Abstract

This is a one-day workshop that provides a foundation for investigating malicious network traffic. It begins with investigation concepts, using Wireshark, and identifying hosts from traffic indicators. The workshop then covers characteristics of malware infections and suspicious network traffic. Participants will learn how to determine the root cause of an infection. The workshop concludes with an evaluation in reviewing traffic and drafting an incident report.

Speaker

Brad Duncan

Threat Intelligence Analyst, Palo Alto Networks - Unit 42



* Please arrive early to make sure you get a seat. Any open seats will be filled.



Participants requirements:

- A laptop, preferably non-Windows-based that has Wireshark installed

- If guest laptop runs Windows, highly-recommend using a VM program like VMWare player or VirtualBox to run a recent version of any popular Linux distro

- Familiarity with basic Linux command line tools is highly beneficial



