2012 Symposium - São Paulo

Network Forensic for CSIRTs

Hands On Training

Thursday — March 29th, 2012 13:30

Friday — March 30th, 2012 09:00

  • Short introduction to Network Forensics and CSIRT operations
  • New trends in malware and attack vectors
  • Collaborative intelligence concepts
  • Network traffic characterization and patterns
  • Network forensics basic methodology
  • Proactive and reactive approaches to Network Analysis and Forensics
  • Generating Network based IOCs (Indicators of Compromise)
  • Collaboration, IOCs, and Collective Intelligence Framework
  • Building a network forensics lab (working with Bro 2.0, ELSA, StreamDB and Cuckoo Sandbox. Using Security Onion Distro)
  • Analysis of several real world examples:
    • Backdoors and covert channels (DNS and ICMP based)
    • Analyzing Botnets traffic (Zeus DNS queries) using Metasploit vsploit
    • Anomaly detection using NFsen and Bro 2.0
    • Malware analysis Network based IOCs generation with Bro/ELSA, NFSEN and Cucko Sandbox
    • Communicating with other CSIRTs (using openIOC to share incident data)
    • etc. (depending on class)

Students will need:

  • a laptop with Vmware installed
  • at least 4GB RAM
  • at least 25GB free disk space

Presenters

  • James Pichardo (InfoSec Consultant at Ministry of Finance, DO) DO