Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2021-08-19 16:19:41 +00:00 committed by gitbook-bot
parent 9321cf798c
commit ce692f50b0
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
forensics/basic-forensic-methodology/malware-analysis.md
View file

@ -70,7 +70,7 @@ IOC means Indicator Of Compromise. An IOC is a set of **conditions that identifi
To share these definitions is very useful as when a malware is identified in a computer and an IOC for that malware is created, other Blue Teams can use it to identify the malware faster.
A tool to create or modify IOCs is ****[**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**
You can use tools such as ****[**Redline**](https://www.fireeye.com/services/freeware/redline.html) ****to search for IOCs in a device.
You can use tools such as ****[**Redline**](https://www.fireeye.com/services/freeware/redline.html) ****to **search for defined IOCs in a device**.
### rkhunter

8
forensics/basic-forensic-methodology/pcap-inspection/README.md
View file

@ -26,7 +26,7 @@ You can find some Wireshark trick in:
### Xplico Framework
Xplico can **analyze** a **pcap** and extract information from it. For example, from a pcap file Xplico extracts each email \(POP, IMAP, and SMTP protocols\), all HTTP contents, each VoIP call \(SIP\), FTP, TFTP, and so on.
\*\*\*\*[**Xplico** ](https://github.com/xplico/xplico)_\(only linux\)_ ****can **analyze** a **pcap** and extract information from it. For example, from a pcap file Xplico extracts each email \(POP, IMAP, and SMTP protocols\), all HTTP contents, each VoIP call \(SIP\), FTP, TFTP, and so on.
#### Install
@ -50,12 +50,12 @@ Then create a **new case**, create a **new session** inside the case and **uploa
### NetworkMiner
Like Xplico it is a tool to **analyze and extract objects from pcaps**. It has a free edition that you can **download** [**here**](https://www.netresec.com/?page=NetworkMiner).
Like Xplico it is a tool to **analyze and extract objects from pcaps**. It has a free edition that you can **download** [**here**](https://www.netresec.com/?page=NetworkMiner). It works with **Windows**.
This tool is also useful to get **other information analysed** from the packets in order to be able to know what was happening there in a **quick** way.
### NetWitness Investigator
You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware).
You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **\(It works in Windows\)**.
This is another useful tool that **analyse the packets** and sort the information in a useful way to **know what is happening inside**.
![](../../../.gitbook/assets/image%20%28570%29.png)
@ -79,7 +79,7 @@ capinfos capture.pcap
If you are **looking** for **something** inside the pcap you can use **ngrep**. And example using the main filters:
```text
```bash
ngrep -I packets.pcap "^GET" "port 80 and tcp and host 192.168 and dst host 192.168 and src host 192.168"
```