This workshop provides a foundation for investigating malicious network traffic based on Windows infections. Participants learn how to find indicators and determine the root cause of an infection. This workshop use examples of IDS alerts from Security Onion to kick off our investigations.

The workshop starts with an introduction to investigating network traffic, covers setting up Wireshark, and reviews how to identify hosts and users in Windows network traffic. Once these fundamentals are established, participants investigate various examples of Windows-based malware infection traffic.