packet cap to binary from sans (terminal23)

.: packet cap to binary from sans

A SANS Diarist (Daniel Wesemann) details going from a packet capture to binary recovery to malware investigation. I'm particularly keeping this for the packet cap to binary conversion. One of many ways to skin the cat (skin the cap?).

by michael 01.20.09 at 12:51 PM in /general

.: Comments (2)

.: SynJunkie writes:

great find!

This reminds me of a great presentation on Malware discovery by Tom Liston.

Links here if your interested.

http://www.chicagocon.com/images/stories/library/media_lab/2007/ChiCon07_Liston_FTBM-Live.ppt

and the audio

http://www.chicagocon.com/images/stories/library/media_lab/2007/ChiCon07_Liston_FTBM-Live.mp3

Regards

Lee

by SynJunkie 01.20.09 at 4:49 PM

.: Michael Dickey writes:

Awesome! I'm grabbing them now, thanks!

by Michael Dickey 01.21.09 at 4:27 PM

Post a comment

Name:

Email Address (not publicly posted):

URL:

Remember personal info?

Comments: (you may use HTML tags for style)

terminal23_

ghosts in the wire
or
rock out with your hack out

.: about
wiki
site
author
twitter

.: categories
/
/general
/terminal23
/tools
/web

.: news
astalavista
darkreading
infosecnews
linux exposed
net-security
net sec
rootprompt
rootsecure
searchsecurity
searchwin
security-database
wifinetnews
wirelessdefence
zone-h

.: blogs/personal
1-manitdept
adminspotting
adnan's blog
andrew hay
andy itguy
anti-virus rants
anton chuvakin
artofinfosec
arved
attack vector
b10[m|g]
beechplane
carnal0wnage
ccckc
cdc
cipherdyne
clearnetsec
cmd line kung fu
computerdefense
cqure
dan morrill
darknet
darkoperator
dave dittrich
david piscitello
/dev/null
didier stevens
digital voice
dino dai zovi
dominic white
douglas schweitzer
ed smiley
errata security
f-secure
geek00l
geekybits
gnucitizen
greebo
ha.ckers.org
i-hacked
hackreport
hackosis
headhacker
honeyblog
honeynets
hype-free
infonomicon
infosec potpourri
infosecplace
infosecramblings
innismir
internet storm center
the interw3bs
ismellpackets
jeremiah grossman
joatblog
joelonsoftware
kinqpinz
krebs on security
layer8
lazyadmin
lazy genius
lifehacker
locutus
matasano chargen
matthew neely
mcwresearch
metasploit | book
modsecurity
msrc
nate lawson
ncircle
nettwerked
network security
newschoolsecurity
notsosecure
offensivecomputing
ogenstad
operation n
osvdb
packetlife
pci answers
penetrationtests
philosecurity
portswigger
practicalexploitation
prosectesters
rarmknecht
rational survivability
ravichar
rebecca herold
riskanalysis
room362
rootkit
secmaniac
secure thoughts
securitythoughts
securiteam blog
securitybraindump
securitybuddha
security4all
securityhacks
securityincite
security mentor
security monkey
security-shell
securitywizardry
securosis
shmoo group
simple nomad
skullsecurity
social-engineer
spoofed.org
sysadmin1138
tao security
techbuddha
tom eston
topheavysecurity
tssci security
2blocksaway
unleash networks
un-excogitate
veracode
vulnerable minds
windowsir
wirelessve
write-quit

.: learn-general
another list (el)
corewars
cyberarmy
de-ice
ethicalhacker
forensics challenges
ha.ckers.org list
hackerslab
hackthissite
honeynet scans
malware quizzes
metasploitable
moth
overthewire
packet captures
pentest mindmap
python challenge
reversing lessons
smash the stack

.: learn-web apps
acunetix-asp (live)
acunetix-aspnet (live)
acunetix-php (live)
badstore
butterfly (php)
cenzic (live)
damn vulnerable linux
enigmagroup
gruyere
hacmebank
hacmebank updated
hacmecasino
hacmeshipping
hacmetravel
mutillidae
owasp insecureapp
owasp sitegenerator
owasp vicnum
owasp webgoat
pctechtips (live)
securibench
securibench-micro
spi dynamics (live)
watchfire (live)
webgoat
webmaven
x5s

.: vulns/exploits/tools
auscert
bugtraq
cert
cvedetails
eeye 0day tracker
itsecdb/oval
knowledgecave
mcafee
milw0rm
nvd
offsec exploits
osvdb
pentests videos
securiteam
securitytracker
secwatch
us cert
vigil@nce
vupen
websense
wiretapped

.: audio/podcasts
binary revolution
blue box voip
cyberspeak
eurotr@sh
exoticliability
getmon
hackermedia
hackerpublicradio
hacker voice
lets talk computers
hacker voice
netsecpodcast
off the hook
off the wall
OWASP
pauldotcom
risky-business
runyourownserver
SANS audiocasts
securabit
securityinfowatch
security justice
silver bullet security
social-engineer.org
southern fried sec
sploitcast

.: video
carnal0wnage
dojosec
darklevel
h4cky0u
hack tv
hak5
irongeek
isc2 webinars
learnsecurityonline
milw0rm videos
practicalexploitation
revision3
sans webinars
security-freak
securitytube
techcentric
the academy.ca
windows scripting

.: livecd
backtrack
katana
netsec toolkit (nst)
nubuntu
owasp
pentoo
samurai
securityonion
vipervast (voip)

.: zines
(in)secure
itaudit
phrack
securityjournal
uninformed
usenix

.: forums
antionline
catalyst community
daniweb
hacking-passion
hackinthebox
hak5
infosyssec
ism community
remote-exploit
securitycatalyst
taz forums
undergroundnews
waraxe

.: tools/apps
backtrack wiki
dirk loss
forensics - harbour
forensics toolkit
foundstone tools
mandiant tools
nirsoft
open source windows
owasp flash project
owasp phx tools
packetstorm
pcap apps
russix
securityfocus tools
securityforest
staticrez tools
top 15 hack tools
top 50 tools 2003
top 50 tools asta
top 100 tools 2006
top freeware apps
top portable apps
usb goodies on hak5
voip tacvoip tools
voip tools
web security tools
wikistc

.: resources
anon web browsing
anon web proxies
anon web proxies
ascii converters o o
auditmypc
base64 to binary
clez tools
csrc
data breaches
decode vigenere
default passwords o
dnsstuff o o
e-proxy
exploit search
firewall test
hashcrack
ip-to-country lookup
iso 17799 portal
jsunpack
linux security sheet
mac assignments
mailinator
mail relay test
md5 and sha1 lookup
nist standards
nmap-online
nmap tweaker
nocs list
nslookup
nsa standards
numbr
online net/file scan
owasp testing guide
packetfocus
password lists
penetration testing
ports list o o o
ports lookup
rainbow gen
rainbow online o
reverse ip tool
robtex dns tool
seclists
securitydistro
securityfriday
serversniff
shodan (search)
sql-i cheatsheet
ssl check o o
startup list
unix toolbox
vs-db (vulnerable sites)
wardriving
wigle
wireless corner
wireless gear o
wireless links
wordlist makers o
wordlists o o o o o
xss cheatsheet
xssed

.: dashboards
atlas
cyberdefender
dshield
f-secure
internet pulse
internet weather
mynightwatchman
phishing monitor
security-database
senderbase
shadowserver
talisker radar
threat level
world virus map

.: virus info
ca
f-secure
mcafee
messagelabs
symantec
trend
virus.org
viruslist

.: malware checkers
anubis (file/url)
google diags (url)
linkscanner (url)
nortonsafeweb (url rep)
onlinelinkscan (url)
siteadvisor (url)
stopbadware (url)
trustedsource (url rep)
virustotal (file)
wepawet (file/url)

.: papers/guides
giac papers
howto forge
infosecwriters
jay beale papers
nmap
open reverse engi
orkspace
secmanager papers
techtutorials

.: cons/training
blackhat | media
cccure
cissp training
defcon
guide to infosec certs
imiti
issa-ps
learnsecurityonline
metasploit unleased
nanog
offensive security
opst
sans
securitybriefings
schmoocon
sensepost
simulation exams
toorcon

.: archives
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
January 2006
August 2005
April 2005
March 2005
February 2005
December 2004
November 2004
October 2004
September 2004
August 2004