Capital Area Cyber Security User Group Message Board › Virus Total now accepting pcaps

Virus Total now accepting pcaps

user 72686942
Washington, DC
Post #: 2

We have seen that many users send their PCAPs to VirusTotal, these PCAPs often contain HTTP flows whereby a trojan is downloaded, recording worm scanning sweeps, logging exploits being delivered to a honeymonkey, etc. We want to help those users submitting PCAPs to VirusTotal and improve their research, that is why we have introduced PCAP analysis, its features are:

  • Processes the files with popular intrusion detection systems (Snort and Suricata for the moment) and logs the rules that they trigger.
  • Extracts file metadata with Wireshark.
  • Lists DNS resolutions performed.
  • Lists HTTP communication.
  • Extracts files seen in the different network flows and links to the pertinent VirusTotal reports if the given file is of an interesting file type (portable executables, PDFs, flash, compressed bundles, etc.). If you are registered in VirusTotal Community and have signed in, these interesting files extracted from the network flow will be available for you to download as long as you are the first submitter of the PCAP (which when dealing with this type of files is the most common situation).

Powered by mvnForum

Our Sponsors

  • AboutWeb

    Capital Area Cyber Security User Group

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy