packetrat
Principal Threat Researcher, Sophos. Former IT/NatSec editor at Ars Technica. Former Navy officer. Long-time tech labrat, code tinkerer and infosec tirekicker.
SophosUnited States
Pinned Repositories
arsheadlines
autobearduino
An Arduino project to event-drive animation of a hacked Teddy Ruxpin
heart-attack-data
Data and code for yet another adventure in machine learning for Ars Technica.
malwarefetch
A python script that takes urls from any csv column named "url" and retrieves the files from the web url, recording the filenames and associated urls to another csv. Intended for collecting malware samples from telemetry dumps.
packethunting
Resources and materials for DEF CON 2018 Packet Hunting Workshop
packetrat
Stray packets
phishing-kits-I-found
Research only!
python-intelix-reputation-checking
Python script for processing a list of domains and check their URI and IP reputation against Sophos' Intelix threat intelligence platform
Scam-Site-iOS
shazhupan
Slides and IoCs from pig butchering research
packetrat's Repositories
packetrat/packethunting
Resources and materials for DEF CON 2018 Packet Hunting Workshop
packetrat/phishing-kits-I-found
Research only!
packetrat/python-intelix-reputation-checking
Python script for processing a list of domains and check their URI and IP reputation against Sophos' Intelix threat intelligence platform
packetrat/autobearduino
An Arduino project to event-drive animation of a hacked Teddy Ruxpin
packetrat/arsheadlines
packetrat/shazhupan
Slides and IoCs from pig butchering research
packetrat/heart-attack-data
Data and code for yet another adventure in machine learning for Ars Technica.
packetrat/malwarefetch
A python script that takes urls from any csv column named "url" and retrieves the files from the web url, recording the filenames and associated urls to another csv. Intended for collecting malware samples from telemetry dumps.
packetrat/packetrat
Stray packets
packetrat/Scam-Site-iOS
packetrat/hello-world
A repository of random thoughts and code
packetrat/IoCs
Sophos-originated indicators-of-compromise from published reports
packetrat/packetrat-github.io
GitHub page
packetrat/packetrat.github.io
packetrat/pancakescon-v
Slides and references from my PancakesCon talk March 2024
packetrat/Scam-Site-Discoveries
A phishing e-mail received July 26 routed through two websites to a malicious site named applesecurityrisks.xyz. The code on the site launched a call dialog box on iOS and macOS devices to connect to "Apple Support"—a call center in India running a support scam that may have been attempting to convince victims to subscribe to a rogue mobile device management server.
packetrat/scam_site_discoveries
Code from an iOS-focused phishing site that pops up a phone call dialog box
packetrat/ScamSiteDiscoveries
Code from an Indian support scam phishing campaign targeting iOS devices
packetrat/SnowdenAnniversary
A community conversation about how stuff's changed over the past 5 years since Snowden's NSA doc release.
packetrat/tutorial
packetrat/yaraml_rules
Security ML models encoded as Yara rules