follow.it gives you an easy way to subscribe to NETRESEC Network Security Blog's news feed! Click on Follow below and we deliver the updates you want via email, phone or you can read them here on the website on your own news page.
You can also unsubscribe anytime painlessly. You can even combine feeds from NETRESEC Network Security Blog with other site's feeds!
Title: NETRESEC - Network Forensics and Network Security Monitoring
Is this your feed? Claim it!
There is a wonderful little web-based alert and event front-end called EveBox, which renders Eve JSON formatted data to a web UI. This blog post demonstrates how EveBox can be used to show alert and flow information that FlowCarp has extracted from a Remcos malware infection.
Remcos RAT
The starting point of my analysis will be a PCAP file with net...
I am thrilled to announce the release of a brand new tool called FlowCarp!
FlowCarp is a simple command line tool that performs a very complicated task. It identifies the application layer protocol in network traffic without relying on port numbers, static signatures or code that tries...
njRAT is a remote access trojan that has been around for more than 10 years and still remains one of the most popular RATs among criminal threat actors. This blog post demonstrates how NetworkMiner Professional can be used to decode the njRAT C2 traffic to extract art...
This video tutorial demonstrates how malware C2 traffic can be decoded with CyberChef.
The PCAP files with the analyzed network traffic can be downloaded from