Presented at
Texas Cyber Summit 2019,
Oct. 11, 2019, 3 p.m.
(120 minutes).
This session is part one of a hands-on workshop presented across two separate sessions. The training provides a foundation for investigating packet captures (pcaps) of malicious network traffic from hosts running Microsoft Windows. Participants will review basic investigation concepts, set up Wireshark, and identify hosts and users in network traffic. The training provides several examples of infection traffic that focuses on mass-distribution commodity malware commonly seen from malicious spam. Pcaps for this workshop will be available online. For the best hands-on experience, participants should have a relatively current version of Wireshark (version 2.6 or better), preferably in a non-Windows environment.* You will be required to bring your own laptop, please install a virtual machine (VM) running Linux is recommended for participants using a Windows-based laptop.
Presenters:
-
Brad Duncan
- Palo Alto Networks - Unit 42
isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at [www.malware-traffic-analysis.net](http://www.malware-traffic-analysis.net/), where he provides traffic analysis exercises and over 1,600 malware and traffic samples to a growing community of information security professionals.">After 21 years in the US Air Force, Brad transitioned to cyber security in 2010, and he is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad specializes in analysis of malware infection traffic. He is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at [isc.sans.edu](http://isc.sans.edu/). Brad routinely blogs technical details and analysis of infection traffic at [www.malware-traffic-analysis.net](http://www.malware-traffic-analysis.net/), where he provides traffic analysis exercises and over 1,600 malware and traffic samples to a growing community of information security professionals.
Links:
Similar Presentations: