mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,4 Tsd.
aktive Profile

#networktrafficanalysis

0 Beiträge0 Beteiligte0 Beiträge heute
Seth Grover<p>For anybody that missed my <span class="h-card" translate="no"><a href="https://infosec.exchange/@zeek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zeek</span></a></span> <a href="https://zeek.org/events/webinars/" rel="nofollow noopener" target="_blank">webinar</a> on how <a href="https://malcolm.fyi/" rel="nofollow noopener" target="_blank">Malcolm</a> uses Zeek file extraction to look for <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> in network traffic, <a href="https://www.youtube.com/watch?v=Bw__xplbx1o" rel="nofollow noopener" target="_blank">here's the recorded presentation</a>!</p><p><a href="https://infosec.exchange/tags/networktrafficanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrafficanalysis</span></a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zeek</span></a></p>
Seth Grover<p>Next Wednesday the 11th at 10am Pacific time I'll be doing a <span class="h-card" translate="no"><a href="https://infosec.exchange/@zeek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zeek</span></a></span> <a href="https://zeek.org/events/webinars/" rel="nofollow noopener" target="_blank">webinar</a> on how <a href="https://malcolm.fyi/" rel="nofollow noopener" target="_blank">#Malcolm</a> uses Zeek file extraction to look for <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> in network traffic.You can register for the webinar via Zoom <a href="https://us06web.zoom.us/webinar/register/WN_6CfZ3o3DRnuYE9o5G2sqwg#/registration" rel="nofollow noopener" target="_blank">here</a> or stream it on <a href="https://www.youtube.com/@Zeekurity/streams" rel="nofollow noopener" target="_blank">YouTube</a>. I hope to see you there!</p><p><a href="https://infosec.exchange/tags/networktrafficanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrafficanalysis</span></a> <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
MalwareLab<p>One example why to use strong <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> for users who use file sharing over <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> even when the file transfers are <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypted</span></a>. <br>If the SMB traffic is captured/eavesdropped, then the attacker can try to crack the user password. <br>The attacker is able to extract challenge/response values from the Session Setup and then use <a href="https://infosec.exchange/tags/passwordcracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordcracking</span></a> tools such as <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashcat</span></a></p><p>If the attack is successful, the attacker will gain not only the access to the user account, but it is also possible to decrypt the captured SMB file transfers. There is lack of perfect forward secrecy in this encryption. </p><p>For more details and practical examples, see this blog post:</p><p><a href="https://malwarelab.eu/posts/tryhackme-smb-decryption/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/tryhackme-</span><span class="invisible">smb-decryption/</span></a></p><p><a href="https://infosec.exchange/tags/networktrafficanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrafficanalysis</span></a> <a href="https://infosec.exchange/tags/networktraffic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktraffic</span></a> <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/netntlmv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netntlmv2</span></a> <a href="https://infosec.exchange/tags/netntlm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netntlm</span></a> <a href="https://infosec.exchange/tags/ntlm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ntlm</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/fileshare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fileshare</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/cracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cracking</span></a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offensivesecurity</span></a> <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offsec</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a></p>
MalwareLab<p>Recent <a href="https://infosec.exchange/tags/TryHackMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TryHackMe</span></a> room inspired me to publish blog about Decryption of <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> traffic</p><p>Summarized 3 methods of decryption in <a href="https://infosec.exchange/tags/Wireshark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wireshark</span></a>:<br>- with user password<br>- with NTLM hash<br>- without them, just by cracking the captured <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>network</span></a> traffic</p><p><a href="https://malwarelab.eu/posts/tryhackme-smb-decryption/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/tryhackme-</span><span class="invisible">smb-decryption/</span></a></p><p><a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://infosec.exchange/tags/networkanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networkanalysis</span></a> <a href="https://infosec.exchange/tags/networktrafficanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrafficanalysis</span></a> <a href="https://infosec.exchange/tags/networktraffic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktraffic</span></a> <a href="https://infosec.exchange/tags/samba" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>samba</span></a> <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a></p>
_Veronica_<p>If you ever used our <span class="h-card" translate="no"><a href="https://infosec.exchange/@stratosphere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stratosphere</span></a></span> malware datasets, we have good news! Under my direction, we will be actively working on improving all our datasets to make them better and more accessible to the community.</p><p>These datasets are unique in many ways and we look to make them even better. </p><p>If you have suggestions, ideas, would-be-nice comments, use cases, or any comments in general we would love to hear about it! </p><p>These datasets were initially created to aid machine learning researchers in developing new and better models to identify malicious behaviors in the network. When we started, there were few datasets out there with real malware network traffic that lasted longer than just a few minutes. </p><p><a href="https://mcfp.felk.cvut.cz/publicDatasets/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mcfp.felk.cvut.cz/publicDatase</span><span class="invisible">ts/</span></a></p><p><a href="https://infosec.exchange/tags/networksecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networksecurity</span></a> <a href="https://infosec.exchange/tags/malwaretraffic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwaretraffic</span></a> <a href="https://infosec.exchange/tags/machinelearning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>machinelearning</span></a> <a href="https://infosec.exchange/tags/datascience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datascience</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/maliciousbehaviors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>maliciousbehaviors</span></a> <a href="https://infosec.exchange/tags/datasets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datasets</span></a> <a href="https://infosec.exchange/tags/networktrafficanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrafficanalysis</span></a> <a href="https://infosec.exchange/tags/ml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ml</span></a> <a href="https://infosec.exchange/tags/anomalydetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anomalydetection</span></a></p>