#PCAP

1 month ago

Capture File Forensics running on a MacBook Air

Capture File Forensics 4.3 has been released.

Uncover the security, performance, and configuration issues lurking in your capture files.

#NetworkAnalysis #pcap #networking #network #cyber #security #Wireshark

0 0 0 0

NETRESEC - Network Forensics and Network Security Monitoring

1 month ago

Screenshot of my blog post with the files and information from this infection.

Screenshot of the email with an attached RAR archive.

The malware, extracted from the attached RAR archive.

Traffic from the infection filtered in Wireshark.

2026-02-03 (Tuesday): #GuLoader for #AgentTesla style malware with FTP data exfiltration. A #pcap of the infection traffic, associated files, and a list of indicators are available at www.malware-traffic-analysis.net/2026/02/03/i...

4 2 0 0

@netresec.com.web.brid.gy

1 month ago

Decoding malware C2 with CyberChef This video tutorial demonstrates how malware C2 traffic can be decoded with CyberChef. The PCAP files with the analyzed network traffic can be downloaded from malware-traffic-analysis.net. CyberChef recipe to decode the reverse shell traffic to 103.27.157.146:4444: From_Hex('Auto') XOR({'option':'He[...]

0 0 0 0

@raulprietofdez.bsky.social

1 month ago

2026-01-19 (Monday): Catching up on two infections in my lab from last week, and I added an entry with a #pcap of scans and probes and web traffic hitting my web server. Feel free to check out my latest posts at www.malware-traffic-analysis.net/2026/index.h...

Or not. I'm not the boss of you.

5 1 1 0

Raúl Prieto Fernández

2 months ago

Cómo juntar y dividir ficheros pcap Nota: El procedimiento es válido tanto para GNULinux como para Windows.Un buen administrador de sistemas debe conocer el uso de la herramienta TCPDump y Wireshark si quiere conseguir averiguar cual es el problema que está causando el mal rendimiento de su red.Muchas veces, los administradores, hac...

🚀 Descubre cómo juntar y dividir ficheros pcap en segundos! Ideal para analistas de red y entusiastas. ¿Listo para optimizar tu flujo de trabajo? 🔧💡 #pcap #networkanalysis #techtips

1 0 0 0

2 months ago

Some of the scans, probes, and web traffic from the pcap filtered in Wireshark.

HTTP stream of the last HTTP request in the pcap showing a POST request that retrieves malicious content from a server at 91.92.241[.]10.

Using the wget command to retrieve one of the malicious files from the server at 91.92.241[.]10 on Sunday, 2026-01-11.

Example of a shell script downloaded from 91.92.241[.]10 on Sunday, 2026-01-11, likely for Mirai botnet malware.

2026-01-10 (Saturday): Ten days of scans, probes, and web traffic hitting my web server. A #pcap of the traffic is available at www.malware-traffic-analysis.net/2026/01/10/i...

3 0 0 0

2 months ago

Screenshot of the email, its attachment, and the VBS file within the attachment for VIP Recovery malware.

Traffic from the infection filtered in Wireshark.

TCP stream of the unencrypted SMTP traffic from one of the data exfiltration emails sent by my infected lab host.

Screenshot of the start of my blog post with information on this VIP Recovery infection.

2026-01-09 (Friday): #VIPRecovery infection from an email attachment. A #pcap of the infection traffic, associated files, and more information are available at www.malware-traffic-analysis.net/2026/01/09/i...

5 0 0 0

2 months ago

Fake CAPTCHA window and ClickFix script after visiting legitimate, but compromised website.

Traffic from the infection filtered in Wireshark (part 1 of 2).

Traffic from the infection filtered in Wireshark (part 2 of 2).

Screenshot from the start of the page for this blog post.

2026-01-08 (Thursday): Got a full infection from #KongTuke campaign #ClickFix activity today. Traffic from the infection in two #pcap files, the associated malware, artifacts, and further information is available at www.malware-traffic-analysis.net/2026/01/08/i...

3 0 0 0

2 months ago

One of the emails and its associated attachment for MassLogger malware.

Traffic from the infection filtered in Wireshark.

Example of a data exfiltration email sent from an infected host in my lab.

2026-01-07 (Wednesday): #MassLogger infection from email attachment. Copies of the emails, associated malware, indicators, and a #pcap of the infection traffic are available at www.malware-traffic-analysis.net/2026/01/07/i...

3 1 0 0

2 months ago

Example of a legitimate but compromised site showing the SmartApeSG fake CAPTCHA page.

HTTPS URLs from the infection run.

Traffic from an infection filtered in Wireshark.

Remcos RAT infection persistent on an infected Windows host.

2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT, with #Remcos #RAT C2 server at 192.144.56[.]80. A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at www.malware-traffic-analysis.net/2026/01/06/i...

6 2 0 0

@linux.activitypub.awakari.com.ap.brid.gy

2 months ago

A screenshot of my blog post for the Lumma Stealer infection

Traffic from the Lumma Stealer infection filtered in Wireshark.

2026-01-01 (Thursday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at www.malware-traffic-analysis.net/2026/01/01/i...

3 1 0 0

linux

2 months ago

PCredz review (extract data from pcap files) PCredz is a tool to extract sensitive data from pcap files like credit card numbers, session information, and authentication details.

#Data #extraction #pcap

Origin | Interest | Match

0 0 0 0

2 months ago

Screenshot of my blog post to share information on this Lumma Stealer infection with follow-up malware.

2025-12-30 (Tuesday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the associated #Lumma with follow-up #malware samples, and some IOCs are available at www.malware-traffic-analysis.net/2025/12/30/i...

7 3 0 0

2 months ago

Downloading the initial file, a DMG image.

Screenshot showing the malicious downloaded DMG image and the associated malicious Mach-O file within the installer.app content.

Traffic generated by the MacSync Stealer malware, filtered in Wireshark.

Example of the data exfiltrated through the MacSync Stealer C2 traffic.

2025-12-23 (Tuesday): Based on yesterday's Jamf article, I ran the fake installer for #MacSyncStealer in my lab on a macOS host. A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/i...

3 0 0 0

NetworkMiner 3.1 Released This NetworkMiner release brings improved extraction of artifacts like usernames, passwords and hostnames from network traffic. We have also made some updates to the user interface and continued our e...

3 months ago

Capture File Forensics running on a MacBook Air

Capture File Forensics 4.1 has been released.

Uncover the security, performance, and configuration issues lurking in your capture files.

#NetworkAnalysis #pcap #networking #network #cyber #security #Wireshark

1 0 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.com

3 months ago

NetworkMiner 3.1 Released!
🔑 More usernames, passwords and hostnames from #PCAP
💻 Improved user interface
👾 Better details from malware C2 traffic
netresec.com?b=25C4039

2 2 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.infosec.exchange.ap.brid.gy

3 months ago

@netresec

NetworkMiner 3.1 Released!
🔑 More usernames, passwords and hostnames extracted
:terminal: Better user interface
👾 More details from malware C2 traffic
https://netresec.com/?b=25C4039

0 0 0 0

@netresec.infosec.exchange.ap.brid.gy

3 months ago

Capture File Forensics version 4.0 running on a MacBook Air

Are Amplification Attacks, SYN Floods, Ping Sweeps, Port Scans, Duplicate IP Addresses, Segment Gaps, ARP Request Storms, Zero Windows ... lurking in your capture files?
Find out with Capture File Forensics version 4.0 apple.co/4onAVxD
#pcap #packetcapture #forensics #security #monitoring #Wireshark

1 0 0 0

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

3 months ago

castlerat | fa354cf29852573669bc468ea2dac0ea5e83a943315466c89dd8634b38cdb261 | Triage Check this castlerat report malware sample fa354cf29852573669bc468ea2dac0ea5e83a943315466c89dd8634b38cdb261, with a score of 10 out of 10.

The analyzed #PCAP file can be found here:
https://tria.ge/251028-3g9yps1ncr/behavioral1

0 0 1 0

@citadelcysec.bsky.social

3 months ago

Capture File Forensics 3.1 update announcement

Amplification Attacks, SYN Floods, Ping Sweeps, Port Scans, Duplicate IP Addresses, Segment Gaps, ARP Request Storms, Extraneous Data …

Are they lurking in your capture files? Find out with Capture File Forensics.
apple.co/4onAVxD

#pcap #packetcapture #forensics #security #monitoring #Wireshark

1 0 0 0

Citadel Cybersec

4 months ago

Network Forensics with NetworkMiner Investigating PCAP files in TryHackMe’s NetworkMiner Room: Tool Overview 2

I uncover data hidden in network traffic, from identifying device information to analyzing anomalous behaviors in my new write-up “Network Forensics with NetworkMiner”.

#CyberSecurity #NetworkForensics #DFIR #PCAP #NetworkMiner

0 0 0 0

SkillsHub.Life

@skillshuba.bsky.social

4 months ago

Learn how to move, act, and perform for video games!
Join Trine C. Jensen for MoCap & PCap 101, a 4-week course built to kickstart your game-acting career.

🗓 Nov 11, 18, 25 & Dec 2
🔗 Sign up at acting.skillshub.life

#SkillsHubLife #GameActing #MoCapTraining #PCap

0 0 0 0