An Introduction to Exploratory Data Analysis with Network Forensics
"Universal law is for lackeys; context is for kings." -Capt. Gabriel Lorca, Star Trek: Discovery Workflows are often not as clearly defined in reality as they »
"Universal law is for lackeys; context is for kings." -Capt. Gabriel Lorca, Star Trek: Discovery Workflows are often not as clearly defined in reality as they »
We assess with high confidence that the Winnti umbrella is associated with the Chinese state... »
Not long ago the thought of storing every DNS query, SSL certificate, HTTP transaction, and netflow record on a traditional enterprise network for an unlimited period »
The Satori Botnet, a successor of Mirai, has continuously infected vulnerable devices since its launch late last year. There has recently been a flurry of of »
This guide is available as a pdf here. Of all the common protocols a new analyst encounters, perhaps none is quite as impenetrable as Server Message »
In the recent post Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation, I discussed some areas to begin investigating a large »
Scanning a PCAP file with a large IDS ruleset can be beneficial for putting a name to suspicious or malicious activity. It can also be useful »
Recently, several seemingly suspicious emails were brought to the attention of 401TRG. While phishing campaigns are relatively common, this one had a few interesting features. I »