For anyone working with Snort, its invaluable to have an environment to develop and test rules. This allows you to tune rules to be as effective as possible and can also be used to aid investigations in incident response situations or for malware analysis. This latest blog is going to take you through how to … Continue reading [BSH] Snort Test Environment
Category: DFIR
[BSH] PCAP Email Extractor
This is just a quick post to share a technique I use to extract emails from trigger PCAPs. This can be achieved using tools like Network Miner etc, but I prefer the command line approach as it scales better, its quicker and it can be built upon to add additional functionality as you go. The … Continue reading [BSH] PCAP Email Extractor