There are 6 repositories under network-forensics topic.
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.
Warning lists to inform users of MISP about potential false-positives or other information in indicators
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Hands-On Network Forensics by Nipun Jaswal
Some network covert channel projects of my own research, containing a protocol channel tool (protocol switching covert channel, PCT/PSCC), a protocol hopping covert channel (PHCC) tool, the protocol channel-aware active warden (PCAW) and ... VSTT.
Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)
Program for static analysis of pcap files and recreation of information sent
Designing and implementing a Packet-Based Intelligent Network phishing Intrusion Detection system. The idea of the design is to use machine learning to classify Network packets to benign and phishing in real-time flow (for both http/https protocol) based on DNS records and domain name features. It operates by using a pre-programmed list of known phishing threat features and their indicators of compromise (IOCs). As a signature based INPDS it will monitor the packets traversing the network, it compares these packets to the database of known IOCs or attack signatures to flag any suspicious behavior.
passive device fingerprinting api for network intrustion detection
Usable web interface to perform offline network analysis
The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.
Filter background traffic from capture files
🛰️ A sophisticated network mapper and analyser
Cybersecurity content (YouTube videos) | (1) Deep packet inspection analyses - why the typical approach is not enough | (2) Remcos RAT threat analysis on Windows including IEC 60870-5-104 traffic
Hunt sql commands in pcap.
Write-ups for CTF-like, CyberSec training platforms (BTLO, CyberDefenders) | Repository of forensic artifacts which are useful in real world and CTF investigations
Write-ups for CTF-like, CyberSec training platforms (BTLO, CyberDefenders, Hack The Box Sherlocks)
Contains beginner-level network forensics challenges from various CTFs.
NETWORK FORENSICS: 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc)
network security monitoring visibility , ELK, CTI, DFIR
tshark network forensics ubuntu windows