NETRESEC Network Security Blog - All Posts

rss Google News

2021 October

How the SolarWinds Hack (almost) went Undetected

2021 September

Start Menu Search Video

2021 August

Carving Packets from Memory

2021 July

Walkthrough of DFIR Madness PCAP

2021 June

NetworkMiner 2.7 Released

Network Forensics Classes for EU and US

2021 May

Detecting Cobalt Strike and Hancitor traffic in PCAP

CapLoader 1.9 Released

Running NetworkMiner in Windows Sandbox

2021 April

Analysing a malware PCAP with IcedID and Cobalt Strike traffic

2021 March

Live Online Training - PCAP in the Morning

2021 February

Targeting Process for the SolarWinds Backdoor

2021 January

Twenty-three SUNBURST Targets Identified

Robust Indicators of Compromise for SUNBURST

Finding Targeted SUNBURST Victims with pDNS

2020 December

Extracting Security Products from SUNBURST DNS Beacons

Reassembling Victim Domain Fragments from SUNBURST DNS

Capturing Decrypted TLS Traffic with Arkime

2020 November

PolarProxy 0.8.16 Released

2020 October

PolarProxy in Podman

Honeypot Network Forensics

PolarProxy in Docker

2020 September

NetworkMiner 2.6 Released

2020 March

Discovered Artifacts in Decrypted HTTPS

Reverse Proxy and TLS Termination

2020 January

RawCap Redux

Sniffing Decrypted TLS Traffic with Security Onion

Sharing a PCAP with Decrypted HTTPS

2019 December

Installing a Fake Internet with INetSim and PolarProxy

2019 November

The NSA HSTS Security Feature Mystery

Extracting Kerberos Credentials from PCAP

NetworkMiner 2.5 Released

2019 September

Raspberry PI WiFi Access Point with TLS Inspection

2019 June

PolarProxy Released

2019 May

CapLoader 1.8 Released

2019 January


NetworkMiner 2.4 Released

2018 December

TorPCAP - Tor Network Forensics

2018 November

Remote Packet Dumps from PacketCache

2018 September

Reverse Engineering Proprietary ICS Protocols

2018 August

NetworkMiner 2.3.2 Released!

2018 July

Detecting the Pony Trojan with RegEx using CapLoader

CapLoader 1.7 Released

2018 April

NetworkMiner 2.3 Released!

2018 February

Examining Malware Redirects with NetworkMiner Professional

Analyzing Kelihos SPAM in CapLoader and NetworkMiner

Antivirus Scanning of a PCAP File

Examining an x509 Covert Channel

Zyklon Malware Network Forensics Video Tutorial

2017 December

Don't Delete PCAP Files - Trim Them!

2017 October

CapLoader 1.6 Released

2017 September

Hunting AdwindRAT with SSL Heuristics

2017 August

NetworkMiner 2.2 Released

2017 April

Network Forensics Training in London

Domain Whitelist Benchmark: Alexa vs Umbrella

2017 March

CapLoader 1.5 Released

Enable file extraction from PCAP with NetworkMiner in six steps

2017 February

10 Years of NetworkMiner

2017 January

Network Forensics Training at TROOPERS 2017

NetworkMiner 2.1 Released

2016 November

BlackNurse Denial of Service Attack

2016 October

Reading cached packets with Wireshark

Detect TCP content injection attacks with findject

2016 September

PacketCache lets you Go Back in Time

Bug Bounty PCAP T-shirts

2016 May

Detecting Periodic Flows with CapLoader 1.4

2016 March

Packet Injection Attacks in the Wild

2016 February

Analyzing Web Browsing Activity

NetworkMiner 2.0 Released

2015 December

Network Forensics Training at TROOPERS

2015 November

BPF is your Friend

From 4SICS with ICS PCAP Files

2015 October

Port Independent Protocol Detection

2015 September

CapLoader 1.3 Released

Covert Man-on-the-Side Attacks

2015 August

Rinse-Repeat Intrusion Detection

2015 June

Two-day Network Forensics Class in Stockholm

T-shirt : PCAP or it didn't happen

2015 March

China's Man-on-the-Side Attack on GitHub

2015 January

Chinese MITM attack on

2014 November

Observing the Havex RAT

2014 October

Full Disclosure of Havex Trojans

Chinese MITM Attack on iCloud

Verifying Chinese MITM of Yahoo

2014 September

Analysis of Chinese MITM on Google

2014 June

Running NetworkMiner on Mac OS X

NetworkMiner 1.6 Released

2014 May

PCAP or it didn't happen

2014 April

Keyword Search in PCAP files

2014 March

Carving Network Packets from Memory Dump Files

Search and Carve Packets with CapLoader 1.2

2014 February

HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux

2013 October

Command-line Forensics of hacked

DNS whitelisting in NetworkMiner

2013 September

New features in NetworkMiner 1.5

2013 August

Security Advisory: Two Vulnerabilities in NetworkMiner

2013 April

Detecting TOR Communication in Network Traffic

2013 February

Extracting Metadata from PcapNG files

Forensics of Chinese MITM on GitHub

2013 January

Analyzing 85 GB of PCAP in 2 hours

CapLoader 1.1 Released

2012 December

HowTo handle PcapNG files

2012 November

Convert Endace ERF capture files to PCAP

2012 September

Install NetworkMiner with apt-get

2012 August

SCADA Network Forensics with IEC-104

NetworkMiner 1.4 Released

2012 July

WPAD Man in the Middle

2012 June

Extracting DNS queries

2012 April

CapLoader Video Tutorial

NetworkMiner 1.3 Released

Fast analysis of large pcap files with CapLoader

2012 January

Security Onion includes NetworkMiner

2011 December

No more Wine - NetworkMiner in Linux with Mono

REMnux now includes NetworkMiner

Richard, Russ and Adrian trying NetworkMiner Professional

2011 November

NetworkMiner 1.2 Released

Passive OS Fingerprinting


NETRESEC on Twitter

Follow @netresec on twitter:


Recommended Books

» The Practice of Network Security Monitoring, Richard Bejtlich (2013)

» Applied Network Security Monitoring, Chris Sanders and Jason Smith (2013)

» Network Forensics, Sherri Davidoff and Jonathan Ham (2012)

» The Tao of Network Security Monitoring, Richard Bejtlich (2004)

» Practical Packet Analysis, Chris Sanders (2017)

» Windows Forensic Analysis, Harlan Carvey (2009)

» TCP/IP Illustrated, Volume 1, Kevin Fall and Richard Stevens (2011)

» Industrial Network Security, Eric D. Knapp and Joel Langill (2014)