Malware Traffic Workshop - CANCELED

Unfortunately due to COVID-19 concerns, we have decided to postpone this event until further notice. We will attempt to reschedule this great training when possible.

BSides Charleston presents:

Malware Traffic Workshop 2020

with Brad Duncan (@malware_traffic)

This is a 1-day class - Satuday, April 4, 2020. The class will run from 9:00am - 5:00pm. Attendees are asked to be present and setup by 8:45am so that the class can begin promptly at 9:00am. Proceeds from this event will go towards the BSides Charleston 501c3 Non-Profit Organization to benefit our main conference in November.

This workshop provides a foundation for investigating packet captures (pcaps) of malicious network traffic. Participants identify victim hosts, review indicators of compromise, and determine the root cause of an infection. Participants also practice writing incident reports. The training focuses on Windows infections and uses alerts from Security Onion to help identify suspicious activity.

Course Outline:

• Intro and setting up Wireshark
• Identifying host and users 
• Non-malicious activity
• Windows malware infections
• Bad web traffic and policy violations
• Researching indicators & false positives
• Writing incident reports
• Evaluation

Target Audience:

This training helps prepare people for roles as security analysts who review alerts on suspicious network activity. Participants should understand fundamental concepts network traffic.

Tech Requirements:

A laptop with a recent version of Wireshark, preferably running a non-Windows environment (a VM of something like Ubuntu or Kali Linux would be fine for a Windows laptop).

Instructor Bio:

After 21 years of classified intelligence work for the US Air Force, Brad Duncan (https://twitter.com/malware_traffic) transitioned to cyber security in 2010, and he is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad specializes in network traffic analysis. He is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.