erspan(4) committed to -current https://www.undeadly.org/cgi?action=article;sid=20250515044548 #openbsd #erspan #pcap #networking #packetcapture #security #monitoring #development #newfeature #opensource #freesoftware #libresoftware

2025-05-06 (Tuesday): #RaspberryRobin activity - file hashes, malware samples, #WebDAV server info, and a #pcap of the infection traffic available at https://www.malware-traffic-analysis.net/2025/05/06/index.html

erspan(4): ERSPAN Type II collection https://www.undeadly.org/cgi?action=article;sid=20250512100219 #openbsd #erspan #networking #span #tunneling #pcap #packetcapture #security #monitoring

PCAPdroid.
#PCAPdroid is a privacy-friendly open source app which lets you track, #analyze and block the connections made by the other apps in your device. It also allows you to export a #PCAP #dump of the #traffic, inspect HTTP, decrypt TLS traffic and much more!

PCAPdroid simulates a VPN in order to capture the network traffic without root. It does not use a remote VPN server, instead data is processed locally on the device.
https://github.com/emanuele-f/PCAPdroid
https://f-droid.org/packages/com.emanuelef.remote_capture
#android

bpflogd(8) imported into -current https://www.undeadly.org/cgi?action=article;sid=20250507113848 #openbsd #bpflogd #networking #bpf #pcap #packetcapture #packetlogging #devops #development #current #freesoftware #libresoftware

История одного тестового задания в HFT-компанию под NDA

В один прекрасный день мне написал рекрутер с крайне заманчивым предложением. Я на тот момент как раз находился в поиске новой работы, поэтому предложение принял. Опустим стандартный звонок с этим рекрутером, с HR'ом компании и онлайн-тестовое и перейдём к более интересному - тестовому заданию. Сразу скажу, что тестовое не оплачивалось, и я взялся за него по нескольким причинам. Во-первых, оно мне и вправду понравилось, во-вторых, кодовую базу я планировал использовать в своём с корешами pet-проекте по финансам, в-третьих, не оставлял надежд пройти отбор до конца и получить желаемый offer. Спойлер - игра стоила свеч, поэтому прошу к прочтению.

https://habr.com/ru/articles/907566/

Comparison of tools that extract files from #PCAP
Chaosreader
NetworkMiner
Suricata
tcpflow
Wireshark
Zeek
https://netresec.com/?b=255329f

#dnscap v2.3.1 released!
- fix 64bit time structures on 32bit platforms
- require libpcap with `DLT_LINUX_SLL2` support
^JL
#DNS #Capture #PCAP #OpenSource
https://github.com/DNS-OARC/dnscap/releases/tag/v2.3.1

#dnscap v2.3.0 released!
- New output format `tcpdns`
- New plugin `asudp`
- Added support for DLT_LINUX_SLL2
and fixes...
^JL
#DNS #Capture #PCAP #OpenSource
https://github.com/DNS-OARC/dnscap/releases/tag/v2.3.0

Full write-up for ToolPie this year's forensics challenge from Hack The Box Cyber Apocalypse CTF - Tales From Eldoria.

PCAP (network capture) analysis
Python bytecode, marshalling, decompiling

https://blog.cyberethical.me/htb-ctf-2025-forensics-toolpie

2025-03-26 (Wednesday): #SmartApeSG traffic for a fake browser update page leads to a #NetSupport #RAT infection. A zip archive for #StealC sent over the #NetSupportRAT C2 traffic.

The #StealC infection uses DLL side-loading by a legitimate EXE to #sideload the malicious DLL.

A #pcap from an infection, the associated #malware samples, and #IOCs are available at at https://www.malware-traffic-analysis.net/2025/03/26/index.html

Just completed PCAP (Python) and CCNA (Cisco) at EsCOM! A game-changing experience in programming and networking—key pillars in cybersecurity. Huge thanks for this opportunity and all the learning! Ready for what’s next!

#DHS #CISA is big on the building community aspect of #Malcolm right now, so as part of that we'll be having our first "Malcolm Office Hours" this Thursday. The plan is to have this monthly, every third Thursday, at 12pm Eastern time for 30 minutes. Details for the office hours can be found here. We'll be figuring out what works with this as we go and adjusting the format as needed. We hope to see any of you who might be interested there!

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

Spy-Free FuriOS https://furilabs.com/spy-free-furios/

FuriOS Doesn’t Spy on You - Unlike the Others. Read more.

Social media post I wrote about #RemcosRAT for my employer at https://www.linkedin.com/posts/unit42_remcos-rat-keylogger-activity-7304958245322768385-tu-a/ and https://x.com/malware_traffic/status/1899207006939947440

2025-03-10 (Monday): #Remcos #RAT activity. Email distribution used a zip archive attachment with a .7z file extension. During a test infection, we saw indicators of a #Keylogger and a Hacking tool to view browser passwords.

More info at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-10-IOCs-for-Remcos-RAT-activity.txt

A #pcap of the infection traffic and the associated #malware files are available at https://malware-traffic-analysis.net/2025/03/10/index.html