Using packet captures to find, catalog, and report on a malware incident makes threat hunting easier for your entire team and is an integral part of your SIEM process. Malware-traffic-analysis.net regularly publishes great exercises for catching malware, and includes pcaps of the incident to flex your analysis skills.
In this webinar, we’ll explore one of these exercises to learn how to investigate security monitoring alerts using packet captures, from identification to remediation, and the steps you can take to organize and save your analysis for better reporting and retro-hunting in the future.
So, Review the video where I'll take you through this malware traffic analysis exercise that explores identifying a malware infected Windows machine. You can even try it on your own using this packet capture on CS Personal SaaS!
Tom Peterson ( a seasoned Data Network Analyst) will be showing you how to:
-Investigate alerts from a security monitor using full packet capture
-Determine if a machine was infected with malware
-Identify the infected host
-Create an incident report containing indicators of compromise
-Organize, save, and share your analysis
See you there!
If you missed the Live Webinar - Here is the recorder event -
Great for Threat hunters - Video Webinar
The Presenter - Tom Peterson - Tom works at CloudShark helping bring pcap analysis to the web. Getting started with networking at 2005 performing testing at the InterOperability Lab at UNH he began by learning IPv6 and moved from there testing IPsec, firewalls, and other network security devices. Testing a variety of protocols and devices has led to a passion of looking for strange behavior in a pcap file and getting to the bottom of it.