Wednesday, December 24, 2014

Starting

I plan on adding as much content as I can from my past experiences, so it may take some time to get my old content posted. Any new information and research findings will take posting priority to older content. All I ask is for patience as I sort out the direction of this blog and how I want to organize my data. Please enjoy what I currently have posted, but check back frequently as I plan on updating this blog on a regular basis.

Welcome to Network Raptor

This blog will contain information about finding malcious activity on a computer network.I will discuss the tools used, network indicators, search strings, and various other topics that a network/malware hunter (or analyst) may used to locate malware or bad hosts.

The tools used will be open sourced and freely available to any person. I do this because I know not all teams have the money to spend on enterprise level hardware and software, and I want this information in as many hands as possible.

So what will be covered? For starters, network indicators such as: user-agent strings, host names, IP addresses, request methods, and various other anomalies that indicate malicious activity. How will I discuss finding them? Common tools will be used such as Wireshark and its display filters that can find specific anomalies; regex search strings that can search through many text based files and logs; and many other tools.

I hope you enjoy the site and find its resources useful.