SEC-T - 0x0Compute

September 19-20, 2019 – Stockholm, Sweden

Network forensics training

Get tickets

The two-day Network Forensics class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

Day 1 – Theory and Practice using Open Source Tools

Day 2 – Advanced Network Forensics using Netresec Tools

The Scenario

The scenario used in the class involves a new progressive Bank, which provides exchange services for Bitcoin and Litecoin. We’ve set up clients and a server for this bank using REAL physical machines and a REAL internet connection. All traffic on the network is captured to PCAP files by a SecurityOnion sensor. In the scenario this bank gets into lots of trouble with hackers and malware, such as:

Class attendees will learn to analyze captured network traffic from these events in order to:

NetworkMiner CapLoader Professional software included FREE of charge

Each attendee will be provided with a free personal single user license of NetworkMiner Professional and CapLoader. These licenses will be valid for six months from the first training day.

Target Audience

Q: Who should attend?
A: Anyone who want to improve their skills at finding evil stuff in full content packet captures.

Q: Who should NOT attend?
A: Those who are afraid of using Linux command line tools.

Training Preparations

Laptop Required
Attendees will need to bring a laptop that fits the following specs:

A VirtualBox VM will be provided on USB flash drives at the beginning of the training. Please note that having a 64-bit CPU and a 64-bit OS is not always enough to support 64-bit virtualization. You might need to enable features such as ”AMD-V”, ”VT-x” or ”Hyper-V” in BIOS in order to run virtual machines in 64-bit mode. You might also need to turn off “Intel Trusted Execution” in BIOS. One way to verify that your laptop supports 64-bit virtualization is to download the SecurityOnion ISO and see if it boots up in VirtualBox.

Get tickets