Skip to content

[McB]Defence

Digital Forensics | Incident Response | Reverse Engineering | Threat Hunting | [GREM] [GNFA] [GCFE] [GCFA]

  • Home
  • Twitter
  • GitHub

Category: DFIR

[BSH] Snort Test Environment

For anyone working with Snort, its invaluable to have an environment to develop and test rules. This allows you to tune rules to be as effective as possible and can also be used to aid investigations in incident response situations or for malware analysis. This latest blog is going to take you through how to … Continue reading [BSH] Snort Test Environment →

mcb2Eexe DFIR Leave a comment Jan 22, 2020Feb 15, 2021 6 Minutes

[BSH] PCAP Email Extractor

This is just a quick post to share a technique I use to extract emails from trigger PCAPs. This can be achieved using tools like Network Miner etc, but I prefer the command line approach as it scales better, its quicker and it can be built upon to add additional functionality as you go. The … Continue reading [BSH] PCAP Email Extractor →

mcb2Eexe DFIR Leave a comment Sep 27, 2019Feb 15, 2021 1 Minute

Follow me on Twitter

My Tweets

Blogs I Follow

  • Didier Stevens
  • 0ffset
  • Malware Phobia

Blog Stats

  • 13,732 hits
Blog at WordPress.com.
Didier Stevens

(blog 'DidierStevens)

0ffset

Malware Phobia

Malware analysis for beginners

Cancel

 
Loading Comments...
Comment
    ×