NETRESEC Network Security Blog - All Posts
2024 March
Network Forensics training at x33fcon
2024 January
Hunting for Cobalt Strike in PCAP
2023 December
Network Forensics Training - Spring 2024
2023 November
2023 October
Forensic Timeline of an IcedID Infection
2023 April
EvilExtractor Network Forensics
2023 March
2023 February
TLS Redirection and Dynamic Decryption Bypass in PolarProxy
How to Identify IcedID Network Traffic
CapLoader 1.9.5 Alerts on Malicious Traffic
2023 January
Online Network Forensics Class
IEC-104 File Transfer Extraction
2022 December
2022 October
2022 September
2022 August
2022 June
2022 May
Real-time PCAP-over-IP in Wireshark
Emotet C2 and Spam Traffic Video
2022 April
2022 January
2021 November
Open .ETL Files with NetworkMiner and CapLoader
2021 October
How the SolarWinds Hack (almost) went Undetected
2021 September
2021 August
2021 July
Walkthrough of DFIR Madness PCAP
2021 June
Network Forensics Classes for EU and US
2021 May
Detecting Cobalt Strike and Hancitor traffic in PCAP
Running NetworkMiner in Windows Sandbox
2021 April
Analysing a malware PCAP with IcedID and Cobalt Strike traffic
2021 March
Live Online Training - PCAP in the Morning
2021 February
Targeting Process for the SolarWinds Backdoor
2021 January
Twenty-three SUNBURST Targets Identified
Robust Indicators of Compromise for SUNBURST
Finding Targeted SUNBURST Victims with pDNS
2020 December
Extracting Security Products from SUNBURST DNS Beacons
Reassembling Victim Domain Fragments from SUNBURST DNS
Capturing Decrypted TLS Traffic with Arkime
2020 November
2020 October
2020 September
2020 March
Discovered Artifacts in Decrypted HTTPS
Reverse Proxy and TLS Termination
2020 January
Sniffing Decrypted TLS Traffic with Security Onion
Sharing a PCAP with Decrypted HTTPS
2019 December
Installing a Fake Internet with INetSim and PolarProxy
2019 November
The NSA HSTS Security Feature Mystery
Extracting Kerberos Credentials from PCAP
2019 September
Raspberry PI WiFi Access Point with TLS Inspection
2019 June
2019 May
2019 January
Video: TrickBot and ETERNALCHAMPION
2018 December
TorPCAP - Tor Network Forensics
2018 November
Remote Packet Dumps from PacketCache
2018 September
Reverse Engineering Proprietary ICS Protocols
2018 August
2018 July
Detecting the Pony Trojan with RegEx using CapLoader
2018 April
2018 February
Examining Malware Redirects with NetworkMiner Professional
Analyzing Kelihos SPAM in CapLoader and NetworkMiner
Antivirus Scanning of a PCAP File
Examining an x509 Covert Channel
Zyklon Malware Network Forensics Video Tutorial
2017 December
Don't Delete PCAP Files - Trim Them!
2017 October
2017 September
Hunting AdwindRAT with SSL Heuristics
2017 August
2017 April
Network Forensics Training in London
Domain Whitelist Benchmark: Alexa vs Umbrella
2017 March
Enable file extraction from PCAP with NetworkMiner in six steps
2017 February
2017 January
Network Forensics Training at TROOPERS 2017
2016 November
BlackNurse Denial of Service Attack
2016 October
Reading cached packets with Wireshark
Detect TCP content injection attacks with findject
2016 September
PacketCache lets you Go Back in Time
2016 May
Detecting Periodic Flows with CapLoader 1.4
2016 March
Packet Injection Attacks in the Wild
2016 February
Analyzing Web Browsing Activity
2015 December
Network Forensics Training at TROOPERS
2015 November
From 4SICS with ICS PCAP Files
2015 October
Port Independent Protocol Detection
2015 September
Covert Man-on-the-Side Attacks
2015 August
Rinse-Repeat Intrusion Detection
2015 June
Two-day Network Forensics Class in Stockholm
T-shirt : PCAP or it didn't happen
2015 March
China's Man-on-the-Side Attack on GitHub
2015 January
Chinese MITM attack on outlook.com
2014 November
2014 October
Full Disclosure of Havex Trojans
Verifying Chinese MITM of Yahoo
2014 September
Analysis of Chinese MITM on Google
2014 June
Running NetworkMiner on Mac OS X
