Category: Tools
-
Hunting Lazy OPSEC: Spotting Default C2 Certificates with DuckDB and Zeek
Threat actors love to reuse tools, and sometimes, they get lazy. Case in point: AsyncRAT and its notorious fork, DcRAT. These remote access trojans often ship with default, self-signed certificates. If the…
-
Beyond the Grep: Hunting Malware with Zeek and DuckDB SQL
Hunting through raw Zeek logs just got a massive upgrade. If you’ve spent years in the SOC, you’ve likely built up a library of complex awk chains and grep commands to parse…
-
Fix NoMachine’s CAPS LOCK Reversal Bug
I was recently trying to connect to a remote NoMachine host, and the sense of caps lock was reversed compared to my local machine. This happens if your caps was on when…
-
Manually Download MacOS Sequoia
Apple’s macOS updates are typically seamless through the App Store, but sometimes, a bug can throw a wrench in the process. I recently encountered this firsthand when updating one of my Macs…
-
Detect STRRAT Malware With Zeek And Suricata
Join me in learning how to detect the STRRAT malware family with Zeek and Suricata. Corelight Blog: https://corelight.com/blog/newsroom/news/strrat-malware Source Code: https://github.com/corelight/zeek-strrat-detector 00:00:10:18 – 00:00:37:17Dr. Keith JonesHey, welcome. We’re going to talk about…
-
Detecting AsyncRAT Malware C2 With Zeek And Suricata
Please join the “Old Grizzled FBI Agent” to hear how you can detect the AsyncRAT malware family with Suricata and Zeek! Corelight blog: https://corelight.com/blog/newsroom/news/hunt-of-the-month-detecting-async-rat-malware Zeek: https://zeek.org/ Source code: https://github.com/corelight/zeek-asyncrat-detector Transcript: 00:00:00:10 –…
-
Zeek Log Format Cheat Sheet
Sometimes you want to quickly know the format of a Zeek log file. Check out this web page that links to all the native Zeek log record definitions: https://docs.zeek.org/en/master/script-reference/log-files.html Clicking on “Conn:Info”…
-
Detecting Amadey Malware With Zeek – Zeek Roulette #2
For my Zeek Roulette #2 I picked a recently submitted sample off of ANY.Run that ended up being Amadey: https://app.any.run/tasks/31ba58da-30d1-4a08-940d-2412fc629221/ You can download the PCAP from the link above if you navigate…
-
How To Make Your Voice Sound Sexy Using A USB Microphone On A MacBook
This method will let you make your voice sound sexy through any application like Zoom, Microsoft Teams, StreamYard, etc. After installing OBS, you will need to install the donationware Virtual Audio Cable…
-
Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1
Welcome to the first edition of Zeek Roulette, where I pick a random Zeek topic and try to solve it! For this article I picked njRAT malware from Any.Run and tried to…