New tool released: #FlowCarp
🔍️Identifies protocols without port numbers
🔨 Build protocol detection from example traffic
➡️ Input: PCAP or PcapNG
⬅️ Output: Flows and/or Alerts
https://t.co/3sqnfOpN4a
Started turning Suricata signatures into MIDI sequences for the sole reason of annoying my team members, I'll let you have a peek.
You are about to *listen* to this DNS signature.
Yours truly,
@ozuriexv
https://t.co/ajuTj4X5zS
CapLoader now has an Alerts tab that identifies malicious protocols! It also alerts on typical C2 behavior, such as long running TCP sessions, periodic connections to a C2 server and port-protocol mismatches. Video and PCAP file available in the blog post.
https://t.co/6pna6ar29k
At a fundamental level, the world exists in two forms. It exists as it is, and it exists as we perceive it. It's critically important for those with an investigative mindset to understand that those two things are often not the same at all.
!!!!
IBM surveyed 1,100 IR team members across 10 companies about stress & well-being, and shared the results. I cannot tell you how neat this is. I'm fairly sure this is some of the first published info on stress in in-the-trenches infosec folks. SO HYPE.
https://t.co/FtzpsqWAym
There’s a little known feature in #Wireshark that allows a PCAP stream to be read from a TCP socket. This can be used to read decrypted TLS traffic directly from #PolarProxy.
https://t.co/UM7LXkmNy8