nsm
Detecting Cobalt Strike and Hancitor traffic in PCAP
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: 😱 OMG he's analyzing Windows ...
Network Security Monitoring data: Types I, II, and III
By Richard Bejtlich, Principal Security Strategist, Corelight Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values ...
Examining Malware Redirects with NetworkMiner Professional
This network forensics video tutorial covers analysis of a malware redirect chain, where a PC is infected through the RIG Exploit Kit. A PCAP file, from Brad Duncan's malware-traffic-analysis.net website, is opened ...
Toolsmith #124: Dripcap – Caffeinated Packet Analyzer
Dripcap is a modern, graphical packet analyzer based on Electron. Electron, you say? "Electron is a framework for creating native applications with web technologies like JavaScript, HTML, and CSS. It takes care ...
Toolsmith – GSE Edition: Scapy vs CozyDuke
In continuation of observations from my GIAC Security Expert re-certification process, I'll focus here on a GCIA-centric topic: Scapy. Scapy is essential to the packet analyst skill set on so many levels ...
Who are you?
Unwanted email is as near a certainty in life as death and taxes. “Selling” spam is a nuisance; phishing emails or messages bearing hostile attachments have the potential to really ruin your day ...
I love it when a plan comes together
As defenders, we have many reasons to do our jobs. We want to comply with regulations, protect our employers (and protect our pay cheques!), and just maybe we enjoy the challenge despite ...
When Worlds Collide
ELSA is a powerful component of SecurityOnion; one can waste productively use many hours drilling through your logs. The more parsers and dashboards you write for your own specific log sources the more ...
Virtual Private Onions
If you’ve not checked out Security Onion (SO) yet, you really should. It’s a powerhouse Linux distro, running everything an analyst could need to carry out effective Network Security Monitoring (NSM). The latest ...