Navigation

  • Blog
  • About Us
  • Contact Us
  • Tag list

    Subscribe

    Get the latest posts delivered right to your inbox.

    or subscribe via RSS with Feedly!

    ProtectWise 401TRG
    • Blog
    • About Us
    • Contact Us
    Menu
    knowledge

    An Introduction to Exploratory Data Analysis with Network Forensics

    "Universal law is for lackeys; context is for kings." -Capt. Gabriel Lorca, Star Trek: Discovery Workflows are often not as clearly defined in reality as they »

    Jeff van Geete 26 February 2019
    analysis, winnti, LEAD, BARIUM

    Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers

    We assess with high confidence that the Winnti umbrella is associated with the Chinese state... »

    Tom "Hollywood" Hegel 03 May 2018
    research

    Building a Data Lake for Threat Research

    Not long ago the thought of storing every DNS query, SSL certificate, HTTP transaction, and netflow record on a traditional enterprise network for an unlimited period »

    James "Ace" Condon 02 April 2018
    analysis

    Analysis of Active Satori Botnet Infections

    The Satori Botnet, a successor of Mirai, has continuously infected vulnerable devices since its launch late last year. There has recently been a flurry of of »

    Tom "Hollywood" Hegel 22 February 2018
    knowledge

    An Introduction to SMB for Network Security Analysts

    This guide is available as a pdf here. Of all the common protocols a new analyst encounters, perhaps none is quite as impenetrable as Server Message »

    Nate "Doomsday" Marx 20 December 2017
    knowledge

    Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains

    In the recent post Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation, I discussed some areas to begin investigating a large »

    James "Ace" Condon 28 November 2017
    knowledge, detection

    Using Emerging Threats Suricata Ruleset to Scan PCAP

    Scanning a PCAP file with a large IDS ruleset can be beneficial for putting a name to suspicious or malicious activity. It can also be useful »

    Michael "Yoda" Logoyda 14 November 2017
    analysis, phishing

    Exposing a Phishing Kit

    Recently, several seemingly suspicious emails were brought to the attention of 401TRG. While phishing campaigns are relatively common, this one had a few interesting features. I »

    Nate "Doomsday" Marx 01 November 2017
    1 2
    • Previous
    • Next

    Featured Posts

    • Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
      May 03 2018
    • Building a Data Lake for Threat Research
      April 02 2018
    • An Introduction to SMB for Network Security Analysts
      December 20 2017

    Tags

    • analysis
    • BARIUM
    • detection
    • knowledge
    • LEAD
    • phishing
    • research
    • suricata
    • turla
    • winnti

    Subscribe

    Get the latest posts delivered to your inbox.

    or subscribe via RSS

    ProtectWise © 2019