People sometimes ask me when I will teach my network forensics class in the United States. The US is undoubtedly the country with the most advanced and mature DFIR community, so it would be awesome to be able to give my class there. However, not being a U.S. person and not working for a U.S. company makes it rather difficult for me to teach in the United States (remember what happened to Halvar Flake?).
So if you’re from the Americas and would like to take my network forensics class, then please don’t wait for me to teach my class at a venue close to you – because I probably won’t. My recommendation is that you instead attend my upcoming training at 44CON in London this September.
The network forensics training in London will cover topics such as:
- Analyzing a web defacement
- Investigating traffic from a remote access trojan (njRAT)
- Analyzing a Man-on-the-Side attack (much like QUANTUM INSERT)
- Finding a backdoored application
- Identifying botnet traffic through whitelisting
- Rinse-Repeat Threat Hunting
The first day of training will focus on analysis using only open source tools. The second day will primarily cover training on commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools.
Hope to see you at the 44CON training in London!
Posted by Erik Hjelmvik on Tuesday, 25 April 2017 14:33:00 (UTC/GMT)