This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Friday, October 11 • 11:00am - 12:00pm
NA-1024 Network Traffic Analysis with Moloch

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Moloch is an open-source tool for full network traffic capture and analysis.

Trying to get a handle on what's happening on your network? Network defenders need a thorough understanding of traffic on their networks, and Moloch is an excellent way to get insight into what's happening on the wire.
Moloch is a free and open-source platform for full packet capture and analysis. It's scalable from small to very large applications and packages a whole bundle of handy tools, from connection maps to a built-in CyberChef instance for decoding and analysis.
Moloch makes an excellent threat hunting application. Analysts can pivot seamlessly from traffic metadata to raw capture analysis. Want to try another tool, or look at an old capture? Moloch ingests and exports standard PCAP files.
I'll walk you through the basics first. We'll talk about the Sessions, SPI, and Connections views. We'll talk about Moloch's customization options, where to find documentation, and how you can structure your workflow to chase down important artifacts quickly. Once we're comfortable with the bread and butter, we'll look at some of Moloch's advanced features. Hunts, recurring cron queries, and Moloch's powerful API will be the focus.
To cap things off, we'll take some time to walk through some publicly-available PCAP to apply our newfound skills. You should leave this talk with a solid understanding of how to leverage Moloch for your own investigations - sure to come in handy if you plan to compete in certain CTFs...


Robert Wilson

Trainer, Government
Robert is an elementary school teacher-turned-information security analyst. He holds certifications in network and host forensics and has been working with Moloch for almost two years.

Friday October 11, 2019 11:00am - 12:00pm CDT
BONHAM 3-E | Expert 3 600 E Market St, San Antonio, TX Floor 3