Category Archives: Networking

2016-03-24 – ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE

In this Traffic we get the chance to look at 2 infections from the same site, but I will concentrate mainly on the exploit kits themselves and the similarities between them noticed while looking at the decoded source code. You … Continue reading

Posted in Malware, Networking, security | Tagged , ,

2016-02-28 – TRAFFIC ANALYSIS EXERCISE – IDEAL VERSUS REALITY

Here is another Malware Traffic Exercise write-up. http://www.malware-traffic-analysis.net/2016/02/28/index.html Scenario: What’s my definition of a security analyst? Security analysts are responsible for monitoring their employer’s network and providing near-real-time detection of suspicious activity. Ideally, these analysts have access to intrusion detection … Continue reading

Posted in Networking, security | Tagged ,

2016-02-06 – TRAFFIC ANALYSIS EXERCISE – NETWORK ALERTS AT CUPID’S ARROW ONLINE

Scenario: You recently hired on as a security analyst for Cupid’s Arrow Online, the largest online retailer for novelty arrows world-wide. Unfortunately, it’s after normal work hours, and you’re the only person reviewing network events. You silently curse your coworker … Continue reading

Posted in Computer, Malware, Networking, security | Tagged ,

2016-01-07 – TRAFFIC ANALYSIS EXERCISE – ALERTS ON 3 DIFFERENT HOSTS

SCENARIO: You are working as an analyst reviewing suspicious network events at your organization’s Security Operations Center (SOC). Things have been quiet for a while. However, you notice several alerts occur within minutes of each other on 3 separate hosts. … Continue reading

Posted in Malware, Networking, security | Tagged , | 1 Comment

Wireshark and TShark Timestamps

I am currently working on the latest Malware traffic analysis exercise located here Titled “2016-01-07 – TRAFFIC ANALYSIS EXERCISE – ALERTS ON 3 DIFFERENT HOSTS” I used the command line to run TShark  with this command to extract just the … Continue reading

Posted in Networking, security, System Tools | Tagged , , | 1 Comment

A little more on Wireshark and Pcap time stamps

In my last post I talked about getting a unique list of User-Agent strings and as a bonus I discovered that you can travel back and forth from Wireshark to a hex editor and back using the time stamps. In … Continue reading

Posted in Networking, security, System Tools | Tagged , , , | 1 Comment

Wireshark , Pcap files, User-Agent strings and Malware

Recently I have been going thru the malware traffic exercises created by Brad Duncan of “malware-traffic-analysis.net”. In my last post on a exercise I started wondering about the User-Agent strings used with malware as a way to possibly narrow in … Continue reading

Posted in Malware, Networking, System Tools | Tagged , | 2 Comments