This blog will contain information about finding malcious activity on a computer network.I will discuss the tools used, network indicators, search strings, and various other topics that a network/malware hunter (or analyst) may used to locate malware or bad hosts.
The tools used will be open sourced and freely available to any person. I do this because I know not all teams have the money to spend on enterprise level hardware and software, and I want this information in as many hands as possible.
So what will be covered? For starters, network indicators such as: user-agent strings, host names, IP addresses, request methods, and various other anomalies that indicate malicious activity. How will I discuss finding them? Common tools will be used such as Wireshark and its display filters that can find specific anomalies; regex search strings that can search through many text based files and logs; and many other tools.
I hope you enjoy the site and find its resources useful.
Showing posts with label about. Show all posts
Showing posts with label about. Show all posts
Wednesday, December 24, 2014
Subscribe to:
Comments (Atom)