NETRESEC - Network Forensics and Network Security MonitoringGh0stKCP Protocol
https://web.brid.gy/r/https://www.netresec.com/?page=Blog&month=2025-09&post=Gh0stKCP-Protocol
๐ฝ๐ด๐๐๐ด๐๐ด๐ฒ
Detecting PureLogs traffic with CapLoader
CapLoader includes a feature for Port Independent Protocol Identification (PIPI), which can detect which protocol is being used inside of TCP and UDP sessions without relying on the port number. In this video CapLoader identifies the PureLogs C2 protocol. The PureLogs protocol detection was added to[...]
Extracting a #CobaltStrike beacon config from #PCAP in 5 simple steps:
๐ #CapLoader
โ๏ธ #NetworkMiner
โจ๏ธ cmd.exe
๐ 1768 K
๐ฆนโโ๏ธ Cobalt Strike Beacon Config
Full video, writeup and link to pcap file is available here:
https://netresec.com/?b=21536fc
Detecting Cobalt Strike and Hancitor traffic in PCAP
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: ๐ฑ OMG he's analyzing Windows malware on a Windows PC!!! Relax, I know what I'm doing. I have also taken the precaution of analyzing the PCAP f[...]