06-17, 14:45–17:00 (US/Eastern), Room B
Learn how to recognize and detect malicious activity on the wire.
What does badness look like on the wire? How can you recognize a DDoS versus nmap scan vs remote access vs data exfiltration? Understanding network protocols (yes, RFCs!) and being able to extract artifacts from network traffic is essential in many fields - incident response, forensics, security operations - the list goes on. Recognizing the hallmarks of various types of attacks is also key. In this workshop we will walk through custom packet captures to explore examples of various types of attacks.
This workshop is designed for a variety of experience levels. We will start with the basics of TCP/IP and review how network traffic flows, then ease into the analysis part. I encourage anyone with an interest to participate. For more advanced students there will be additional questions/challenges to keep you occupied.
Marcelle is security practitioner but also an educator at heart, and delivers many talks and workshops. Marcelle's passion lies in several areas but network traffic analysis is at the top of the list. She has delivered traffic analysis workshops at Thotcon, SkyDogCon, BSidesCharm, etc. but always uses fresh captures to demonstrate relevant and current topics.
LinkedIn: https://www.linkedin.com/in/marcellelee/