Series

PacketSmith

All about PacketSmith (https://www.packetsmith.ca)

Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state
Introduction This vulnerability was found by Outpost24 under the identifier CVE-2025-31161 (previously reported as CVE-2025-2825). Outpost24 and other vendors and security researchers have shared enou
May 14, 20268 min read24
Detect Shulfar Malware Encrypted TCP C&C Traffic Using PacketSmith Yara-X Detection Module
Introduction Splunk published a blog post about a variant of the Gh0stRat malware family used in a new campaign delivered alongside the CloverPlus adware. The blog post is titled "Not Just Annoying Ad
Apr 24, 20267 min read139
Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module
Introduction Zscaler published a blog post about a new malware called SnappyClient, written in the C++ programming language. The malware communicates with its C&C server using a custom binary protocol
Mar 23, 20266 min read447
Detect Malicious .ip6.arpa TLD Reverse DNS Zone Response Packets using PacketSmith Yara-X Detection Module
Introduction The other day, I was reading this interesting article Abusing .arpa: The TLD That Isn’t Supposed to Host Anything by Infoblox threat intel team, published on February 26, 2026. What got m
Mar 17, 20264 min read169
How to Apply VXLAN-GBP Encapsulation to PCAP Files Using PacketSmith
Introduction In version 5.1.0 (codenamed Taxus), released on March 16, 2026, the injection engine has undergone a significant evolution, transitioning from basic command-line parameters to a robust, t
Mar 16, 20263 min read135
How to Detect EternalBlue Exploitation
Yara-X + PacketSmith
Feb 12, 20263 min read86

Command Palette