archive
Tag: Network Forensics

2016/06/28

Security Tools Page

Security Tools Page Introduction Destruct_Icon here. I wanted to post about a new addition to our site. We’ve added a page devoted to security tools. Just click on the “Security Tools” option in the Menu. Here we will be adding tools and categorizing their use for quick searching capabilities. We plan to create posts for each[…]

2016/03/29

Network Forensics – Round 7: Ann’s Dark Tangent

Network Forensics – Round 7: Ann’s Dark Tangent The Puzzle: Ann’s Dark Tangent (DEFCON 2010) Ann has arranged a rendezvous with Dark Tangent. You are the forensic investigator. Can you figure out their destination? Again for this challenge I utilized the same tools as the other rounds to accomplish the above tasks. There are always[…]

2015/10/12

Network Forensics – Round 6: Ann’s Aurora

:Network Forensics – Round 6: Ann’s Aurora: The puzzle: Ann’s Aurora Ann Dercover is after SaucyCorp’s Secret Sauce recipe. She’s been trailing the lead developer, Vick Timmes, to figure out how she can remotely access SaucyCorp’s servers. One night, while conducting reconnaissance, she sees him log into his laptop (10.10.10.70) and VPN into SaucyCorp’s headquarters.[…]

2015/09/01

Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware

:Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware: The puzzle: It was a morning ritual. Ms. Moneymany sipped her coffee as she quickly went through the email that arrived during the night. One of the messages caught her eye, because it was clearly spam that somehow got past the email filter. The message extolled[…]

2015/07/21

Network Forensics – Round 4: The Curious Mr. X

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

Network Forensics – Round 4: The Curious Mr. X Round 4! Below is the scenario for round 4 in the Network Forensics Challenge Series: While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facility’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a compromised system), he conducts some noisy[…]

2015/05/05

Network Forensics – Round 3: Ann’s Apple TV

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

: Network Forensics Round 3! : Ann’s Apple TV Below is the scenario for round 3 in the network forensic challenge series: Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann[…]

2015/04/20

Network Forensics – Round 2: Ann Skips Bail

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: Leave a Comment

: Network Forensics – Round 2 : The second puzzle in the network forensic challenge series. Below is the background on the scenario: After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town. “We believe Ann may have communicated with her secret lover, Mr. X,[…]

2015/03/11

Network Forensics – Round 1: Ann’s Bad AIM

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 5 Comments

I recently came across one of the old DefCon puzzle challenges from back in 2009. I hadn’t done this challenge before so I decided to give it a shot. This is the first of a series of network forensic challenges. Below is the background on the challenge: Puzzle #1: Ann’s Bad AIM Anarchy-R-Us, Inc. suspects[…]

2014/07/17

How to setup SNORT to test CUSTOM rules against PCAP files in Windows

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: ,
Comments: Leave a Comment

How to setup SNORT to test CUSTOM rules against PCAP files in Windows This article will show you how to SETUP SNORT in Windows to test custom rules against a PCAP file. Important Notes: PCAP Encapsulation type must be set to ether and the capture type should be set to libpcap. If you have wireshark[…]

2014/04/09

Wireshark Primer: Manual Carve HTTP Objects

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: ,
Comments: Leave a Comment

Wireshark Primer: Manual Carve HTTP Objects Description: This is the first wireshark primer article (there will be more) on how to manually carve HTTP objects from network dumps (PCAPs) using wireshark. A lot of this can be done automatically with tools like network miner, photorec, bulk extractor, and foremost but this article is meant to[…]


Today is Tuesday
2017/06/27