shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

263
active users

#pcap

0 posts0 participants0 posts today
Adam ♿<p>[Still haven't sorted this as of 2025-07-12]</p><p><a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AskFedi</span></a> <a href="https://aus.social/tags/BoostsAreAppreciated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BoostsAreAppreciated</span></a> <a href="https://aus.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://aus.social/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> <a href="https://aus.social/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Networking</span></a> <a href="https://aus.social/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCAP</span></a></p><p>I am looking for some kind of VM or system I can run to create a network that I can put an untrusted device on to and allow/deny all its connections one by one - think auditioning a new TV or IOT device rather than out-and-out hostile malware. Assume I will also dump packets for investigation.</p><p>Security Onion looks like overkill but I'd like to avoid writing my own firewall rules if possible.</p>
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲<p>CapLoader 2.0 released today!<br>🔎 Identifies over 250 protocols in <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCAP</span></a><br>🎨 Define protocols from example traffic<br>🇶 Extracts JA3, JA4 and SNI from QUIC<br>💻 10x faster user interface<br><a href="https://netresec.com/?b=256dbbc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">netresec.com/?b=256dbbc</span><span class="invisible"></span></a></p>
Seth GroverRelease notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲<p>Comparison of tools that extract files from <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCAP</span></a> <br>:neocat_book: Chaosreader<br>⛏️ NetworkMiner<br>🐿️ Suricata<br>🫗 tcpflow<br>🦈 Wireshark<br>👁️ Zeek<br><a href="https://netresec.com/?b=255329f" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">netresec.com/?b=255329f</span><span class="invisible"></span></a></p>
DNS-OARC<p><a href="https://mastodns.net/tags/dnscap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnscap</span></a> v2.3.1 released!<br>- fix 64bit time structures on 32bit platforms<br>- require libpcap with `DLT_LINUX_SLL2` support<br>^JL<br><a href="https://mastodns.net/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://mastodns.net/tags/Capture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Capture</span></a> <a href="https://mastodns.net/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCAP</span></a> <a href="https://mastodns.net/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a><br><a href="https://github.com/DNS-OARC/dnscap/releases/tag/v2.3.1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/DNS-OARC/dnscap/rel</span><span class="invisible">eases/tag/v2.3.1</span></a></p>
Brad<p>2024-12-04 (Wednesday): <a href="https://infosec.exchange/tags/AgentTesla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AgentTesla</span></a> variant using FTP for data exfiltration. </p><p>Don't know if this is OriginLogger Snake (Key) Logger, VIP Recovery/VIP Key Logger, but it's a variant of AgentTesla.</p><p>I've posted a sanitized copy of the email distributing the malware, a <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> from an infection run, the associated <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> samples, and a list of indicators at <a href="https://www.malware-traffic-analysis.net/2024/12/04/index.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">024/12/04/index.html</span></a></p>
Brad<p>Social media post I authored for my employer at <a href="https://www.linkedin.com/posts/unit42_malspam-guloader-remcos-ugcPost-7234210583800135680-3F6J/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linkedin.com/posts/unit42_mals</span><span class="invisible">pam-guloader-remcos-ugcPost-7234210583800135680-3F6J/</span></a> and <a href="https://x.com/Unit42_Intel/status/1828444963001995599" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">x.com/Unit42_Intel/status/1828</span><span class="invisible">444963001995599</span></a></p><p>2024-08-26 (Monday): <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malspam</span></a> pushing <a href="https://infosec.exchange/tags/GuLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GuLoader</span></a> for <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Remcos</span></a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> (<a href="https://infosec.exchange/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemcosRAT</span></a>). Steals login credentials and runs <a href="https://infosec.exchange/tags/keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keylogger</span></a>. Indicators available at <a href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/PaloAltoNetworks/Un</span><span class="invisible">it42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt</span></a></p><p>A <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> of the GuLoader/Remcos RAT infection traffic and the associated <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malspam</span></a>, <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> and artifacts are available at <a href="https://malware-traffic-analysis.net/2024/08/26/index.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">024/08/26/index.html</span></a></p>
Alexandre Dulaunoy<p>Does someone know what happen to <a href="http://www.pcapr.net/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://www.</span><span class="">pcapr.net/</span><span class="invisible"></span></a> ? if the code behind this tool was released as open source ? </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>network</span></a> <a href="https://infosec.exchange/tags/networkanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networkanalysis</span></a></p>
Brad<p>From a tweet for my employer on the bird site: <a href="https://twitter.com/Unit42_Intel/status/1654133112035590145" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/Unit42_Intel/statu</span><span class="invisible">s/1654133112035590145</span></a></p><p>2023-05-02 (Tuesday): obama259 <a href="https://infosec.exchange/tags/Qakbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Qakbot</span></a> (<a href="https://infosec.exchange/tags/Qbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Qbot</span></a>) infection led to <a href="https://infosec.exchange/tags/BackConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackConnect</span></a> activity on 46.151.30[.]109:443. Approximately 12 hours later, <a href="https://infosec.exchange/tags/DarkCatVNC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarkCatVNC</span></a> traffic appeared using the same IP address. IOCs available at <a href="https://github.com/pan-unit42/tweets/blob/master/2023-05-02-IOCs-for-obama259-Qakbot.txt" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/pan-unit42/tweets/b</span><span class="invisible">lob/master/2023-05-02-IOCs-for-obama259-Qakbot.txt</span></a></p><p>16 sanitized emails, associated malware samples, and a <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> of the Qakbot infection traffic with Dark Cat VNC are now available at <a href="https://malware-traffic-analysis.net/2023/05/02/index.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">023/05/02/index.html</span></a></p>
Scientific Frontline<p>Software of the week.<br>Nethor <br>A free <a href="https://mastodon.social/tags/packet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packet</span></a> <a href="https://mastodon.social/tags/analyzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>analyzer</span></a> and visualization tool for Windows that can capture and decode data packets, and also allows working with multiple open <a href="https://mastodon.social/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCAP</span></a>/PCAPNG files, operated as one, from a modern UI. It visualizes packets on a timeline, displays nodes on a world map and it lets you arrange connections in a matrix.<br><a href="https://mastodon.social/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://mastodon.social/tags/sflorg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sflorg</span></a><br><a href="https://www.sflorg.com/p/software.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="">sflorg.com/p/software.html</span><span class="invisible"></span></a></p>
Scott Hall<p><a href="https://infosec.exchange/tags/introductions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introductions</span></a> <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a></p><p>I'm Scott. I live in Louisville, Kentucky USA. My job is helping people deploy, manage, and use network detection and response tools. For the past 10 years I've been a part of the network security monitoring and network forensics community (design/engineering/management/support), and the 20+ years before that doing IT operations management and monitoring. I'm also a Papaw that enjoys sedentary Papaw hobbies like tabletop role-playing games, model railroads, and making the beep boops on synthesizers and sequencers. </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/netsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netsec</span></a><br><a href="https://infosec.exchange/tags/zeek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeek</span></a> <a href="https://infosec.exchange/tags/suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>suricata</span></a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> <br><a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threathunting</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forensics</span></a></p>