NETRESEC Network Security Blog - All Posts

rss Google News

2024 June

Online Network Forensics Class

2024 May

Remote Sniffing from Mikrotik Routers

NetworkMiner 2.9 Released

Kubernetes Cryptojacking

PolarProxy 1.0 Released

2024 March

Network Forensics training at x33fcon

2024 January

Hunting for Cobalt Strike in PCAP

2023 December

Network Forensics Training - Spring 2024

2023 November

CapLoader 1.9.6 Released

2023 October

Forensic Timeline of an IcedID Infection

NetworkMiner 2.8.1 Released

2023 April

EvilExtractor Network Forensics

2023 March

QakBot C2 Traffic

2023 February

TLS Redirection and Dynamic Decryption Bypass in PolarProxy

How to Identify IcedID Network Traffic

CapLoader 1.9.5 Alerts on Malicious Traffic

2023 January

Online Network Forensics Class

IEC-104 File Transfer Extraction

NetworkMiner 2.8 Released

2022 December

NetworkMiner in FLARE VM

2022 October

What is a PCAP file?

IcedID BackConnect Protocol

2022 September

Hunting for C2 Traffic

2022 August

What is PCAP over IP?

2022 June

CapLoader 1.9.4 Released

2022 May

Real-time PCAP-over-IP in Wireshark

Emotet C2 and Spam Traffic Video

2022 April

Industroyer2 IEC-104 Analysis

NetworkMiner 2.7.3 Released

2022 January

PolarProxy in Windows Sandbox

PolarProxy 0.9 Released

2021 November

Open .ETL Files with NetworkMiner and CapLoader

2021 October

How the SolarWinds Hack (almost) went Undetected

2021 September

Start Menu Search Video

2021 August

Carving Packets from Memory

2021 July

Walkthrough of DFIR Madness PCAP

2021 June

NetworkMiner 2.7 Released

Network Forensics Classes for EU and US

2021 May

Detecting Cobalt Strike and Hancitor traffic in PCAP

CapLoader 1.9 Released

Running NetworkMiner in Windows Sandbox

2021 April

Analysing a malware PCAP with IcedID and Cobalt Strike traffic

2021 March

Live Online Training - PCAP in the Morning

2021 February

Targeting Process for the SolarWinds Backdoor

2021 January

Twenty-three SUNBURST Targets Identified

Robust Indicators of Compromise for SUNBURST

Finding Targeted SUNBURST Victims with pDNS

2020 December

Extracting Security Products from SUNBURST DNS Beacons

Reassembling Victim Domain Fragments from SUNBURST DNS

Capturing Decrypted TLS Traffic with Arkime

2020 November

PolarProxy 0.8.16 Released

2020 October

PolarProxy in Podman

Honeypot Network Forensics

PolarProxy in Docker

2020 September

NetworkMiner 2.6 Released

2020 March

Discovered Artifacts in Decrypted HTTPS

Reverse Proxy and TLS Termination

2020 January

RawCap Redux

Sniffing Decrypted TLS Traffic with Security Onion

Sharing a PCAP with Decrypted HTTPS

2019 December

Installing a Fake Internet with INetSim and PolarProxy

2019 November

The NSA HSTS Security Feature Mystery

Extracting Kerberos Credentials from PCAP

NetworkMiner 2.5 Released

2019 September

Raspberry PI WiFi Access Point with TLS Inspection

2019 June

PolarProxy Released

2019 May

CapLoader 1.8 Released

2019 January


NetworkMiner 2.4 Released

2018 December

TorPCAP - Tor Network Forensics

2018 November

Remote Packet Dumps from PacketCache

2018 September

Reverse Engineering Proprietary ICS Protocols

2018 August

NetworkMiner 2.3.2 Released!

2018 July

Detecting the Pony Trojan with RegEx using CapLoader

CapLoader 1.7 Released

2018 April

NetworkMiner 2.3 Released!

2018 February

Examining Malware Redirects with NetworkMiner Professional

Analyzing Kelihos SPAM in CapLoader and NetworkMiner

Antivirus Scanning of a PCAP File

Examining an x509 Covert Channel

Zyklon Malware Network Forensics Video Tutorial

2017 December

Don't Delete PCAP Files - Trim Them!

2017 October

CapLoader 1.6 Released

2017 September

Hunting AdwindRAT with SSL Heuristics

2017 August

NetworkMiner 2.2 Released

2017 April

Network Forensics Training in London

Domain Whitelist Benchmark: Alexa vs Umbrella

2017 March

CapLoader 1.5 Released

Enable file extraction from PCAP with NetworkMiner in six steps

2017 February

10 Years of NetworkMiner

2017 January

Network Forensics Training at TROOPERS 2017

NetworkMiner 2.1 Released

2016 November

BlackNurse Denial of Service Attack

2016 October

Reading cached packets with Wireshark

Detect TCP content injection attacks with findject

2016 September

PacketCache lets you Go Back in Time

Bug Bounty PCAP T-shirts

2016 May

Detecting Periodic Flows with CapLoader 1.4

2016 March

Packet Injection Attacks in the Wild

2016 February

Analyzing Web Browsing Activity

NetworkMiner 2.0 Released

2015 December

Network Forensics Training at TROOPERS

2015 November

BPF is your Friend

From 4SICS with ICS PCAP Files

2015 October

Port Independent Protocol Detection

2015 September

CapLoader 1.3 Released

Covert Man-on-the-Side Attacks

2015 August

Rinse-Repeat Intrusion Detection

2015 June

Two-day Network Forensics Class in Stockholm

T-shirt : PCAP or it didn't happen

2015 March

China's Man-on-the-Side Attack on GitHub

2015 January

Chinese MITM attack on

2014 November

Observing the Havex RAT

2014 October

Full Disclosure of Havex Trojans

Chinese MITM Attack on iCloud

Verifying Chinese MITM of Yahoo

2014 September

Analysis of Chinese MITM on Google

2014 June

Running NetworkMiner on Mac OS X

X / twitter

NETRESEC on X / Twitter: @netresec


NETRESEC on Mastodon: