Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
We show how metadata encryption and decryption contributes to making Cobalt Strike an effective emulator that is difficult to defend against. The post Cobalt Strike Analysis and Tutorial: CS Metadata...
View Articledotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been...
The dotnetfile library extracts useful information from .NET PE files and can overcome common techniques malware authors use to break parsing. The post dotnetfile Open Source Python Library: Parsing...
View ArticleTor 101: How Tor Works and its Risks to the Enterprise
People use Tor for both benign and malicious reasons, but allowing Tor traffic on enterprise networks opens the door to security risks. The post Tor 101: How Tor Works and its Risks to the Enterprise...
View ArticleCobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
We present new techniques that leverage active probing and network fingerprint technology to help you detect Cobalt Strike’s Team Servers. The post Cobalt Strike Analysis and Tutorial: Identifying...
View ArticleUnit 42 Wireshark Quiz, January 2023
The January 2023 Wireshark quiz analyzes a pcap of network traffic from an Agent Tesla-style infection. The post Unit 42 Wireshark Quiz, January 2023 appeared first on Unit 42.
View ArticleAnswers to Unit 42 Wireshark Quiz, January 2023
The January 2023 Wireshark quiz analyzes a pcap of network traffic from an Agent Tesla-style infection. This post details the answers. The post Answers to Unit 42 Wireshark Quiz, January 2023 appeared...
View ArticleUnit 42 Wireshark Quiz, February 2023
February 2023's Wireshark quiz gives analysts the chance to write an incident report after reviewing real-world traffic from a live setting. The post Unit 42 Wireshark Quiz, February 2023 appeared...
View ArticleAnswers to Unit 42 Wireshark Quiz, February 2023
The answers post to February 2023's Wireshark quiz critiques a written incident report after reviewing real-world traffic from a live setting. The post Answers to Unit 42 Wireshark Quiz, February 2023...
View ArticleFinding Gozi: Unit 42 Wireshark Quiz, March 2023
The March installment of our popular Wireshark tutorial series focuses on Gozi malware and identifying its distinct traffic patterns. The post Finding Gozi: Unit 42 Wireshark Quiz, March 2023 appeared...
View ArticleFinding Gozi: Answers to Unit 42 Wireshark Quiz, March 2023
Our follow-up March Wireshark quiz details the Gozi variant traffic analysis. Review and then compare your answers. The post Finding Gozi: Answers to Unit 42 Wireshark Quiz, March 2023 appeared first...
View ArticleCold as Ice: Unit 42 Wireshark Quiz for IcedID
IcedID is a known vector for ransomware. Analyze infection traffic from this banking trojan in our latest Wireshark tutorial. The post Cold as Ice: Unit 42 Wireshark Quiz for IcedID appeared first on...
View ArticleCold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
This is the follow-up post to our Wireshark quiz on an IcedID infection. We provide the answers on the traffic, victim and more in this full pcap analysis. The post Cold as Ice: Answers to Unit 42...
View ArticleCrossing the Line: Unit 42 Wireshark Quiz for RedLine Stealer
RedLine stealer harvests credentials and other data from a Windows host. Part one of this Wireshark tutorial analyzes RedLine traffic to determine what data was stolen. The post Crossing the Line: Unit...
View ArticleThreat Vector Podcast
About Threat Vector Threat Vector is the Palo Alto Networks podcast hosted by David Moulton, Unit 42's Director of Thought Leadership. The podcast features in-depth discussions with industry leaders,...
View ArticleExploring the Latest Mispadu Stealer Variant
Evaluation of a new variant of Mispadu, a banking Trojan, highlights how infostealers evolve over time and can be hard to pin to past campaigns. The post Exploring the Latest Mispadu Stealer Variant...
View Article