series of network forensic video tutorials covers a quick and crude way to scan a PCAP file for malware. It's all done locally without having to run the PCAP through an IDS. Kudos to Lenny Hanson for showing me this little trick!
Antivirus Scanning of a PCAP File
- SWF/Neclu.B on VirusTotal
- CVE-2015-0311 (Flash Player vulnerability exploited by Neclu)
- Win32/Simda.AT on VirusTotal (Kryptik)
Posted by Erik Hjelmvik on Monday, 12 February 2018 08:00:00 (UTC/GMT)