RE: https://fedihum.org/@timofruehwirth/115660656523275337

Building tools at the interface of #DigitalEdition and #NetworkAnalysis.

Stay tuned. 👀

@ACDHCH_OeAW @fwf

📦 affiliation-builder v0.2.0: a #Python package for creating bipartite affiliation networks from #JSON using #NetworkX.

🌐 https://pypi.org/project/affiliation-builder/

Generic enough for any affiliation data you throw at it, but I'm developing it specifically as part of a workflow that makes #TEI listEvent accessible to #networkanalysis. More soon ...

Feedback welcome!

@ACDHCH_OeAW @TEIConsortium @HNR @fwf

#dh #digitalhumanities #digitaledition #dse #sde #network

Capture File Forensics 4.1 has been released.

Uncover the security, performance, and configuration issues lurking in your capture files.

#NetworkAnalysis #pcap #networking #network #cyber #security #Wireshark

The #CallForPapers for the #HistoricalNetworkResearch conference #HNR2026 has been extended to Dec. 21! So still some time to submit something and visit beautiful Turin. https://historicalnetworkresearch.github.io/turin/cfp/ #DigitalHumanities #NetworkAnalysis

We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.

Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 sources scanning an unused /18 block.

The origins of the traffic are globally distributed, with notable concentrations from Indonesia, China, the United States, Germany, Chile and others, as well as a few outliers generating unusually high volumes. A significant portion of the scanning activity can also be attributed to infrastructure belonging to commercial threat-intelligence and scanning companies, providing useful context on what constitutes “expected” background noise.

The analysis covers SNMP version usage (v1/v2c overwhelmingly dominant, minimal v3), community-string patterns (default, weak, and undocumented strings), and OIDs that point to which device vendors are most scanned.

This dataset provides insight into real-world reconnaissance trends targeting SNMP-capable infrastructure, helping defenders better understand background noise and scanning behaviours.

🔗 Full report: https://d4-project.org/2025/11/27/Learning-from-Large-Scale-IPv4-blackhole-behavioral-analysis-of-SNMP-traffic.html

🔗 PDF version: https://d4-project.org/assets/behavioral-analysis-of-snmp-traffic.pdf

Co-funded by European Cybersecurity Competence Centre (ECCC) under the NGSOTI project.

#cybersecurity #networkanalysis #cybersecurity #snmp #network #internet #dfir

Last week I participated in #SANS Veterans Day #CTF🚩

After two days of competition, I solved 43 of 45 challenges and luckily won this contest.

As a #network analyst, I especially enjoyed the challenge fx01 (File analysis eXtreme level): a PCAP with a custom protocol

https://www.sans.org/mlp/veterans-day-ctf

#cybersecurity #blueteam #dfir #pentest #reverseengineering #exploitation #networkanalysis

OSINT Tools in C/C++: Used by Intelligence and Security Services
Modern intelligence and cyber-reconnaissance units increasingly rely on **C and C++ tools** when **speed, resource control, and minimal digital footprint** are critical. Below is an overview of key tools and why these languages are preferred.
Classic OSINT Tools in C/C++
1. **Nmap (C/C++)**
The cornerstone network scanner for most OSINT tasks.
**Function:** Active and passive host discovery, service detection, OS fingerprinting.
**Feature:** Supports NSE scripts for automated reconnaissance.
2. **ZMap (C)**
Mass IPv4 scanning (e.g., one port across the entire IPv4 space in ~5 minutes).
Used for large-scale SIGINT/OSINT operations.
3. **Masscan (C)**
U.S. counterpart to ZMap, optimized for maximum speed.
Ideal for instant “network snapshots.”
4. **Tcpdump / libpcap (C)**
Passive packet capture.
Forms the backbone for packet analysis in intelligence systems.
5. **Bro/Zeek (C++)**
Network event analysis framework.
Detects anomalies and covert channels.
6. **YARA / YARA Rules Engine (C/C++)**
Signature-based detection of malware, documents, and archives.
Widely used in cyber intelligence.
7. **OpenSSL Toolkit (C)**
Certificate and TLS channel analysis.
Used to examine cryptographic infrastructure.
8. **ExifTool (C++)**
Metadata analysis for images and documents: device, timestamp, GPS.
9. **Tshark (C)**
CLI version of Wireshark for covert traffic analysis.
10. **Osquery (C++)**
Live-forensics system turning the host into a SQL-queryable database.
Why C/C++ Matters in Intelligence
**Maximum speed**
Native code is crucial for mass network scanning, data streams, and crypto operations.
**Resource control**
Direct management of memory, threads, and network buffers without overhead.
**Low-level access**
Raw sockets, system calls, filesystem, network interfaces.
**Deterministic behavior**
Predictable response times, no garbage collection delays.
**Minimal dependencies & portability**
Statically compilable binaries for Linux, Windows, BSD, or embedded systems.
**Integration with high-performance libraries**
OpenSSL, libpcap, Boost, ZLib for crypto, networking, and compression.
**Hardware-level optimization**
SIMD, vectorization, inline functions, assembly inserts.
Performance: C/C++ vs Interpreted Languages
Example: scanning 100,000 IPs for open ports.
Language Execution Time Reason C 3–5 sec Native code, minimal overhead C++ + Boost.Asio 4–6 sec Asynchronous, thread control Go 10–15 sec Runtime overhead, garbage collection Python 180–300 sec Interpretation, GIL, extra wrappers
**Conclusion:** Porting Python → C/C++ can give **50–100× speedup** for CPU- and I/O-intensive tasks.
Summary
C/C++ are the languages of choice for professional OSINT and intelligence tools where **speed, control, and low-level system/network operations** are required.
**Hashtags**
#OSINT #CPlusPlus #CProgramming #CyberIntelligence #SIGINT #NetworkAnalysis #Maltego #Nmap #ZMap #CyberSecurity #Forensics #MetadataAnalysis #OpenSourceIntelligence #Recon
**Bibliography / Must-Have References**
Gordon UA. *Preparations for war against Poland underway – Polish Chief of Staff*. 2025.
Eurointegration. *Polish Army Chief warns about pre-war threats*. 2025.
TVN24. *Polish Army Chief: Prepare forces for full-scale conflict*. 2025.
Nmap Official Documentation. https://nmap.org
ZMap Project. https://zmap.io
ExifTool Documentation. https://exiftool.org
YARA Rules Engine. https://virustotal.github.io/yara
Osquery Documentation. https://osquery.io

Explore the latest in network analysis with Gerald Combs (@geraldcombs) creator of Wireshark, in the keynote “What’s New in Wireshark 4.6.”

https://www.youtube.com/watch?v=F0JDgQ3t0jg

Recorded live at SharkFest’25 EUROPE in Warsaw, this session dives into the newest features, performance improvements, and shaping Wireshark’s future. Watch now and see how Wireshark continues to lead the world in protocol analysis.

Become a YouTube Member for access to the full library of SharkFest sessions and exclusive technical talks: https://www.youtube.com/channel/UCHBY7sUVdWK4bOSe7khG0UA/join

#Wireshark #SharkFest #NetworkAnalysis #sf25eu

Heute Abend bei #DH im Fokus: Anastasia Glawion (@FAU), die online über "Netzwerkbasierte Zugänge zu postpandemischen #HarryPotter -Interpretationen auf Fanfiktion.de". sprechen wird. Start um 17:15 Uhr. Zoom-Link & Abstract:

https://www.germanistik.uni-rostock.de/forschung/digital-humanities/rosdh/ringvorlesung/2025-26/n/netzwerkbasierte-zugaenge-zu-postpandemischen-harry-potter-interpretationen-auf-fanfiktionde-248113/

#RosDH #UniRostock #DigitalHumanities #HybridLecture #NetworkAnalysis #PlatformLiterature #DistantReading #Fanfiktion

WormHole𝑀 achieves massive speed and efficiency gains over MLL, completing complex graph setups faster and at lower computational cost. https://hackernoon.com/a-faster-more-efficient-approach-to-large-scale-graph-computation #networkanalysis

WormHole slashes graph query costs and setup times compared to BiBFS, PLL, and MLL, offering near-perfect accuracy with minimal resources. https://hackernoon.com/why-wormhole-could-be-the-future-of-fast-graph-queries #networkanalysis

WormHole algorithm delivers faster, more accurate shortest path queries than BiBFS, with lower setup time and disk space use. https://hackernoon.com/wormhole-algorithm-outperforms-bibfs-in-query-efficiency-and-accuracy #networkanalysis

WormHole achieves efficient graph routing with sublinear complexity and an O(log log n) additive error—balancing speed and precision. https://hackernoon.com/understanding-approximation-error-and-query-complexity-in-wormhole-routing #networkanalysis

Proof-of-concept analysis showing how WormHole achieves sublinear performance on Chung-Lu random graphs with power-law distributions.
https://hackernoon.com/understanding-power-law-degree-distributions-in-random-graphs #networkanalysis

Wireshark 4.6.0 Supports macOS Pktap Metadata (PID, Process Name, etc.)

https://nuxx.net/blog/2025/10/14/wireshark-4-6-0-supports-macos-pktap-metadata-pid-process-name-etc/

#HackerNews #Wireshark #Pktap #macOS #Metadata #NetworkAnalysis #PacketCapture

Level up your packet analysis skills before SharkFest kicks off!

This hands-on, 2 day class will teach you how to capture, analyze, and troubleshoot real network traffic using Wireshark. It will also prepare you for the WCA exam.

What you’ll learn:
- How to capture and analyze live network traffic
- Key protocol deep dives (#TCP, UDP, HTTP, TLS, DNS, and more)
- Advanced display filtering and troubleshooting workflows
- Command-line analysis with #TShark

November 3–4 | Warsaw, Poland
Register now: https://sharkfest.wireshark.org/sfeu

#Wireshark #sf25eu #Networking #NetworkEngineering #DNS #UDP #WCA #NetworkAnalysis #Cybersecurity

SharkFest’25 EUROPE is coming to Warsaw!

Join the global Wireshark community for 5 days of deep-dive packet analysis, hands-on learning, and networking with experts.

- Nov 3–7, 2025
- Warsaw, Poland

Register today: https://sharkfest.wireshark.org/sfeu

#Wireshark #sf25eu ##NetworkAnalysis #Cybersecurity

Safe vs Malicious: DNS Edition

Analysis of a connection exploring ports/protocols, long connection duration, ICMP/SNMP/SMB traffic; concludes it’s likely a VPN tunnel safe, though with risky SNMP/SMB exposure.

https://www.activecountermeasures.com/safe-vs-malicious-dns-edition/

#NetworkAnalysis

Navigate the Network: Mastering Wireshark Filters 🦈🔍

Drowning in network data? Learn how to use Wireshark filters to find exactly what you're looking for! Filters are a powerful tool for navigating vast amounts of packet data, whether you're troubleshooting network issues, analyzing protocol behavior, or hunting for security threats. We'll explore the difference between capture and display filters and show you how to zero in on the information that matters most.

#Wireshark #NetworkAnalysis #CyberSecurity #InfoSec #PacketAnalysis #NetworkTroubleshooting #NetworkEngineer #BlueTeam

Wireshark MSI Installers Released | https://techygeekshome.info/wireshark-msi/?fsp_sid=10781 | #Guide #MSI #News #Wireshark#WiresharkUpdate #NetworkAnalysis #MSIInstallers #CyberSecurity #DataTraffic #MastodonPlatform #TechNews #OpenSourceTools #NetworkMonitoring #ITProfessionals 
https://techygeekshome.info/wireshark-msi/?fsp_sid=10781