11-06, 14:00–15:30 (Europe/Vienna), Palais Sachsen Coburg I-III
Packet-level analysis stands as the gold standard in incident response, providing the most detailed evidence during security investigations. Despite its importance, packet analysis is often underutilized, typically considered only as a last resort. This session aims to elevate the use of Wireshark in everyday security practices, demonstrating its effectiveness not just in validating security tool alerts but in gaining a profound understanding of attack methodologies through network traces.
The session will focus on:
Explore and demonstrate methods for SSL interception, comparing browser-based versus proxy-based analysis, including techniques like PCAP over IP for remote capturing.
Investigate Attack Vectors: Learn to identify various network scans and conduct in-depth analyses of successful attacks. We will also highlight a successful attack using Metasploit, capturing and analyzing network traces to deepen our understanding and see examples of useful LUA Plugins for Security.
Walter is a veteran in network and protocol analysis, having earned his stripes as a "Sniffer University Certified Instructor" from Network General in 1994. Throughout his career, he quickly advanced into the cybersecurity arena, where his expertise in protocols proved invaluable. Walter has held primarily technical roles at notable companies such as Network Associates, McAfee, Symantec, and Palo Alto Networks. Additionally, he was responsible for Managed Security Services for Palo Alto Networks and Akamai (Micro Segmentation / Guardicore) at Telekom Security.