Monday, 05 February 2018 07:30:00 (UTC/GMT)
We are releasing a
series of network forensics video tutorials
throughout the next few weeks.
First up is this analysis of a PCAP file containing network traffic from the "Zyklon H.T.T.P." malware.
Analyzing a Zyklon Trojan with Suricata and NetworkMiner
Your browser does not support the video tag.
Resources https://www.malware-traffic-analysis.net/2017/07/22/index.html https://github.com/Security-Onion-Solutions/security-onion https://www.arbornetworks.com/blog/asert/wp-content/uploads/2017/05/zyklon_season.pdf http://doc.emergingthreats.net/2017930 IOCs
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168pre) Gecko/20070302 BonEcho/22.214.171.124pre
Posted by Erik Hjelmvik on Monday, 05 February 2018 07:30:00 (UTC/GMT)
Monday, 10 September 2012 13:15:00 (UTC/GMT)
Doug Burks has done a great work integrating
One really cool thing he has done is to build a Debian repository that includes NetworkMiner.
This means that NetworkMiner (and its dependencies) can be installed on Debian / Ubuntu machines by using apt-get!
How to install NetworkMiner with a one-liner:
sudo add-apt-repository -y ppa:securityonion/stable && sudo apt-get update && sudo apt-get -y install securityonion-networkminer
You can then start NetworkMiner with the following syntax:
NetworkMiner running on a vanilla Xubuntu machine
Users of non-Debian OS's (i.e. other Linux flavors as well as
Mac OS X and FreeBSD) will, however,
still need to install NetworkMiner and Mono manually.
NetworkMiner is now available in a few additional Linux packet handlers, such as Fedora's yum and Arch Linux's pacman.
For more details, please see our
HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux blog post.
There are also instructions available for how to install NetworkMiner on Mac OS X.
Posted by Erik Hjelmvik on Monday, 10 September 2012 13:15:00 (UTC/GMT)
# Security Onion