Info so far: Malware Traffic workshop for BSides Tampa 2020
malware_traffic Jan 8th, 2020 674 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- INFORMATION SO FAR ON MY MALWARE TRAFFIC ANALYSIS WORKSHOP FOR BSIDES TAMPA 2020
- Date: Friday 2020-02-28
- Tentative times: 9:00 AM through 6:00 PM (lunch 12:00 PM to 1:00 PM)
- Location: To be determined
- Registration: still working on how to register
- Training title:
- Malware Traffic Analysis Workshop
- Brad Duncan (@malware_traffic on Twitter)
- This training is a one day workshop that provides a foundation for investigating packet captures (pcaps) of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to determine the root cause of an infection and determining false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.
- Participants require a laptop, preferably running a non-Windows OS (a Windows laptop using a virtual machine running Linux will work). Participants also require a recent version of Wireshark, at least version 2.6.x or later, and an Internet connection to download pcaps used for this training.
- Training outline:
- I. Introduction and setting up Wireshark
- II. Identifying host and users
- III. Non-malicious activity
- IV. Windows malware infections
- V. Bad web traffic and policy violations
- VI. Researching indicators & false positives
- VII. Writing incident reports
- VIII. Evaluation
- Trainer biography:
- Brad Duncan is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. He specializes in network traffic analysis of malware infections. Brad is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.
RAW Paste Data