Collaborate Disseminate
I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: The PCAP file format is everywhere. Many applications generate PCAP files based on information collected on the network. Then, they can be used as evidence, as another data source for investigations and much more. There exist plenty of
[The post [SANS ISC] Generating PCAP Files from YAML has been first published on /dev/random]
I’m very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic. PolarProxy enables you to do lots of things … Continue reading PolarProxy Released
I published the following diary on isc.sans.org: “Truncating Payloads and Anonymizing PCAP files“: Sometimes, you may need to provide PCAP files to third-party organizations like a vendor support team to investigate a problem with your network. I was looking for a small tool to anonymize network traffic but also to
[The post [SANS ISC] Truncating Payloads and Anonymizing PCAP files has been first published on /dev/random]
Continue reading [SANS ISC] Truncating Payloads and Anonymizing PCAP files
I published the following diary on isc.sans.org: “Converting PCAP Web Traffic to Apache Log“: PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol
[The post [SANS ISC] Converting PCAP Web Traffic to Apache Log has been first published on /dev/random]
Continue reading [SANS ISC] Converting PCAP Web Traffic to Apache Log
The free and open source network forensics tool NetworkMiner now comes with improved extraction of files and metadata from several protocols as well as a few GUI updates. But the biggest improvements for version 2.3 are in the commercial tool NetworkMi… Continue reading NetworkMiner 2.3 Released!
I published the following diary on isc.sans.org: “Comment your Packet Captures!“: When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best” way to take notes, some people use electronic solutions while others are using good
[The post [SANS ISC] Comment your Packet Captures! has been first published on /dev/random]
I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.
[The post [SANS ISC] The easy way to analyze huge amounts of PCAP data has been first published on /dev/random]
Continue reading [SANS ISC] The easy way to analyze huge amounts of PCAP data
Security information and event management solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets. Continue reading Researcher Warns SIEMs Are Weak Link In Network Security Chain
CapTipper is a Python tool to explore malicious HTTP traffic, it can also help analyse and revive captured sessions from PCAP files. It sets up a web server that acts exactly as the server in the PCAP file and contains internal tools with a powerful interactive console for analysis and inspection of the hosts, objects […]
The post CapTipper…
Read the full post at darknet.org.uk