CA$20

Malware Traffic Analysis Workshop with Brad Duncan

Event Information

Share this event

Date and Time

Location

Location

EY Tower - WaveSpace

100 Adelaide Street West

40th Floor

Toronto, ON M6J 2L3

Canada

View Map

Refund Policy

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Come join us for a full day malware traffic analysis workshop delivered by Brad Duncan, author of the Malware Traffic Analysis Blog.

About this Event

DEFCON Toronto is excited to bring to you a full day malware traffic analysis workshop hosted at the EY Tower at Bay/Adelaide.

This workshop is sponsored by EY and Elevated Prompt!

Individuals of all skill levels are encouraged to attend!

Lunch will be provided.

Purchase of a ticket for this workshop will contribute to the costs of facilitator's travel, the venue, and food.

Bio on Workshop Facilitator (Brad Duncan):

After 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010, and he is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad specializes in network traffic analysis. He is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he provides traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.

Workshop Details:

This training is a one day workshop that provides a foundation for investigating packet captures (pcaps) of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to determine the root cause of an infection and determining false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.

Participant Requirements/Preparation Instructions:

  1. Personal laptop running a non-Windows OS or a Virtual Machine running a non-Windows OS
  2. Recent version of Wireshark installed (at least version 2.2 or later)
  3. PCAPs and presentation slides to be posted here in advance of the workshop (Will be announced when content is up and finalized)
  4. To get familiar with the types of exercises that will be done in the workshop, participants can review previously posted training exercises on Brad's blog here: https://www.malware-traffic-analysis.net/training-exercises.html

Workshop Schedule:

8:30AM-9AM - Registration

9AM-10AM - Intro & setting up Wireshark (1 hour)

10AM-11AM - Identifying hosts & users (1 hour)

11AM-11:15AM - Bio Break

11:15AM-12:15PM - Non-malicious activity (1 hour)

12:15PM-1PM - Lunch

1PM-2PM - Windows malware infections (1 hour)

2PM-2:45PM - Bad web traffic & policy violations (45 minutes)

2:45PM-3PM - Bio Break

3PM-4PM - Researching indicators & false positives (15 minutes)

4PM-5PM - Writing incident reports (1 hour 15 minutes)

5PM-5:45PM - Evaluation (45 minutes)

Share with friends

Date and Time

Location

EY Tower - WaveSpace

100 Adelaide Street West

40th Floor

Toronto, ON M6J 2L3

Canada

View Map

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved