archive
Category: Network Forensics

2014/12/09

IOCs; How to Create, Manage, and Understand -The Manifesto-

by InterDimensional_Shambler
Categories: Analysis, Host Forensics, Network Forensics
Tags: No Tags
Comments: Leave a Comment

How to Create, Manage, and Understand IOCs -The Manifesto- [OpenIOC Background] What are they and how does it pertain to IOCs? OpenIOC is a framework developed by mandiant to take CUSTOM Indicators of Compromise and put them into an extensible XML schema for the intention of scanning host(s) with. This type of approach is a[…]

2014/07/17

How to setup SNORT to test CUSTOM rules against PCAP files in Windows

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: ,
Comments: Leave a Comment

How to setup SNORT to test CUSTOM rules against PCAP files in Windows This article will show you how to SETUP SNORT in Windows to test custom rules against a PCAP file. Important Notes: PCAP Encapsulation type must be set to ether and the capture type should be set to libpcap. If you have wireshark[…]

2014/07/14

SANS GIAC Certified Incident Handler (GCIH) Course Review

by Otakun
Categories: Network Forensics, News
Tags: ,
Comments: 2 Comments

Hey Guys and Gals, So, fairly recently (April 2014), I’ve passed the SANS GIAC Certified Incident Handler (GCIH) exam, and I wanted to write a quick review of the course. If you are thinking about taking the course, hopefully this will help a bit. This was my first SANS course, and even though I was[…]

2014/04/13

Yet Another HeartBleed Analysis

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: No Tags
Comments: Leave a Comment

Yet Another HeartBleed Analysis (Bonus: Incident Response): By InterDimSham Preparation What’s affected Any device implementing OpenSSL 1.0.1 through 1.0.1f. How it Works Heartbeat is an extension of the TLS/DTLS protocol. The heartbeat is used as a keep-alive function without having to re-neg(otiate). The attack allows someone to get ~64KB of memory from a server running[…]

2014/04/09

Wireshark Primer: Manual Carve HTTP Objects

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: ,
Comments: Leave a Comment

Wireshark Primer: Manual Carve HTTP Objects Description: This is the first wireshark primer article (there will be more) on how to manually carve HTTP objects from network dumps (PCAPs) using wireshark. A lot of this can be done automatically with tools like network miner, photorec, bulk extractor, and foremost but this article is meant to[…]


Today is Tuesday
2018/01/23