The VoIP tab is a unique feature only available in NetworkMiner Professional. The analyzed PcapNG file comes from a blog post by Johannes Weber titled VoIP Captures.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Friday, 04 October 2024 06:20:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial #VoIP
Short URL: https://netresec.com/?b=24A65d3
The Browsers tab is a unique feature only available in NetworkMiner Professional. The PCAP files analyzed in this video are pwned-se_150312_outgoing.pcap and pwned-se_150312_incoming.pcap, which are snippets of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides).
More information about NetworkMiner Professional's Browsers tab can be found in our blog post Analyzing Web Browsing Activity.
See our NetworkMiner Professional tutorial videos for additional tips and hints.
Posted by Erik Hjelmvik on Thursday, 03 October 2024 09:10:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24Abf1c
The PCAP file analyzed in this video is pwned-se_150312_outgoing.pcap, which is a snippet of the 4.4 GB Hands-on Network Forensics dataset from FIRST 2015 (slides).
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Wednesday, 02 October 2024 07:10:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24Ad5ad
The PCAP file analyzed in this video is MD_2015-07-22_112601.pcap, which is a snippet of the training data used in our network forensics classes from 2015 to 2019.
Techniques, tools and databases mentioned in the tutorial:
Check out our Passive OS Fingerprinting blog post for more details on how to identify operating systems using TCP/IP headers and browser user-agents.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Tuesday, 01 October 2024 08:25:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24A71a9
This video tutorial demonstrates how to open capture files with NetworkMiner Professional
The analyzed pcap-ng file is github.pcapng from CloudShark. More info about this capture file can be found in our blog post Forensics of Chinese MITM on GitHub.
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Monday, 30 September 2024 12:50:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=249b790
This video tutorial covers how to install NetworkMiner Professional.
Use the official 7-zip tool to extract the password protected 7zip archive.
Recommended locations for NetworkMiner:
See our NetworkMiner Professional tutorial videos for more tips and hints.
Posted by Erik Hjelmvik on Monday, 30 September 2024 08:45:00 (UTC/GMT)
Tags: #NetworkMiner Professional #Video #Tutorial
Short URL: https://netresec.com/?b=24904d2
In this video I take a look at a cryptojacking attack against a Kubernetes honeypot. The attackers were surprisingly quick to discover this unsecured Kubernetes deployment and use it to mine Monero for them.
The analyzed capture files can be downloaded from
https://share.netresec.com/s/S5ZG2cDKB9AbqwS?path=%2Fk3s-443
This PCAP dataset was created by Noah Spahn, Nils Hanke, Thorsten Holz, Chris Kruegel, and Giovanni Vigna as part of their research for their Container Orchestration Honeypot: Observing Attacks in the Wild paper.
The capture files named "proxy-", such as the analyzed proxy-220404-162837.pcap, were generated by PolarProxy and contain the decrypted Kubernetes API traffic to the master node. This traffic was actually TLS encrypted, but since PolarProxy was used as a TLS interception proxy we can see the Kubernetes API traffic in decrypted form.
IOC List
Posted by Erik Hjelmvik on Tuesday, 07 May 2024 07:50:00 (UTC/GMT)
Tags: #video #CapLoader #PolarProxy
Short URL: https://netresec.com/?b=245f018
In this video I analyze a pcap file with network traffic from Cobalt Strike Beacon using CapLoader.
The pcap file and Cobalt Strike malware config can be downloaded from Recorded Future's Triage sandbox.
Cobalt Strike Beacon configs can also be extracted locally with help of Didier Stevens' 1768.py or Fox-IT's dissect.cobaltstrike.
IOC List
Network Forensics Training
Are you interested in learning more about how to analyze network traffic from Cobalt Strike and other backdoors, malware and hacker tools? Then take a look at our upcoming network forensics classes!
Posted by Erik Hjelmvik on Thursday, 04 January 2024 10:12:00 (UTC/GMT)
Tags: #Cobalt Strike #CobaltStrike #Triage #JA3 #a0e9f5d64349fb13191bc781f81f42e1 #ThreatFox #CapLoader #Video #videotutorial
Short URL: https://netresec.com/?b=2410f02
How to Identify IcedID Network Traffic
CapLoader 1.9.5 Alerts on Malicious Traffic
Emotet C2 and Spam Traffic Video
How the SolarWinds Hack (almost) went Undetected
Walkthrough of DFIR Madness PCAP
Detecting Cobalt Strike and Hancitor traffic in PCAP
Sharing a PCAP with Decrypted HTTPS
Video: TrickBot and ETERNALCHAMPION
Detecting the Pony Trojan with RegEx using CapLoader
Examining Malware Redirects with NetworkMiner Professional
Analyzing Kelihos SPAM in CapLoader and NetworkMiner
» VoIP tab in NetworkMiner Professional
» Browsers tab in NetworkMiner Professional
» Files tab in NetworkMiner Professional
» Hosts tab in NetworkMiner Professional
» Opening capture files with NetworkMiner Professional
» Video Tutorial: Installing NetworkMiner Professional
» How to Inspect TLS Encrypted Traffic
» RSS Feed
