The VoIP tab is a unique feature only available in NetworkMiner Professional. The analyzed PcapNG file comes from a blog post by Johannes Weber titled VoIP Captures.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Friday, 04 October 2024 06:20:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial #VoIP
Short URL: https://netresec.com/?b=24A65d3
The Browsers tab is a unique feature only available in NetworkMiner Professional. The PCAP files analyzed in this video are pwned-se_150312_outgoing.pcap and pwned-se_150312_incoming.pcap, which are snippets of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides).
More information about NetworkMiner Professional's Browsers tab can be found in our blog post Analyzing Web Browsing Activity.
See our NetworkMiner Professional tutorial videos for additional tips and hints.
Posted by Erik Hjelmvik on Thursday, 03 October 2024 09:10:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24Abf1c
The PCAP file analyzed in this video is pwned-se_150312_outgoing.pcap, which is a snippet of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides).
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Wednesday, 02 October 2024 07:10:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24Ad5ad
The PCAP file analyzed in this video is MD_2015-07-22_112601.pcap, which is a snippet of the training data used in our network forensics classes from 2015 to 2019.
Techniques, tools and databases mentioned in the tutorial:
Check out our Passive OS Fingerprinting blog post for more details on how to identify operating systems using TCP/IP headers and browser user-agents.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Tuesday, 01 October 2024 08:25:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24A71a9
This video tutorial demonstrates how to open capture files with NetworkMiner Professional
The analyzed pcap-ng file is github.pcapng from CloudShark. More info about this capture file can be found in our blog post Forensics of Chinese MITM on GitHub.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Monday, 30 September 2024 12:50:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=249b790
This video tutorial covers how to install NetworkMiner Professional.
Use the official 7-zip tool to extract the password protected 7zip archive.
Recommended locations for NetworkMiner:
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Monday, 30 September 2024 08:45:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24904d2
In this video I look for C2 traffic by doing something I call Rinse-Repeat Threat Hunting, which is a method for removing "normal" traffic in order to look closer at what isn't normal.
The video was recorded in a Windows Sandbox in order to avoid accidentally infecting my Windows PC with malware.
The PCAP files analyzed in the video are:
Thank you for sharing these capture files Brad!
IOC List
References and Links
Update 2022-10-13
Part two of this analysis has been published: IcedID BackConnect Protocol
Posted by Erik Hjelmvik on Friday, 30 September 2022 12:37:00 (UTC/GMT)
Tags: #Threat Hunting #PCAP #CapLoader #NetworkMiner #NetworkMiner Professional #Video #QBot #QakBot #51c64c77e60f3980eea90869b68c58a8 #IcedID #TA578
Short URL: https://netresec.com/?b=2296553
This network forensics video tutorial covers analysis of a malware redirect chain, where a PC is infected through the RIG Exploit Kit. A PCAP file, from Brad Duncan's malware-traffic-analysis.net website, is opened in NetworkMiner Professional in order to follow a redirect chain via a couple of hacked websites before delivering malware to the PC.
Resources
https://www.malware-traffic-analysis.net/2014/11/16/index.html
Meadgive on VirusTotal
CVE-2014-0569 Flash Exploit on VirusTotal
CVE-2012-0507 Java Exploit on VirusTotal
NetworkMiner Professional
IOCs
www.ciniholland.nl
24corp-shop.com
stand.trustandprobaterealty.com
793b698a82d999f1eb75525d050ebe16
f8482f5c4632fe237d062451b42393498a8d628ed9dee27147251f484e837a42
7b3baa7d6bb3720f369219789e38d6ab
e2e33b802a0d939d07bd8291f23484c2f68ccc33dc0655eb4493e5d3aebc0747
1e34fdebbf655cebea78b45e43520ddf
178be0ed83a7a9020121dee1c305fd6ca3b74d15836835cfb1684da0b44190d3
Check out our series of network forensic video tutorials for more tips and tricks on how to analyze captured network traffic.
Posted by Erik Hjelmvik on Monday, 26 February 2018 11:19:00 (UTC/GMT)
Tags: #Netresec #Professional #NetworkMiner #NetworkMiner Professional #malware_traffic #malware #NSM #PCAP #videotutorial #video #tutorial
Short URL: https://netresec.com/?b=1829909
» VoIP tab in NetworkMiner Professional
» Browsers tab in NetworkMiner Professional
» Files tab in NetworkMiner Professional
» Hosts tab in NetworkMiner Professional
» Opening capture files with NetworkMiner Professional
» Video Tutorial: Installing NetworkMiner Professional
» How to Inspect TLS Encrypted Traffic
» RSS Feed
