Collaborate Disseminate
I`m trying to execute YAIDS (installed on ubuntu with quickinstall script) regarding to the general documentation usage in order to analyse a malicious pcap file with the standard ruleset of index.yar from the official rules-master reposit… Continue reading YAIDS execution error without further error log information
I want to use libpcap to listen to the network traffic on another server on my home WiFi network. In this scenario i already know the password and ssid.
I have already changed my network adaptor to be in monitor mode and I can connect and … Continue reading Listening to other network traffic on a known WiFi network using libpcap
Hot on the heels of the previous CyberDefenders Challenge Solution comes this noisy installment which solves their Acoustic challenge. You can find the source Rmd on GitHub, but I’m also testing the limits of WP’s markdown rendering and putting it in-s… Continue reading Acoustic: Solving a CyberDefenders PCAP SIP/RTP Challenge with R, Zeek, tshark (& friends)
It was a rainy weekend in southern Maine and I really didn’t feel like doing chores, so I was skimming through RSS feeds and noticed a link to a PacketMaze challenge in the latest This Week In 4n6. Since it’s also been a while since I’ve done any serio… Continue reading Packet Maze: Solving a CyberDefenders PCAP Puzzle with R, Zeek, and tshark
By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as … Continue reading Corelight Sensors detect the ChaChi RAT
We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American time. The contents are exactly the same in both classes. The training is … Continue reading Network Forensics Classes for EU and US
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you’re going: 😱 OMG he’s analyzing Windows malware on a Windows PC!!! Relax, I know what I’m doing. I have al… Continue reading Detecting Cobalt Strike and Hancitor traffic in PCAP
These days, embedded systems often have networks and that can make them significantly more complex. Networks are usually pretty nondeterministic and there are a variety of oddball conditions. For example, …read more Continue reading Linux Fu: A Little Bit of (Network) History Repeating Itself
When I run Snort on a pcap file (that contains malicious traffic), it does not detect anything.
I uncommented the rules path in Step #7 at snort.conf. Nothing is changed.
How to let Snort detect attacks from test.pcap and generate a log fi… Continue reading Snort does not detect attacks when running in offline mode
When running Snort on pcap using the following command :
$ snort -r /home/mina/Downloads/test.pcap -c /etc/snort/snort.conf -l /var/log/snort/
This generate a log file snort.log.xxxxxxx, but this file is empty (0 bytes)
Packet I/O Totals:… Continue reading Snort log file snort.log.xxxxxxx is empty [closed]