Gh0stKCP Protocol Gh0stKCP是一种基于KCP的C2协议，用于PseudoManuscrypt和ValleyRAT等恶意软件。其握手阶段采用独立会话ID实现NAT穿透，并通过特定检测方法识别该协议。... 2025-9-24 09:40:0 | 阅读: 22 | 收藏 | NETRESEC Network Security Blog - www.netresec.com kcp gh0stkcp c2 handshake yy

Define Protocol from Traffic (XenoRAT) 文章介绍了一种通过提供协议示例来定义协议的方法，CapLoader可基于此实现无需IP和端口的协议识别（PIPI）。视频展示了如何识别XenoRAT C2协议，并提供了相关IOC信息。... 2025-8-21 12:50:0 | 阅读: 16 | 收藏 | NETRESEC Network Security Blog - www.netresec.com c2 caploader xenorat 24727 pipi

PureRAT = ResolverRAT = PureHVNC PureRAT是一种远程访问木马（Remote Access Trojan），允许攻击者远程控制他人的计算机。其功能包括查看屏幕、操控鼠标键盘、访问摄像头和麦克风、记录按键、上传下载文件以及代理网络流量。该恶意软件与ResolverRAT和PureHVNC属于同一家族。识别该恶意软件的特征包括特定的C2端口（如56001-56003）、TLS 1.0通信以及自签名证书等。... 2025-8-12 15:43:0 | 阅读: 15 | 收藏 | NETRESEC Network Security Blog - www.netresec.com purerat resolverrat attacker morphisec victim

PureLogs Forensics PureLogs恶意软件通过伪装成PDF文件传播，实际为加密的DLL文件。该DLL被注入到InstallUtil.exe进程并连接C2服务器。分析揭示了其行为模式及多个IOC指标。... 2025-7-2 11:52:0 | 阅读: 16 | 收藏 | NETRESEC Network Security Blog - www.netresec.com purelogs vastkupan daupinslenj wp installutil

CapLoader 2.0.1 Released CapLoader 2.0.1发布，修复了多个小错误，并新增了更好的协议识别和IP查找警报功能。该版本改进了内置端口无关协议检测，并修复了处理损坏PCAP文件和其他性能问题。... 2025-7-1 13:48:0 | 阅读: 20 | 收藏 | NETRESEC Network Security Blog - www.netresec.com dnsbl caploader tuesday resolves victim

Detecting PureLogs traffic with CapLoader CapLoader通过Port Independent Protocol Identification (PIPI)功能识别PureLogs恶意软件的C2协议，无需依赖端口号。该功能在2.0版本中添加，并使用来自malware-traffic-analysis.net的数据进行分析，提供了相关IOC指标。... 2025-6-9 14:26:0 | 阅读: 15 | 收藏 | NETRESEC Network Security Blog - www.netresec.com caploader purelogs analysis pipi monday

CapLoader 2.0 Released CapLoader 2.0发布, 新增QUIC解析器、威胁警报、自定义协议检测及更多恶意软件协议识别功能; 优化了用户界面响应速度和内存使用效率, 并支持VPN检测。... 2025-6-2 13:47:0 | 阅读: 13 | 收藏 | NETRESEC Network Security Blog - www.netresec.com caploader threatfox flows drag c2

Comparison of tools that extract files from PCAP 文章介绍了多种从PCAP文件中提取文件的工具，包括NetworkMiner、Wireshark和Zeek等，并比较了它们对HTTP、FTP、SMB等多种协议的支持情况。这些工具各有特点，支持范围有所不同。... 2025-5-5 16:5:0 | 阅读: 11 | 收藏 | NETRESEC Network Security Blog - www.netresec.com zeek network njrat imap

Decoding njRAT traffic with NetworkMiner 文章介绍了一种使用NetworkMiner工具分析njRAT恶意软件网络流量的方法，并展示了从流量中提取的关键证据和相关指标。... 2025-4-28 06:0:0 | 阅读: 11 | 收藏 | NETRESEC Network Security Blog - www.netresec.com njrat c2 network bladabindi

How to Install NetworkMiner in Linux 本文介绍了如何在Linux系统中安装和使用NetworkMiner进行网络流量分析。步骤包括安装Mono和GTK2、下载并解压NetworkMiner、运行程序以及通过PCAP-over-IP技术实时捕获和传输数据包。还提供了创建快捷方式的方法，并指出某些Linux发行版已预装该工具。... 2025-4-10 07:30:0 | 阅读: 20 | 收藏 | NETRESEC Network Security Blog - www.netresec.com mono download gtk2 57012

Online Network Forensics Training Erik Hjelmvik将于2025年5月12日至15日在线举办网络取证培训课程，分为四次4小时session，分析包含多种入侵案例的14GB PCAP数据集。费用为960欧元，限15人报名。... 2025-4-7 06:25:0 | 阅读: 6 | 收藏 | NETRESEC Network Security Blog - www.netresec.com network netresec attackers hjelmvik erik

NetworkMiner 3.0 Released NetworkMiner 3.0 introduces new protocols (QUIC, CIP, UMAS, Remcos RAT), improved passive OS fingerprinting, enhanced filtering, and UI adaptions for Linux. It extracts MSS values for VPN detection and adds JA3/JA4 fingerprinting for TLS analysis. The update also includes faster parsing for Professional users and OSINT enhancements.... 2025-4-4 10:53:0 | 阅读: 15 | 收藏 | NETRESEC Network Security Blog - www.netresec.com c2 remcos cip umas

How to set PCAP as default save file format in Wireshark 文章介绍了如何在Wireshark中将默认保存文件格式从pcapng改为pcap，并解释了pcapng包含更多敏感元数据的原因。同时提供了使用命令行工具生成无元数据 pcap 文件的方法，并指出用户需注意避免无意中泄露个人信息。... 2025-2-25 10:33:0 | 阅读: 13 | 收藏 | NETRESEC Network Security Blog - www.netresec.com pcapng mergecap dumpcap polls github

PolarProxy 1.0.1 Released PolarProxy 1.0.1新增JA4指纹支持、基于TLS错误代码的规则匹配、规则集热加载功能，并升级至.NET 8以提升性能和稳定性。... 2025-2-7 10:10:0 | 阅读: 9 | 收藏 | NETRESEC Network Security Blog - www.netresec.com polarproxy ja4 ruleset errorcode

Blocking Malicious sites with a TLS Firewall ,  Monday, 27 January 2025 10:45:00 (UTC/GMT)... 2025-1-27 10:45:0 | 阅读: 4 | 收藏 | NETRESEC Network Security Blog - www.netresec.com polarproxy proxy malicious ruleset windows

VoIP tab in NetworkMiner Professional Erik Hjelmvik ,  Friday, 04 October 2024 06:... 2024-10-4 14:20:0 | 阅读: 5 | 收藏 | NETRESEC Network Security Blog - www.netresec.com voip friday hjelmvik erik

Browsers tab in NetworkMiner Professional ,  Thursday, 03 October 2024 09:10:00 (UTC/... 2024-10-3 17:10:0 | 阅读: 4 | 收藏 | NETRESEC Network Security Blog - www.netresec.com 150312 pwned thursday hints

Files tab in NetworkMiner Professional Erik Hjelmvik ,  Wednesday, 02 October 2024... 2024-10-2 15:10:0 | 阅读: 3 | 收藏 | NETRESEC Network Security Blog - www.netresec.com hjelmvik erik wednesday netresec

Hosts tab in NetworkMiner Professional ,  Tuesday, 01 October 2024 08:25:00 (UTC/G... 2024-10-1 16:25:0 | 阅读: 4 | 收藏 | NETRESEC Network Security Blog - www.netresec.com tuesday hints hjelmvik cidr

Opening capture files with NetworkMiner Professional ,  Monday, 30 September 2024 12:50:00 (UTC/... 2024-9-30 20:50:0 | 阅读: 5 | 收藏 | NETRESEC Network Security Blog - www.netresec.com monday github 249b790 pcapng