malware_traffic

Info so far: Malware Traffic workshop for BSides Tampa 2020

Jan 8th, 2020
1,491
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. INFORMATION SO FAR ON MY MALWARE TRAFFIC ANALYSIS WORKSHOP FOR BSIDES TAMPA 2020
  2.  
  3. Date: Friday 2020-02-28
  4. Tentative times: 9:00 AM through 6:00 PM (lunch 12:00 PM to 1:00 PM)
  5. Location: To be determined
  6. Registration: still working on how to register
  7.  
  8. Training title:
  9.  
  10. Malware Traffic Analysis Workshop
  11.  
  12. Trainer:
  13.  
  14. Brad Duncan (@malware_traffic on Twitter)
  15.  
  16. Description:
  17.  
  18. This training is a one day workshop that provides a foundation for investigating packet captures (pcaps) of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to determine the root cause of an infection and determining false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.
  19.  
  20. Requirements:
  21.  
  22. Participants require a laptop, preferably running a non-Windows OS (a Windows laptop using a virtual machine running Linux will work). Participants also require a recent version of Wireshark, at least version 2.6.x or later, and an Internet connection to download pcaps used for this training.
  23.  
  24. Training outline:
  25.  
  26. I. Introduction and setting up Wireshark
  27. II. Identifying host and users
  28. III. Non-malicious activity
  29. IV. Windows malware infections
  30. V. Bad web traffic and policy violations
  31. VI. Researching indicators & false positives
  32. VII. Writing incident reports
  33. VIII. Evaluation
  34.  
  35. Trainer biography:
  36.  
  37. Brad Duncan is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. He specializes in network traffic analysis of malware infections. Brad is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.
RAW Paste Data