Collaborate Disseminate
Ten to fifteen years ago, a company having FPC (full packet capture) was an indicator of the seriousness of the company’s information security efforts. Having trained analysts that could use those packets to analyze alerts from NSM devices was an even… Continue reading Packet Captures in the Age of TLS
The latest version of Arkime (The Sniffer Formerly Known As Moloch) can now be fed with a real-time stream of decrypted HTTPS traffic from PolarProxy. All that is needed to enable this feature is to include ‘pcapReadMethod=pcap-over-ip-server’ in Arkim… Continue reading Capturing Decrypted TLS Traffic with Arkime
I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.
[The post [SANS ISC] The easy way to analyze huge amounts of PCAP data has been first published on /dev/random]
Continue reading [SANS ISC] The easy way to analyze huge amounts of PCAP data