PacketSmith

Series

PacketSmith

All about PacketSmith (https://www.packetsmith.ca)

Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module
Introduction Zscaler published a blog post about a new malware called SnappyClient, written in the C++ programming language. The malware communicates with its C&C server using a custom binary protocol
Mar 23, 20266 min read312
Detect Malicious .ip6.arpa TLD Reverse DNS Zone Response Packets using PacketSmith Yara-X Detection Module
Introduction The other day, I was reading this interesting article Abusing .arpa: The TLD That Isn’t Supposed to Host Anything by Infoblox threat intel team, published on February 26, 2026. What got m
Mar 17, 20264 min read158
How to Apply VXLAN-GBP Encapsulation to PCAP Files Using PacketSmith
Introduction In version 5.1.0 (codenamed Taxus), released on March 16, 2026, the injection engine has undergone a significant evolution, transitioning from basic command-line parameters to a robust, t
Mar 16, 20263 min read115
How to Detect EternalBlue Exploitation
Yara-X + PacketSmith
Feb 12, 20263 min read73