Aggregator

概述

2022年10月21日，360Netlab的蜜罐系统捕获了一个通过F5漏洞传播，VT 0检测的可疑ELF文件ee07a74d12c0bb3594965b51d0e45b6f，流量监控系统提示它和

inlinehook是修改内存中的机器码来实现hook的方式

lsnrctl启动实例startup报错 ORA-03113: end-of-file on communication channel $ su - oracle Step 1: You need to look at the alert log. It isn't in /var/log as

东软NetEye电力行业网络安全解决方案已服务全国31个省级行政区。保障全国超7亿人安全用电，护航电力系统安全稳定运行。

东软NetEye电力行业网络安全解决方案已服务全国31个省级行政区。保障全国超7亿人安全用电，护航电力系统安全稳定运行。

知道安全架构建设，那又该如何建设安全架构呢？

当前，围绕电信网络诈骗犯罪已经形成一个门类齐全、分工明确、协作紧密的生态产业链。几乎所有与之相关联的

当前，围绕电信网络诈骗犯罪已经形成一个门类齐全、分工明确、协作紧密的生态产业链。几乎所有与之相关联的

当前，围绕电信网络诈骗犯罪已经形成一个门类齐全、分工明确、协作紧密的生态产业链。几乎所有与之相关联的

There is a combination of lesser known tools and techniques to capture and later decrypt SSL/TLS network traffic on Windows. This technique is neat because it does not require the installation of additional driver/software when capturing the traffic.

Technique, Tools and Steps

It is quite straight forward and consists of:

1. Setting the SSLKEYLOGFILE environment variable to capture TLS session keys on target host
2. Use netsh trace start to capture traffic (no need to install additional driver/software!)
3. Convert the .etl file to a pcap using Microsoft’s etl2pcapng
4. Start Wireshark, open the pcap and set the sslkeys under: Preferences->Protocols->TLS->Pre-Master secret. This does not have to be on the same host as steps 1-2.
5. Enjoy the decrypted traffic!

If you can or want to capture traffic with Wireshark also, there is no need to use netsh of course.