One of the new features in NetworkMiner 2.9 is a TZSP streaming server. It is designed to read a real-time stream of sniffed packets from Mikrotik routers. This method for remote sniffing can be used to capture packets regardless if NetworkMiner is running in Windows or Linux. How to Sniff Packets w[...]
I am happy to announce the release of NetworkMiner 2.8 today! This new version comes with an improved user interface, better parsing of IEC-104 traffic and decapsulation of CAPWAP traffic. The professional edition of NetworkMiner additionally adds port-independent detection of SMTP and SOCKS traffic[...]
NetworkMiner is now available as a package in the reverse engineering platform FLARE VM. You can either select the networkminer.vm package in the installer or install NetworkMiner later on from the command line. NetworkMiner can be installed in FLARE VM from an admin shell by running choco install n[...]
Extracting a #CobaltStrike beacon config from #PCAP in 5 simple steps:
๐ #CapLoader
โ๏ธ #NetworkMiner
โจ๏ธ cmd.exe
๐ 1768 K
๐ฆนโโ๏ธ Cobalt Strike Beacon Config
Full video, writeup and link to pcap file is available here:
https://netresec.com/?b=21536fc
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: ๐ฑ OMG he's analyzing Windows malware on a Windows PC!!! Relax, I know what I'm doing. I have also taken the precaution of analyzing the PCAP f[...]
๐ฝ๐ด๐๐๐ด๐๐ด๐ฒ
0xD 
