Traffic Analysis Workshop
2019-05-16, 14:00–16:00, Workshop Area

This workshop uses Wireshark to investigate Windows-based malware activity. Participants review packet captures (pcaps) of network traffic based on alerts from an Intrusion Detection System (IDS).

This workshop provides a foundation for investigating malicious network traffic based on Windows infections. Participants learn how to find indicators and determine the root cause of an infection. This workshop use examples of IDS alerts from Security Onion to kick off our investigations.

The workshop starts with an introduction to investigating network traffic, covers setting up Wireshark, and reviews how to identify hosts and users in Windows network traffic. Once these fundamentals are established, participants investigate various examples of Windows-based malware infection traffic.