject for both classes is network forensics in ...

I will be teaching two live online network forensics classes this spring, one in March and one in April. The March class is adapted to American time and the April one is ...

We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American ...

This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: 😱 OMG he's analyzing Windows ...

A new version of the PCAP filtering tool CapLoader has been released today. The new CapLoader version 1.9 is now even better at identifying protocols and periodic beacons than before. The user ...

NetworkMiner can be run in a highly efficient Windows Sandbox in order to analyze malicious PCAP files in Windows without accidentally infecting your Windows PC. This blog post shows how to set ...

Would you like to spend four mornings in May analyzing capture files together with me? I have now scheduled a live online network forensics training called 'PCAP in the Morning' that will ...

Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...

We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...

We are happy to announce a new release of the TLS decryption tool PolarProxy. The new version has been updated to support features like client certificates and a PCAP-over-IP connector. Client Certificates ...