NetworkMiner

NSA TLSI advisory header

The NSA HSTS Security Feature Mystery

| | break, HSTS, inspect, kryptera.se, NetworkMiner, nsa, PolarProxy, RFC6797, RFC8471, RFC8473, TLS, TLS Inspection, TLS Interception, TLSI, Wireshark
I recently stumbled across an NSA Cyber Advisory titled Managing Risk from Transport Layer Security Inspection (U/OO/212028-19) after first learning about it through Jonas Lejon's blog post NSA varnar för TLS-inspektion (Swedish) ...
NETRESEC Network Security Blog
NetworkMiner 2.5

NetworkMiner 2.5 Released

| | CIFS, DoH, hashcat, HTTP/2, http2, HTTPS, JA3, John, KERBEROS, MS-BRWS, NBNS, NetBIOS, NetworkMiner, NetworkMinerCLI, OSINT, pcap
I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...
NETRESEC Network Security Blog
Network Diagram

Video: TrickBot and ETERNALCHAMPION

| | CapLoader, Emotet, ETERNALCHAMPION, HybridAnalysis, malware-traffic-analysis, Network Forensics, NetworkMiner, pcap, TrickBot, trickster, video, videotutorial, VirusTotal, Wireshark
This video tutorial is a walkthrough of how you can analyze the PCAP file UISGCON-traffic-analysis-task-pcap-2-of-2.pcap (created by Brad Duncan). The capture file contains a malicious Word Document (macro downloader), Emotet (banking trojan), ...
NETRESEC Network Security Blog
PcapTor

TorPCAP – Tor Network Forensics

| | 127.0.0.1, 9150, Bitcoin, buypassportsfake, dark web, hidden services, hss3uro2hsxfogfq, localhost, NetworkMiner, onion services, pcap, RawCap, SOCKS, tails, tor, Tor Browser, TorPCAP
Unencrypted network traffic, destined for the Tor network, is sent between localhost TCP sockets on computers running Tor clients, such as the Tor Browser. In this blog post I show how anonymous ...
NETRESEC Network Security Blog
yaay

NetworkMiner 2.3.2 Released!

| | CASE, crt.sh, email, json, Netresec, NetworkMiner, RTP, SecurityTrails, SIP, TEMP, VoIP
NetworkMiner 2.3.2 was released this morning, and there was much rejoicing! Image: U.S. Navy photo by Stuart Phillips (source) This new release primarily fixes bugs related to extraction of emails and VoIP ...
NETRESEC Network Security Blog
SNMP Community Strings in NetworkMiner's Credential tab

NetworkMiner 2.3 Released!

| | A-LAW, ALAW, audio, Community strings, extract, G.711, G711, Hybrid Analysis, Netresec, Network Forensics, NetworkMiner, OSINT, pcap, RTP, SIP, smtp, SNMP, u-lAW, uLAW, VoIP, WAV, μ-law
The free and open source network forensics tool NetworkMiner now comes with improved extraction of files and metadata from several protocols as well as a few GUI updates. But the biggest improvements ...
NETRESEC Network Security Blog
Facebook

Examining Malware Redirects with NetworkMiner Professional

| | Browsers, CVE-2012-0507, CVE-2014-0569, Malware, malware_traffic, Meadgive, Netresec, NetworkMiner, nsm, pcap, Professional, redirect chain, security bloggers network, Tutorial, video, videotutorial
This network forensics video tutorial covers analysis of a malware redirect chain, where a PC is infected through the RIG Exploit Kit. A PCAP file, from Brad Duncan's malware-traffic-analysis.net website, is opened ...
NETRESEC Network Security Blog
Facebook

Analyzing Kelihos SPAM in CapLoader and NetworkMiner

| | CapLoader, Emails, extract, García, Kelihos, NetFlow, Netresec, NetworkMiner, pcap, Sebastian, security bloggers network, Spam, Stratosphere, Tutorial, video, videotutorial
This network forensics video tutorial covers how to analyze SPAM email traffic from the Kelihos botnet. The analyzed PCAP file comes from the Stratosphere IPS project, where Sebastian Garcia and his colleagues ...
NETRESEC Network Security Blog
Facebook

Antivirus Scanning of a PCAP File

| | 96b430041aed13413ec2b5ae91954f39, 9fd51fb05cb0ea89185fc1355ebf047cC, antivirus, CVE-2015-0311, Lenny Hanson, Malware, Neclu.B, Netresec, NetworkMiner, nuclear, pcap, scan, security bloggers network, Simda.AT, Tutorial, video, videotutorial, virus
This second video in our series of network forensic video tutorials covers a quick and crude way to scan a PCAP file for malware. It's all done locally without having to run ...
NETRESEC Network Security Blog
2017BSidesSpfd Jason Reaves Malware C2 over x509 Certificate Exchange

Examining an x509 Covert Channel

| | Bro, C2, certificate, Dynamic Port Detection, fb55414848281f804858ce188c3dc659d129e283bd62d58d34f6e6f568feab37, ids, Malware, Mimicatz, NetworkMiner, pcap, PIPI, security bloggers network, ssl, TLS, tshark, Vawtrak, X.509, x509
Jason Reaves gave a talk titled 'Malware C2 over x509 certificate exchange' at BSides Springfield 2017, where he demonstrated that the SSL handshake can be abused by malware as a covert command-and-control ...
NETRESEC Network Security Blog