I've been using Networkminer for some time, and I wanted to report what I consider a fairly significant bug.
I see a lot of malware which downloads its payloads when connected to nonstandard ports on the server side. Most commonly, I see ports 88/TCP, 90/TCP and 8080/TCP used. The connections are not https or SSL encrypted, they're using your typical HTTP GET but not coming through standard port 80. I'd really like to see the ability for the program to be able to extract binaries downloaded from these oddball ports in the near future.
Log in to post a comment.