ThreatFox

Man-on-the-Side Attacks on the Internet - Erik Hjelmvik

Maximizing IOC Impact

| | C2, IOC, MISP, OTX, Threat Intel, Threat Intelligence, ThreatFox
Ive been thinking about threat intelligence lately. Specifically: indicators of compromise (IOC), how and where to share them to cause maximum pain to adversaries and help as many organizations as possible protect ...
NETRESEC Network Security Blog
CapLoader 2.0

CapLoader 2.0 Released

| | CapLoader, quic, Threat Hunting, ThreatFox
I am thrilled to announce the release of CapLoader 2.0 today! This major update includes a lot of new features, such as a QUIC parser, alerts for threat hunting and a feature ...
NETRESEC Network Security Blog
PolarProxy block/inspect/bypass ASCII

Blocking Malicious sites with a TLS Firewall

| | ascii-art, pihole, PolarProxy, RPZ, ThreatFox, TLS Firewall
Over 90 percent of all web traffic is encrypted nowadays, which is great of course. However, as HTTP and DNS traffic gets encrypted, defenders have a more difficult time blocking malicious network ...
NETRESEC Network Security Blog
PolarProxy TLS Firewall - block malicious, inspect suspicious, bypass legitimate

PolarProxy 1.0 Released

| | ascii-art, block, bypass, EasyPrivacy, firewall, inspect, PolarProxy, rules, ruleset, ThreatFox, TLS, TLS Firewall
I am thrilled to announce the release of PolarProxy version 1.0 today! Several bugs that affected performance, stability and memory usage have now been resolved in our TLS inspection proxy. PolarProxy has ...
NETRESEC Network Security Blog
CapLoader 1.9.6

CapLoader 1.9.6 Released

| | 104.21.7.13:80, 104.223.118.109:443, 104.248.81.48:443, 151.236.9.107:443, 159.89.124.188:443, a85be79f7b569f1df5e6087b69deb493, aptekoagraliy, BackConnect XOR, CapLoader, GzipLoader, IcedID, JA3, JA4, joekairbos, lazirusairnaf, Loda, regex, Remcos, seedkraproboy, t13i010400_0f2cb44170f4_1b583af8cc09, t13i010400_0f2cb44170f4_5c4c70b73fa0, ThreatFox, win.loda
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The ...
NETRESEC Network Security Blog
NetworkMiner 2.7 Logo

NetworkMiner 2.7 Released

| | ANY.RUN, DNS SRV, DNS TXT, JA3, JA3S, LPD, LPR, MalwareBazaar, NetworkMiner, OSINT, pcap, PCL, PostScript, RFC1179, SMB2, ThreatFox, URLhaus
We are happy to announce the release of NetworkMiner 2.7 today! The new version extracts documents from print traffic and pulls out even more files and parameters from HTTP as well as ...
NETRESEC Network Security Blog