This is a 1 day workshop that provides a foundation for investigating malicious network traffic. It begins with investigation concepts, using Wireshark, and identifying hosts in network traffic. The workshop then covers characteristics of malware infections and suspicious network traffic. Participants will learn how to determine the root cause of an infection. The workshop concludes with an evaluation in reviewing traffic and drafting an incident report.
Requirements:
Brad Duncan specializes in network traffic analysis and exploit kit detection. After more than 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) and has posted more than 100 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he's provided over 1,300 pcaps of malicious activity to the community.