ISC2 Sponsored Cyber Tech Talk - Wireshark and Network Package Analysis

This is a past event

24 people went

Location image of event venue

Details

Register Here: https://www.novaisc2chapter.org/content.aspx?page_id=4002&club_id=51185&item_id=933021

The new Northern Virginia Chapter of ISC2 will host its 2nd event in the Tech Talk Series at Nova Labs. ISC2 CPE will be given for this event. Attendees should bring their own laptops for the event.

Wireshark and Network Packet Analysis
Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color coding, and other features that let you dig deep into network traffic and inspect individual packets. This meetup will get you up to speed with the basics of capturing packets, filtering them, inspecting, analyzing and reconstructing them. We will use Wireshark to inspect a suspicious network traffic, analyze the traffic flow on your network, or find out the attacking traffic in the sample pcap files.

We will share some sample pcap files to identify the suspicious traffic in them. We will also utilize tshark which is a terminal oriented version of Wireshark designed for capturing and displaying packets when an interactive user interface isn’t necessary or available. It supports the same options as wireshark. Ultimately we will analyze packages with tshark and forward the finding to a SIEM solution like Splunk.
This meetup series will provide professionals with greater industry acceptance as a threat hunter, incident handler, risk administrator, SOC analyst, forensic investigator, etc.

Meetup videos:
Threat Hunting:
https://www.youtube.com/playlist?list=PLUvHJLvpaOcVp68RpEUIuIQaDTwfMYBSx

Ethical Hacker:
https://www.youtube.com/playlist?list=PLUvHJLvpaOcV44n9Lp8cZAJfxdicbdLpI

Requirements:

• A laptop with 100GB free space, 8GB RAM VMware or VirtualBox installed. SSD disk is strongly advised.

• Make sure you have a good linux distro (Debian, Ubuntu, Kali Linux, etc.) installed on your host or VMware/Virtualbox platform. We will use the linux box for analysis. You can use your Windows or Mac OS as well if you know what you are doing. You can download Kali Linux (my favorite) at https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

• Don't forget to download course materials from http://bit.do/ThreatHunting (http://bit.do/ThreatHunting)

Talk will be given by Candan Bolukbas who is very active in the NOVA Cyber Community. Candan is digital polymath and Certified Ethical Hacker. Candan fully appreciates the growing threat to digital communications and data accumulation which affects all of us. He is co-founder and chief technology officer for NormShield, Inc., a McLean-based “security-as-a-service solutions” company. Candan and NormShield’s primary focus is on cyber threat intelligence, vulnerability management and perimeter monitoring.

Candan is responsible for the technical direction and innovation of NormShield products. Besides being a certified Ethical Hacker, he is a certified secure programmer, certified incident handler and a certified computer hacking forensic investigator. He has more than ten years of experience working with data protection and information security standards and technologies including business continuity, data-loss protection, data privacy, disaster recovery, encryption, enterprise architecture, firewalls, intrusion detection and prevention systems, penetration testing, physical security, security event management and vulnerability scanning. Candan has a BS degree in Computer Engineering and he has been developing security products, performing penetration testing & forensic analysis, and providing cyber security training. Certifications: CCNA, CCNP, CHFI, ECSP, MCSA, ECIH, CEH, LPT. Candan worked for both public and private sectors for many years and strong supporter of human rights, freedom and privacy.

Feel free to post your comments & questions to the message board and feel free to answer any question if you know the answer ;)