Tweet
Title: (Beginner) Wireshark for Incident Response & Threat Hunting
Description:
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark.
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.
Attendees will learn:
- How to build traffic specific Wireshark profiles
- How to setup Wireshark for threat hunting
- How to enrich packets with threat intel
- How to identify IOCs in a sea of packets
- How to tap networks and where to setup sensors
- NSM techniques
- Techniques to quickly identify evil on a network
Students are provided with PCAPs of incidents starting with 8 packets and growing to 10,000+ packet captures where students need to build a timeline of a breach.
Speaker(s): Michael Wylie
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-08 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T00:17 (UTC).
Description:
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark.
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.
Attendees will learn:
- How to build traffic specific Wireshark profiles
- How to setup Wireshark for threat hunting
- How to enrich packets with threat intel
- How to identify IOCs in a sea of packets
- How to tap networks and where to setup sensors
- NSM techniques
- Techniques to quickly identify evil on a network
Students are provided with PCAPs of incidents starting with 8 packets and growing to 10,000+ packet captures where students need to build a timeline of a breach.
Speaker(s): Michael Wylie
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-08 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T00:17 (UTC).