BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:0202fdb1-136d-4ae1-ba7f-85e085e76664 DTSTAMP:20260522T152701Z SUMMARY:(Beginner) Wireshark for Incident Response &\; Threat Hunting DESCRIPTION:Title: (Beginner) Wireshark for Incident Response & Threat Hunt ing\n\nDescription:\nThis workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response\, threat hunt ing\, and malicious network traffic analysis. We will begin with a brief i ntroduction to Wireshark and other Network Security Monitoring (NSM) tools /concepts. Placement\, techniques\, and collection of network traffic will be discussed in detail. Throughout the workshop\, we’ll examine what di fferent attacks and malware look like in Wireshark.\n\nThis workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response\, threat hunting\, and malicious network traffic anal ysis. We will begin with a brief introduction to Wireshark and other Netwo rk Security Monitoring (NSM) tools/concepts. Placement\, techniques\, and collection of network traffic will be discussed in detail. Throughout the workshop\, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. Th ere will be plenty of take home labs for additional practice.\n\nAttendees will learn:\n- How to build traffic specific Wireshark profiles\n- How to setup Wireshark for threat hunting\n- How to enrich packets with threat i ntel\n- How to identify IOCs in a sea of packets\n- How to tap networks an d where to setup sensors\n- NSM techniques\n- Techniques to quickly identi fy evil on a network\n\nStudents are provided with PCAPs of incidents star ting with 8 packets and growing to 10\,000+ packet captures where students need to build a timeline of a breach.\n\nSpeaker(s): Michael Wylie\n\nLoc ation: Blue Team Vlg / Blue Team Vlg - Workshop Track 2\n\nDiscord: https: //discord.com/channels/708208267699945503/732454317658734613\n\nEvent star ts: 2020-08-08 10:30 (10:30 AM) PDT (UTC -07:00)\n\nEvent ends: 2020-08-08 12:00 (12:00 PM) PDT (UTC -07:00)\n\nFor the most up-to-date information\ , please either visit https://info.defcon.org\, or use HackerTracker\, whi ch is available for iOS and Android. This is an automated message\, and th is data was last modified 2020-08-03T00:17 (UTC). URL:https://forum.defcon.org/node/234101 DTSTART:20200808T183000Z DTEND:20200808T200001Z LOCATION:Blue Team Vlg / Blue Team Vlg - Workshop Track 2 END:VEVENT END:VCALENDAR