In an analytic world with a vast wealth of tools, often the simplest methods are the best for determining an attack chain. Wireshark provides the perfect platform for the "dirty" analysis that no one wants to get into. Rather than sifting through false positives provided by IDS/IPS alerts, Wireshark, and a bit of patience, can show summarize an attack. The dissection of anomalous traffic into segments using Wireshark can provide a framework for the reconstruction of an attack. A hands-on approach to traffic analysis. Providing post-mortem PCAPs of an attack, individuals will be asked to determine a method of attack using whatever tools available. Reconstruction of an attack and the determination attack patterns will be then decoded and reconstructed using nothing but Wireshark.
Daniel Rico is a member of Global Cyber Security & Fraud at First Data Corporation. He began working in IT at an early age and progressed to penetration testing as a side-hobby, attempting to exploit vulnerabilities in game server environments. After working with his Alma Mater and the New York Department of Education as the IT Director for a special needs advocacy group Daniel moved into the corporate cyber security space. Daniel has has an MS in Information Management and Technology as has spoken at Facebook regarding OSINT practices and the utilization of open source intelligence for profiling threat actors.