Back to all updates

almost 9 years ago

Petya got you down? Looking for more data from a Packet?

A few weeks ago, we showed how to use NetMon to look for EternalBlue and WannaCry in a LogRhythm Blog post.  You may also want to see the latest on Petrya/NotPetrya, including some ways to detect signatuers with NetMon.  

From a contest perspective, you may be most interested in an ongoing blog series showing how to look at individual bytes in a packet!  The first part in the series describes the raw DPA code you need to extract bytes out of a packet. Other parts in the series will appear over the next few weeks showing how to use DPA to derive extra detail out of ICMP (as a sample protocol).  Part 2 talks about generating Type and Code data for ICMP.  Part 3 shows how to trigger an alarm on a signature in the data part of a ICMP Echo Request (aka ICMP tunneling to create a reverse shell!).

Good luck with the contest entries and we'll see you at Black Hat if you are headed to Las Vegas!