Clik here to view.
Blocking Malicious sites with a TLS Firewall
Over 90 percent of all web traffic is encrypted nowadays, which is great of course. However, as HTTP and DNS traffic gets encrypted, defenders have a more difficult time blocking malicious network...
View ArticleClik here to view.
PolarProxy 1.0.1 Released
The new release of PolarProxy generates JA4 fingerprints and enables ruleset to match on specific decryption errors, for example to enable fail-open in case the TLS traffic cannot be decrypted and...
View ArticleClik here to view.
How to set PCAP as default save file format in Wireshark
Did you know that there is a setting in Wireshark for changing the default save file format from pcapng to pcap? In Wireshark, click Edit, Preferences. Then select Advanced and look for the...
View ArticleClik here to view.
NetworkMiner 3.0 Released
I am very proud to announce the release of NetworkMiner 3.0 today! This version brings several new protocols as well as user interface improvements to NetworkMiner. We have also made significant...
View ArticleClik here to view.
Online Network Forensics Training
I will teach a live online class next month. The subject for the class is Network Forensics for Incident Response. The training is split into four interactive 4-hour sessions, so that you have the...
View ArticleClik here to view.
How to Install NetworkMiner in Linux
This guide shows how to install the latest version of NetworkMiner in Linux. To install an older NetworkMiner release, prior to version 3.0, please see our legacy NetworkMiner in Linux guide.STEP 1:...
View ArticleDecoding njRAT traffic with NetworkMiner
I investigate network traffic from a Triage sandbox execution of njRAT in this video. The analysis is performed using NetworkMiner in Linux (REMnux to be specific).About njRAT / Bladabindi njRAT is a...
View ArticleClik here to view.
Comparison of tools that extract files from PCAP
One of the premier features in NetworkMiner is the ability to extract files from captured network traffic in PCAP files. NetworkMiner reassembles the file contents by parsing protocols that are used...
View Article