Windows Sandbox
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer ...
Emotet C2 and Spam Traffic Video
This video covers a life cycle of an Emotet infection, including initial infection, command-and-control traffic, and spambot activity sending emails with malicious spreadsheet attachments to infect new victims. The video cannot be ...
PolarProxy in Windows Sandbox
In this video I demonstrate how PolarProxy can be run in a Windows Sandbox to intercept and decrypt outgoing TLS communication. This setup can be used to inspect otherwise encrypted traffic from ...
Detecting Cobalt Strike and Hancitor traffic in PCAP
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: 😱 OMG he's analyzing Windows ...
Introducing Hysolate Free – Access Anything, Securely
Even before COVID-19 shut down workplaces globally, there was already a growing trend in work from anywhere for white collar workers at large corporations. In 2020 this process was accelerated, but rather ...
Running NetworkMiner in Windows Sandbox
NetworkMiner can be run in a highly efficient Windows Sandbox in order to analyze malicious PCAP files in Windows without accidentally infecting your Windows PC. This blog post shows how to set ...