Using Wireshark for Incident Response and Threat Hunting

Presented at BSidesLV 2019, Aug. 7, 2019, 8 a.m. (595 minutes)

This workshop will take student's Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the day, we'll examine what different attacks look like in Wireshark, which can improve both Red Teams and Blue Teams skills. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network.

Presenters:

• Michael Wylie
  Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, Moorpark College, California State Universities, and clients around the country. Michael holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Michael is responsible for identifying four zero-day vulnerabilities in major tax software in 2018. Twitter: @TheMikeWylie

Similar Presentations:

• PhreakNIC 21 (2017) / SharkDump: Network Analysis Using tcpdump and Wireshark
• SAINTCON 2019 / Wireshark: A Beginners Introduction Training
• BruCON 0x09 (2017) / Programming Wireshark With Lua Workshop