Jasper Bongertz
Jasper is the Head of the Computer Security Incident Response Team (CSIRT) at G Data CyberDefense in Bochum, Germany. In that role he is running a team of computer/network/memory forensics experts as well as a couple of malware reverse engineers and a number of Incident Handlers. The CSIRT helps customers that have been compromised (A.K.A. "hacked"), mostly with the attacker's intent of preparing/performing a ransomware extortion.
Jasper's official role at the G Data CSIRT is "Principal Network Security Specialist". He has over 20 years of experience in computer network analysis and network forensics, and has forgotten more about network protocols than most people will ever learn (Token Ring, ATM, some serial stuff). In previous employments he wrote and taught a number of Ethereal & Wireshark 3-5 day classes as well as official VMware classes, and Hacking courses.
Jasper is a Wireshark Certified Analyst (WCA #2) and member of the board of directors of the Wireshark Foundation.
Sessions
Are you at Sharkfest for the first time? Then this session is for you. We'll explain how the conference works and what's probably different from other conference you may have been at. You'll learn about Packet Doctors, the evening events, the onsite WCA exam, and what the developer den is. The goal is to make sure you don't feel you missed out on something at the end of the conference because you didn't know how it worked.
The Wireshark Certified Analyst exam is not an easy certification to take, especially if your knowledge about the details of the TCP protocol is somewhat shaky. In this talk we'll take a look at the aspects mentioned in the WCA curriculum and discuss them together. The goal is to make sure you understand what you need to bring to the exam and help you identify the areas where you might have to improve your skill analyzing TCP to achieve the WCA status.
The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not-
knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved.
Come to this session and learn to ask the right questions and look at packets in different ways.
PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO [email protected] PRIOR TO SHARKFEST!
It's not easy to spot attacks in network packets, mostly because there's so many of them (packets, that is), resulting in the Signal-to-Noise ratio is extremely high. But there are also additional challenges, like encryption or attackers simply using protocols that administrators use themselves. We'll take a look at a number of real world scenarios and learn about various attack patterns and how to find/recognize them.