This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Saturday, October 12 • 1:00pm - 4:00pm
WS-1023 - Malware Traffic Analysis Workshop 2

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

This session is part two of a hands-on workshop presented across two separate sessions. The training provides a foundation for investigating packet captures (pcaps) of malicious network traffic from hosts running Microsoft Windows. Participants will review basic investigation concepts, set up Wireshark, and identify hosts and users in network traffic. The training provides several examples of infection traffic that focuses on mass-distribution commodity malware commonly seen from malicious spam. Pcaps for this workshop will be available online. For the best hands-on experience, participants should have a relatively current version of Wireshark (version 2.6 or better), preferably in a non-Windows environment.
  • You will be required to bring your own laptop, please install a virtual machine (VM) running Linux is recommended for participants using a Windows-based laptop.

avatar for Brad Duncan

Brad Duncan

Threat Intelligence Analyst, Palo Alto Networks - Unit 42
isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and traffic samples to a growing community of information security professionals.">After 21 years in the US Air Force, Brad transitioned to cyber security in 2010, and he is a currently a Threat Intelligence Analyst... Read More →

Saturday October 12, 2019 1:00pm - 4:00pm CDT
BONHAM 3-D | Expert 2 600 E Market St, San Antonio, TX Floor 3