𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Nov 28, 2024
Nice malware lab setup using FLARE VM, #PolarProxy and #REMnux to decrypt and inspect TLS traffic.
https://www.koenmolenaar.nl/nl/write-ups/jeff0falltrades-sandbox-crackme/
jeFF0Falltrades Sandbox Crackme

A write-up of jeFF0Falltrades Crackme challenge, which was part of his DIY Malware Analysis Sandbox series.

Koen Molenaar / Home
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲May 2, 2024
PolarProxy now supports rule based logic for determining if a session should be allowed to pass through, get blocked or if the TLS encrypted data should be inspected (i.e. decrypted and re-encrypted) by the proxy. This rule based logic can be used to turn #PolarProxy into a TLS firewall.
https://netresec.com/?b=2451e98
PolarProxy 1.0 Released

I am thrilled to announce the release of PolarProxy version 1.0 today! Several bugs that affected performance, stability and memory usage have now been resolved in our TLS inspection proxy. PolarProxy has also been updated with better logic for importing external root CA certificates and the HAProxy[...]

Netresec
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Nov 16, 2023
Nice use of #PolarProxy to decrypt TLS C2 traffic from #RustyStealer
https://www.dfirsec.au/different-but-same/
Different Methods, Same Results

Introduction During my free time I enjoy doing some light malware analysis, utilising sites like MalwareBazaar, any.run, vx-underground, etc to obtain samples. Sometimes these samples are good where all the threat actor infrastructure is still active, which leads to some interesting analysis and other times these samples are rather

DFIRSec