packet capture Archives - Jean-Christoph von Oertzen

Webinar takeaway – The Ins and Outs of RITA

jean-christoph — Tue, 15 Mar 2022 19:21:55 +0000

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h […]

The post Webinar takeaway – The Ins and Outs of RITA appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – BPF – Picking Packets

jean-christoph — Wed, 05 Jan 2022 20:07:43 +0000

My key takeaways one lib to capture all pakets for all OS BPF is to filter packages better SNR for packet filtering BPF filter effect only the programm you call it with no change to the package itself Process: human creats filter single quotes at the end of the line invoking the prg like tcpdump […]

The post Webinar takeaway – BPF – Picking Packets appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

jean-christoph — Wed, 07 Jul 2021 19:22:53 +0000

My key takeaways Zeek does not capture whole packets but saves summaries of all conversations it sees to log files saves time and space "You wouldn’t normally use Zeek for packet capture, instead you use it for analysis." – Bill Stearn Sending a lot more data then recieving might indicate malicious traffic use NetworkMiner to […]

The post Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security appeared first on Jean-Christoph von Oertzen.