Month: March 2023

what is arkime (moloch)?

Arkime, formerly known as Moloch, is a powerful tool for full packet capture and analysis. It offers a wide range of features that make it a must-have tool for network security professionals. Some of the main features of Arkime include:

  1. Packet capture: Arkime can capture all network traffic passing through a particular network interface, allowing security analysts to analyze the traffic and identify potential threats.
  2. Indexing and search: Arkime uses Elasticsearch to store and index captured packets, which makes it easy for analysts to search for specific packets or packets containing specific patterns or keywords.
  3. Web-based user interface: Arkime includes a powerful web-based user interface that allows analysts to search and analyze captured traffic, as well as visualize network traffic data in real-time. The user interface is highly customizable, and analysts can create custom dashboards and visualizations to meet their specific needs.
  4. Advanced analysis capabilities: Arkime can perform advanced network traffic analysis, including protocol decoding, session reassembly, and file carving. This makes it possible for analysts to detect and investigate a wide range of security threats, including malware, phishing attacks, and data exfiltration.
  5. Support for multiple file formats: Arkime can capture and analyze a wide range of network protocols, including TCP, UDP, HTTP, and SSL. It also supports a variety of file formats, including PCAP, JSON, and ASCII.
  6. Scalability: Arkime is designed to be highly scalable, and it can be deployed in large-scale environments. It can handle large amounts of network traffic data, making it suitable for use in high-bandwidth environments.

Overall, Arkime is a comprehensive tool that offers a wide range of features for full packet capture and analysis. Its advanced analysis capabilities, support for multiple file formats, and scalability make it a must-have tool for any organization that needs to monitor and secure its network.

What is Kali Linux Purple?

Kali Linux 2023.1 is a popular Linux distribution that is used by security professionals and hackers alike to test the security of computer systems and networks. It comes with advanced penetration testing tools and techniques that can help users identify vulnerabilities in their systems.

The new Kali Linux 2023.1 release features a new flavor of the distribution called Kali Linux Purple. This new flavor is focused on purple teaming and defense, rather than just red teaming or offensive security. The Kali Linux Purple distribution aims to provide a security operations center (SOC) all in one great machine.

Kali Linux Purple comes with over a hundred new defensive tools, including Archive for Full Packet Capture, Cyber Chef, Elastic, The Hive, GVM, Malcolm, Suricata, and Zeek. It also includes Cali Autopilot, a tool for automating attacks, and Cali Purple Hub, a platform for the community to share practice packet captures.

To download Kali Linux Purple, you need to create a virtual machine manually from the ISO file which is available for download from the Kali Linux website. The ISO file is about 3.5 GB in size.

The new Kali Linux 2023.1 release features an updated kernel version 6.1.0 and updated desktop environments for XFCE, KDE, and GNOME. It also includes new features and improvements such as new sub-menus for identify, protect, detect, respond and recover.

Kali Linux is an open-source operating system that has been designed to provide users with advanced penetration testing tools and techniques. It is widely used by security professionals and hackers alike to test the security of computer systems and networks.

The new Kali Linux Purple distribution has been specifically designed to help security professionals improve their defensive capabilities by providing them with a range of powerful tools and techniques that can be used to detect and respond to cyber threats.

If you are interested in learning more about Kali Linux or would like to download the latest version of the operating system, you can visit the official Kali Linux website at https://www.kali.org/

MyloBot: The Sophisticated Botnet Affecting Thousands of Systems Worldwide

BitSight, a cybersecurity company, has revealed that a sophisticated botnet called MyloBot has affected thousands of systems across the globe.

Most of the compromised systems are located in India, the United States, Indonesia, and Iran.

MyloBot

BitSight has also found that MyloBot’s infrastructure is linked to a residential proxy service named BHProxies, implying that the compromised machines are being used by the latter.

The botnet was initially observed in 2017 and was first documented in 2018. It is known for its anti-analysis methods and its ability to act as a downloader.

MyloBot has the potential to download any other type of malware that the attacker wants. It also waits for 14 days before attempting to contact the command-and-control (C2) server to avoid detection.

MyloBot receives instructions from C2 and transforms the infected computer into a proxy. The malware has been observed sending extortion emails from hacked endpoints as part of a financially motivated campaign.

MyloBot continues to evolve over time, and BitSight has been sinkholing the botnet since November 2018.

Powered by WordPress & Theme by Anders Norén