Wednesday, December 24, 2014

Welcome to Network Raptor

This blog will contain information about finding malcious activity on a computer network.I will discuss the tools used, network indicators, search strings, and various other topics that a network/malware hunter (or analyst) may used to locate malware or bad hosts.

The tools used will be open sourced and freely available to any person. I do this because I know not all teams have the money to spend on enterprise level hardware and software, and I want this information in as many hands as possible.

So what will be covered? For starters, network indicators such as: user-agent strings, host names, IP addresses, request methods, and various other anomalies that indicate malicious activity. How will I discuss finding them? Common tools will be used such as Wireshark and its display filters that can find specific anomalies; regex search strings that can search through many text based files and logs; and many other tools.

I hope you enjoy the site and find its resources useful.

No comments:

Post a Comment

Please feel free to leave a comment that is relevant to the post.