This blog will contain information about finding malcious activity on a computer network.I will discuss the tools used, network indicators, search strings, and various other topics that a network/malware hunter (or analyst) may used to locate malware or bad hosts.
The tools used will be open sourced and freely available to any person. I do this because I know not all teams have the money to spend on enterprise level hardware and software, and I want this information in as many hands as possible.
So what will be covered? For starters, network indicators such as: user-agent strings, host names, IP addresses, request methods, and various other anomalies that indicate malicious activity. How will I discuss finding them? Common tools will be used such as Wireshark and its display filters that can find specific anomalies; regex search strings that can search through many text based files and logs; and many other tools.
I hope you enjoy the site and find its resources useful.