NetworkMiner

f5 Honeypot Network Forensics

Honeypot Network Forensics

| | 185.160.24.70, 45.12.206.76, BIG-IP, BigIP, CapLoader, CVE-2020-5902, deserialization, f5, Honeypot, Java, NCC, NetworkMiner, pcap, SerializationDumper, tmui, User-Agent, utilCmdArgs, VPN, X-Forwarded-For
NCC Group recently released a 500 MB PCAP file containing three months of honeypot web traffic data related to the F5 remote code execution vulnerability CVE-2020-5902. In a blog post the NCC ...
NETRESEC Network Security Blog
f5 Honeypot Network Forensics

Honeypot Network Forensics

| | 185.160.24.70, 45.12.206.76, BIG-IP, BigIP, CapLoader, CVE-2020-5902, deserialization, f5, Honeypot, Java, NCC, NetworkMiner, pcap, SerializationDumper, tmui, User-Agent, utilCmdArgs, VPN, X-Forwarded-For
NCC Group recently released a 500 MB PCAP file containing three months of honeypot web traffic data related to the F5 remote code execution vulnerability CVE-2020-5902. In a blog post the NCC ...
NETRESEC Network Security Blog
NetworkMiner 2.6

NetworkMiner 2.6 Released

| | email, Fritzbox, FTP, GRE, http, HTTP/2, IMAP, John, John-the-Ripper, json, JtR, LANMAN, Linux, Mono, NetworkMiner, NTLM, pcap, POP3, RFC1890, RFC3428, RFC3551, RFC7637, SIP, smtp, tor, VoIP
We are happy to announce the release of NetworkMiner 2.6 today! The network forensic tool is now even better at extracting emails, password hashes, FTP transfers and artifacts from HTTP and HTTP/2 ...
NETRESEC Network Security Blog
NetworkMiner 2.6

NetworkMiner 2.6 Released

| | email, Fritzbox, FTP, GRE, http, HTTP/2, IMAP, John, John-the-Ripper, json, JtR, LANMAN, Linux, Mono, NetworkMiner, NTLM, pcap, POP3, RFC1890, RFC3428, RFC3551, RFC7637, SIP, smtp, tor, VoIP
We are happy to announce the release of NetworkMiner 2.6 today! The network forensic tool is now even better at extracting emails, password hashes, FTP transfers and artifacts from HTTP and HTTP/2 ...
NETRESEC Network Security Blog
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

| | adnxs.com, CS3, CS3Sthlm, decrypt, forensics, HTTP/2, http2, incoming.telemetry.mozilla.org, majestic, Majestik møøse, NetworkMiner, pcap, PolarProxy, reddit, telemetry, TLS, TLSI, Wireshark, x-moose, X-Proxy-Origin
We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
NETRESEC Network Security Blog
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

| | CS3, CS3Sthlm, decrypt, DoH, forensics, google, HTTP/2, http2, HTTPS, NetworkMiner, Pastebin, pcap, PolarProxy, TLS, TLS Inspection, TLS Interception, TLSI, Twitter, video, Wireshark
Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...
NETRESEC Network Security Blog
NSA TLSI advisory header

The NSA HSTS Security Feature Mystery

| | break, HSTS, inspect, kryptera.se, NetworkMiner, nsa, PolarProxy, RFC6797, RFC8471, RFC8473, TLS, TLS Inspection, TLS Interception, TLSI, Wireshark
I recently stumbled across an NSA Cyber Advisory titled Managing Risk from Transport Layer Security Inspection (U/OO/212028-19) after first learning about it through Jonas Lejon's blog post NSA varnar för TLS-inspektion (Swedish) ...
NETRESEC Network Security Blog
NetworkMiner 2.5

NetworkMiner 2.5 Released

| | CIFS, DoH, hashcat, HTTP/2, http2, HTTPS, JA3, John, KERBEROS, MS-BRWS, NBNS, NetBIOS, NetworkMiner, NetworkMinerCLI, OSINT, pcap
I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...
NETRESEC Network Security Blog
Network Diagram

Video: TrickBot and ETERNALCHAMPION

| | CapLoader, Emotet, ETERNALCHAMPION, HybridAnalysis, malware-traffic-analysis, Network Forensics, NetworkMiner, pcap, TrickBot, trickster, video, videotutorial, VirusTotal, Wireshark
This video tutorial is a walkthrough of how you can analyze the PCAP file UISGCON-traffic-analysis-task-pcap-2-of-2.pcap (created by Brad Duncan). The capture file contains a malicious Word Document (macro downloader), Emotet (banking trojan), ...
NETRESEC Network Security Blog
PcapTor

TorPCAP – Tor Network Forensics

| | 127.0.0.1, 9150, Bitcoin, buypassportsfake, dark web, hidden services, hss3uro2hsxfogfq, localhost, NetworkMiner, onion services, pcap, RawCap, SOCKS, tails, tor, Tor Browser, TorPCAP
Unencrypted network traffic, destined for the Tor network, is sent between localhost TCP sockets on computers running Tor clients, such as the Tor Browser. In this blog post I show how anonymous ...
NETRESEC Network Security Blog
Load more