Hunting pack use case: RedLeaves malware
May 3, 2017
On April 27, 2017 The United States Computer Emergency Readiness Team (US-CERT) released an alert...
Dissecting PunyCode - Not All Characters Are Created Equal
May 3, 2017
PunyCode is a special encoding used to convert Unicode characters to ASCII, which is a smaller,...
How to prevent stopping capture on a default settings Log Decoder due to less metadb size
April 26, 2017
By default, Log Decoder metadb size and rollover threshold are 44 GB and 95%. This means that...
Post Exploitation - Sniff the Target's Encrypted Traffic in Clear-Text
April 25, 2017
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to...
RSA Navigator Video
April 25, 2017
(view in My Videos) With the Navigator tool, you can take control of your learning and power...
Lua Parser for Punycode/IDN Homograph Attack
April 24, 2017
Sean Lim has done awesome work to write a lua parser to detect potential IDN/Homograph attacks and...
Script - Sinkhole communication feed
April 17, 2017
This script grabs the sinkhole_*.txt files from the Maltrail GitHub page and creates a single csv...
UPDATE: RSA Charge 2017 'Call for Speakers' Webinar Replay Now Available
April 17, 2017
Believe it or not, the RSA Charge 2017 event is only six months away, Oct. 17-19 in Dallas at...
Log your Bash history ?
April 12, 2017
Based on some recent events related to Equation Group, logging commandline history became a more...
Detecting Emissary variants using RSA NetWitness
April 12, 2017
Lotus Blossom is an adversary group that targets military and government organizations in Southeast...