Scapy: pcap 2 dns

So the second piece of code in my series on the python & Scapy lovefest is another simple bit of code that looks through a pcap file and pulls out some DNS information. The initial thought behind this was making it easy to look for DNS domains that might be “dodgy”, i.e. has lots of […]

Scapy: pcap 2 geoip

So I’ve been a bit “relaxed” lately with blog posts, simply because I’ve not had anything to say or share. To be honest the last couple of months my training has gone a bit all over the place and I’ve not really focused on much other than some changes to sniffmypackets. What I have been […]

Python: Kippo 2 Cuckoo

So I’m a bit late with this blog post as I wrote the code a couple of weeks ago, but as they say “better late than never”. A couple of weeks ago on Twitter @stevelord raised a question about the existence of some code that would allow you to take the files that evil hackers […]

Scapy – pcap IP rewrite

Hello reader(s), this is just a quick post to share some new code I wrote tonight, you might find it useful or you might not. So I’ve been trying to think of some new transforms to write for sniffMyPackets and thought it would be cool to take a TCP stream and rewrite the source and […]

Code: Junk Email Downloader

So a while back someone on Twitter (sorry can’t remember who..) mentioned that when looking for sources of Malware to analyse you shouldn’t overlook your junk/spam emails. What a good idea I thought, lets write some code to do that for me. I’ve quickly thrown together my “Junk Email Downloader” python script which can be […]

Code: PDF hunter

So of late I’ve been playing around a lot with Scapy and pcap files, mostly for my sniffMyPackets project but also because it teaches me more about network forensics and python. The other area I’m starting to learn about is Malware Analysis and I’ve been spending some time looking at the Honeynet Project challenges. One […]

sniffMyPackets: Finding Tor

I don’t normally do short random posts but I figure once in a while won’t hurt. So I’ve been busy working on new transforms for my Maltego pcap analysis package and things are moving along nicely. Part of my process is making notes on things I think would be cool to see and then working […]