This training is a one day workshop that provides a foundation for investigating packet captures (pcaps) of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to determine the root cause of an infection and determining false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.
After 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010, and he is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad specializes in network traffic analysis. He is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.