Shakedown Social

Adam ♿[Still haven't sorted this as of 2025-07-12]<a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#AskFedi</a> <a href="https://aus.social/tags/BoostsAreAppreciated" class="mention hashtag" rel="nofollow noopener" target="_blank">#BoostsAreAppreciated</a> <a href="https://aus.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://aus.social/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSD</a> <a href="https://aus.social/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Networking</a> <a href="https://aus.social/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PCAP</a>I am looking for some kind of VM or system I can run to create a network that I can put an untrusted device on to and allow/deny all its connections one by one - think auditioning a new TV or IOT device rather than out-and-out hostile malware. Assume I will also dump packets for investigation.Security Onion looks like overkill but I'd like to avoid writing my own firewall rules if possible.

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲CapLoader 2.0 released today! 🔎 Identifies over 250 protocols in <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PCAP</a> 🎨 Define protocols from example traffic 🇶 Extracts JA3, JA4 and SNI from QUIC 💻 10x faster user interface <a href="https://netresec.com/?b=256dbbc" rel="nofollow noopener" translate="no" target="_blank">https://netresec.com/?b=256dbbc</a>

Seth GroverRelease notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Comparison of tools that extract files from <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PCAP</a> :neocat_book: Chaosreader ⛏️ NetworkMiner 🐿️ Suricata 🫗 tcpflow 🦈 Wireshark 👁️ Zeek <a href="https://netresec.com/?b=255329f" rel="nofollow noopener" translate="no" target="_blank">https://netresec.com/?b=255329f</a>

DNS-OARC<a href="https://mastodns.net/tags/dnscap" class="mention hashtag" rel="nofollow noopener" target="_blank">#dnscap</a> v2.3.1 released! - fix 64bit time structures on 32bit platforms - require libpcap with `DLT_LINUX_SLL2` support ^JL <a href="https://mastodns.net/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://mastodns.net/tags/Capture" class="mention hashtag" rel="nofollow noopener" target="_blank">#Capture</a> <a href="https://mastodns.net/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PCAP</a> <a href="https://mastodns.net/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://github.com/DNS-OARC/dnscap/releases/tag/v2.3.1" rel="nofollow noopener" translate="no" target="_blank">https://github.com/DNS-OARC/dnscap/releases/tag/v2.3.1</a>

Brad2024-12-04 (Wednesday): <a href="https://infosec.exchange/tags/AgentTesla" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgentTesla</a> variant using FTP for data exfiltration. Don't know if this is OriginLogger Snake (Key) Logger, VIP Recovery/VIP Key Logger, but it's a variant of AgentTesla.I've posted a sanitized copy of the email distributing the malware, a <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> from an infection run, the associated <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> samples, and a list of indicators at <a href="https://www.malware-traffic-analysis.net/2024/12/04/index.html" rel="nofollow noopener" translate="no" target="_blank">https://www.malware-traffic-analysis.net/2024/12/04/index.html</a>

BradSocial media post I authored for my employer at <a href="https://www.linkedin.com/posts/unit42_malspam-guloader-remcos-ugcPost-7234210583800135680-3F6J/" rel="nofollow noopener" translate="no" target="_blank">https://www.linkedin.com/posts/unit42_malspam-guloader-remcos-ugcPost-7234210583800135680-3F6J/</a> and <a href="https://x.com/Unit42_Intel/status/1828444963001995599" rel="nofollow noopener" translate="no" target="_blank">https://x.com/Unit42_Intel/status/1828444963001995599</a>2024-08-26 (Monday): <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener" target="_blank">#malspam</a> pushing <a href="https://infosec.exchange/tags/GuLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#GuLoader</a> for <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Remcos</a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> (<a href="https://infosec.exchange/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemcosRAT</a>). Steals login credentials and runs <a href="https://infosec.exchange/tags/keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#keylogger</a>. Indicators available at <a href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt" rel="nofollow noopener" translate="no" target="_blank">https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt</a>A <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> of the GuLoader/Remcos RAT infection traffic and the associated <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener" target="_blank">#malspam</a>, <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> and artifacts are available at <a href="https://malware-traffic-analysis.net/2024/08/26/index.html" rel="nofollow noopener" translate="no" target="_blank">https://malware-traffic-analysis.net/2024/08/26/index.html</a>

Alexandre DulaunoyDoes someone know what happen to <a href="http://www.pcapr.net/" rel="nofollow noopener" translate="no" target="_blank">http://www.pcapr.net/</a> ? if the code behind this tool was released as open source ? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#network</a> <a href="https://infosec.exchange/tags/networkanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#networkanalysis</a>

BradFrom a tweet for my employer on the bird site: <a href="https://twitter.com/Unit42_Intel/status/1654133112035590145" rel="nofollow noopener" target="_blank">https://twitter.com/Unit42_Intel/status/1654133112035590145</a>2023-05-02 (Tuesday): obama259 <a href="https://infosec.exchange/tags/Qakbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qakbot</a> (<a href="https://infosec.exchange/tags/Qbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qbot</a>) infection led to <a href="https://infosec.exchange/tags/BackConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackConnect</a> activity on 46.151.30[.]109:443. Approximately 12 hours later, <a href="https://infosec.exchange/tags/DarkCatVNC" class="mention hashtag" rel="nofollow noopener" target="_blank">#DarkCatVNC</a> traffic appeared using the same IP address. IOCs available at <a href="https://github.com/pan-unit42/tweets/blob/master/2023-05-02-IOCs-for-obama259-Qakbot.txt" rel="nofollow noopener" target="_blank">https://github.com/pan-unit42/tweets/blob/master/2023-05-02-IOCs-for-obama259-Qakbot.txt</a>16 sanitized emails, associated malware samples, and a <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> of the Qakbot infection traffic with Dark Cat VNC are now available at <a href="https://malware-traffic-analysis.net/2023/05/02/index.html" rel="nofollow noopener" target="_blank">https://malware-traffic-analysis.net/2023/05/02/index.html</a>

Scientific FrontlineSoftware of the week. Nethor A free <a href="https://mastodon.social/tags/packet" class="mention hashtag" rel="nofollow noopener" target="_blank">#packet</a> <a href="https://mastodon.social/tags/analyzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#analyzer</a> and visualization tool for Windows that can capture and decode data packets, and also allows working with multiple open <a href="https://mastodon.social/tags/PCAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PCAP</a>/PCAPNG files, operated as one, from a modern UI. It visualizes packets on a timeline, displays nodes on a world map and it lets you arrange connections in a matrix. <a href="https://mastodon.social/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> <a href="https://mastodon.social/tags/sflorg" class="mention hashtag" rel="nofollow noopener" target="_blank">#sflorg</a> <a href="https://www.sflorg.com/p/software.html" rel="nofollow noopener" target="_blank">https://www.sflorg.com/p/software.html</a>

Scott Hall<a href="https://infosec.exchange/tags/introductions" class="mention hashtag" rel="nofollow noopener" target="_blank">#introductions</a> <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a>I'm Scott. I live in Louisville, Kentucky USA. My job is helping people deploy, manage, and use network detection and response tools. For the past 10 years I've been a part of the network security monitoring and network forensics community (design/engineering/management/support), and the 20+ years before that doing IT operations management and monitoring. I'm also a Papaw that enjoys sedentary Papaw hobbies like tabletop role-playing games, model railroads, and making the beep boops on synthesizers and sequencers. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/netsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#netsec</a> <a href="https://infosec.exchange/tags/zeek" class="mention hashtag" rel="nofollow noopener" target="_blank">#zeek</a> <a href="https://infosec.exchange/tags/suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#suricata</a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> <a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#forensics</a>

Recent searches

Search options

Administered by:

Server stats:

#pcap