Archive all former 401trg blog post
This page is an archive of 401trg blog post for posterity and for use by the network security community.
About 401TRG
401 TRG (Threat Research Group) is the Threat Research & Analysis Team at ProtectWise. Using our experience and background in incident response and network forensics in both the public and private sectors, we study ProtectWise’s extensive network-oriented datasets. This work is focused around network traffic analysis, reverse engineering malware, building behavioral detections, and much more. Now we are sharing our knowledge and intelligence discoveries with fellow network defenders and information security professionals to strengthen the community as a whole.
Our team is passionate about sharing our insights to empower security analysts – this site will provide a wide range of resources to the community, from our team’s research and threat intelligence, to tips, tricks, and tooling to improve your own analysis process. Additionally, we are always on the lookout for other research teams and individuals to collaborate with.
Reports
May 03, 2018 - Tom Hegel
Apr 02, 2018 - James Condon, Matt Anthony, Justin Miller
Building a Data Lake for Threat Research
Feb 22, 2018 - Tom Hegel
Analysis of Active Satori Botnet Infections
Dec 20, 2017 - Nate Marx
An Introduction to SMB for Network Security Analysts
Nov 28, 2017 - James Condon
Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains
Nov 14, 2017 - Mike Logoyda
Using Emerging Threats Suricata Ruleset to Scan PCAP
Nov 01, 2017 - Nate Marx
Oct 26, 2017 - Tom Hegel
Large Scale IRCbot Infection Attempts
Oct 16, 2017 - Tom Hegel
Oct 10, 2017 - Tom Hegel
Turla Watering Hole Campaigns 2016/2017
Oct 02, 2017 - Nate Marx
Identifying and Triaging DNS Traffic on Your Network
Sept 28, 2017 - James Condon
Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation
Jul 11, 2017 - Tom Hegel, Nate Marx