Date Author Title

ZEEK PCAP JSON JQ

2023-03-28Jesse La GrewNetwork Data Collector Placement Makes a Difference

ZEEK

2025-02-13/a>Guy BruneauDShield SIEM Docker Updates
2024-11-26/a>Jesse La Grew[Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware
2023-03-28/a>Jesse La GrewNetwork Data Collector Placement Makes a Difference
2023-02-12/a>Jesse La GrewPCAP Data Analysis with Zeek
2022-02-03/a>Johannes UllrichKeeping Track of Your Attack Surface for Cheap
2021-04-10/a>Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK

PCAP

2025-01-30/a>Guy BruneauPCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
2024-12-26/a>Jesse La GrewCapturing Honeypot Data Beyond the Logs
2023-03-28/a>Jesse La GrewNetwork Data Collector Placement Makes a Difference
2023-02-12/a>Jesse La GrewPCAP Data Analysis with Zeek
2023-01-02/a>Xavier MertensNetworkMiner 2.8 Released
2022-11-14/a>Jesse La GrewExtracting 'HTTP CONNECT' Requests with Python
2022-11-02/a>Brad DuncanWho put the "Dark" in DarkVNC?
2021-12-22/a>Brad DuncanDecember 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>Brad DuncanDecember 2021 Forensic Challenge
2021-11-04/a>Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-10-22/a>Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-17/a>Daniel Wesemann Network Forensics on Azure VMs (Part #1)
2021-05-23/a>Didier StevensVideo: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-19/a>Brad DuncanMay 2021 Forensic Contest: Answers and Analysis
2021-05-05/a>Brad DuncanMay 2021 Forensic Contest
2021-04-18/a>Didier StevensDecoding Cobalt Strike Traffic
2021-04-12/a>Didier StevensExample of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-01/a>Brad DuncanApril 2021 Forensic Quiz
2021-03-07/a>Didier StevensPCAPs and Beacons
2021-01-30/a>Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-05/a>Johannes UllrichNetfox Detective: An Alternative Open-Source Packet Analysis Tool
2020-12-03/a>Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-11/a>Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-09-15/a>Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-08-05/a>Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-08/a>Brad DuncanGerman malspam pushes ZLoader malware
2020-04-01/a>Brad DuncanQakbot malspam sent from an infected Windows host
2020-01-05/a>Didier Stevensetl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-24/a>Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-03/a>Brad DuncanUrsnif infection with Dridex
2019-11-27/a>Brad DuncanFinding an Agent Tesla malware sample
2019-10-29/a>Xavier MertensGenerating PCAP Files from YAML
2019-10-09/a>Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-10-03/a>Jim ClausingBuffer overflows found in libpcap and tcpdump
2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-03-18/a>Didier StevensWireshark 3.0.0 and Npcap: Some Remarks
2019-03-11/a>Didier StevensWireshark 3.0.0 and Npcap
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-08-15/a>Xavier MertensTruncating Payloads and Anonymizing PCAP files
2018-06-06/a>Xavier MertensConverting PCAP Web Traffic to Apache Log
2018-01-18/a>Xavier MertensComment your Packet Captures!
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-05-26/a>Lorna HutchesonFile2pcap - A new tool for your toolkit!
2017-01-28/a>Lorna HutchesonPacket Analysis - Where do you start?
2014-06-04/a>Richard Porterp0f, Got Packets?
2013-12-01/a>Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-06-05/a>Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2011-10-23/a>Guy Bruneautcpdump and IPv6
2010-07-04/a>Manuel Humberto Santander PelaezNew Winpcap Version
2010-03-27/a>Guy BruneauCreate a Summary of IP Addresses from PCAP Files using Unix Tools
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-08-13/a>Jim ClausingTools for extracting files from pcaps
2009-06-28/a>Guy BruneauIP Address Range Search with libpcap

JSON

2024-06-15/a>Didier StevensOverview of My Tools That Handle JSON Data
2024-06-13/a>Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-04-17/a>Rob VandenBrinkThe CVE's They are A-Changing!
2024-02-15/a>Jesse La Grew[Guest Diary] Learning by doing: Iterative adventures in troubleshooting
2023-04-05/a>Jesse La GrewExploration of DShield Cowrie Data with jq
2023-03-29/a>Didier StevensExtracting Multiple Streams From OLE Files
2023-03-28/a>Jesse La GrewNetwork Data Collector Placement Makes a Difference
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-12-28/a>Rob VandenBrinkPlaying with Powershell and JSON (and Amazon and Firewalls)
2022-08-08/a>Johannes UllrichJSON All the Logs!
2022-04-03/a>Didier Stevensjo
2022-04-02/a>Didier Stevenscurl 7.82.0 Adds --json Option
2021-12-10/a>Xavier MertensPython Shellcode Injection From JSON Data
2021-08-29/a>Guy BruneauFilter JSON Data by Value with Linux jq
2020-11-22/a>Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2018-07-15/a>Didier StevensVideo: Retrieving and processing JSON data (BTC example)
2018-07-14/a>Didier StevensRetrieving and processing JSON data (BTC example)
2017-11-13/a>Guy Bruneaujsonrpc Scanning for root account

JQ

2024-06-13/a>Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-05-16/a>Rob VandenBrinkWhy yq? Adventures in XML
2024-01-17/a>Jesse La GrewNumber Usage in Passwords
2023-11-09/a>Guy BruneauRouters Targeted for Gafgyt Botnet [Guest Diary]
2023-07-24/a>Rob VandenBrinkJQ: Another Tool We Thought We Knew
2023-04-05/a>Jesse La GrewExploration of DShield Cowrie Data with jq
2023-03-28/a>Jesse La GrewNetwork Data Collector Placement Makes a Difference
2022-05-23/a>Johannes UllrichAttacker Scanning for jQuery-File-Upload
2022-01-08/a>Didier StevensTShark & jq
2021-08-29/a>Guy BruneauFilter JSON Data by Value with Linux jq