Online Network Forensics Training

I will teach a live online class next month. The subject for the class is Network Forensics for Incident Response.

The training is split into four interactive 4-hour sessions, so that you have the rest of each work-day free to either practice what you learned in class or catch up with your “normal” day job. The number of attendees is limited to 15 in order to provide a good environment for questions and discussions. The registration will be closed once we reach this attendee limit.

• 📅 Date: May 12-15, 2025
• ⏲️ Time: 8:30 AM to 12:30 PM CEST (UTC+2)
• 💸 Price: € 960 EUR per student

We will analyze a 14 GB PCAP data set captured on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack! In this training you'll get first-hand experience looking at C2 and backdoor protocols, such as Cobalt Strike, TrickBot, njRAT and Meterpreter.

See our training page for more info about the class.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Monday, 07 April 2025 06:25:00 (UTC/GMT)

Tags: #Network Forensics​ #Training​ #Class​ #PCAP​

Online Network Forensics Class

I will teach two live online classes this autumn, one in October and one in November. The subject for both classes is network forensics for incident response.

The training is split into four interactive morning sessions, so that you have the afternoon free to either practice what you learned in class or catch up with your “normal” day job. The number of attendees will be limited in order to provide a good environment for taking questions. A maximum of 15 attendees will be accepted per class. The registration will be closed once we reach this attendee limit.

• 🇺🇸 October 21-24, 2024: PCAP in the Morning US
• 🇪🇺 November 18-21, 2024: PCAP in the Morning Europe
  ⏲️ Time: 8:30 AM to 12:30 PM CET
  💸 Price: € 920 EUR per student

We will analyze a 14 GB PCAP data set captured on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack! In this training you'll get first-hand experience looking at C2 and backdoor protocols, such as Cobalt Strike, TrickBot, njRAT and Meterpreter.

See our training page for more info about the “PCAP in the Morning” classes.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Monday, 03 June 2024 10:20:00 (UTC/GMT)

Tags: #network forensics​ #PCAP​

Network Forensics Training - Spring 2024

I will teach two live online network forensics classes in March, one on European morning time, and the other on US morning time. The subject for both classes is network forensics in an incident response context.

The training is split into four interactive morning sessions, so that you have the afternoon free to either practice what you learned in class or catch up with your “normal” day job. The number of attendees will be limited in order to provide a good environment for taking questions. A maximum of 15 attendees will be accepted per class. The registration will be closed once we reach this attendee limit.

• 🇪🇺 March 4-7, 2024: PCAP in the Morning Europe
  ⏲️ Time: 8:30 AM to 12:30 PM CET
  💸 Price: € 930 EUR per student
• 🇺🇸 March 25-28, 2023: PCAP in the Morning US
  ⏲️ Time: 9:30 AM to 1:30 PM EDT
  💸 Price: $1,000 USD per student

We will be analyzing a unique 30GB PCAP data set captured during June 2020 on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack! In this training you'll get first-hand experience looking at C2 and backdoor protocols, such as Cobalt Strike, TrickBot, njRAT and Meterpreter.

See our training page for more info about the “PCAP in the Morning” classes.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Monday, 11 December 2023 12:55:00 (UTC/GMT)

Tags: #Netresec​ #PCAP​ #Training​ #Network Forensics​ #Class​

Online Network Forensics Class

I will be teaching two live online network forensics classes this spring, one in March and one in April. The March class is adapted to American time and the April one is adapted to European time. Both classes focus on doing network forensics in an incident response context.

The training is split into four interactive morning sessions, so that you have the afternoon free to either practice what you learned in class or do your “normal” day job. The number of attendees will be limited in order to enable attendees to ask questions or even cover short ad-hoc side tracks. We plan to accept 10 to 15 attendees per class. The class registration will be closed once we reach this attendee limit.

• 🇺🇸 March 20-23, 2023: PCAP in the Morning US
  ⏲️ Time: 9:30 AM to 1:30 PM EDT
  💸 Price: $1,000 USD per student
• 🇪🇺 April 17-20, 2023: PCAP in the Morning Europe
  ⏲️ Time: 8:30 AM to 12:30 PM CEST
  💸 Price: € 950 EUR per student

We will be analyzing a unique 30GB PCAP data set captured during June 2020 on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!

See our training page for more info about the “PCAP in the Morning” classes.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Tuesday, 17 January 2023 10:18:00 (UTC/GMT)

Tags: #Netresec​ #PCAP​ #Training​ #Network Forensics​ #Class​

Network Forensics Classes for EU and US

We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American time. The contents are exactly the same in both classes.

The training is split into four interactive morning sessions (4 hours each), so that you have the afternoon free to either practice what you learned in class or do your “normal” day job. The number of attendees will be limited in order to enable attendees to ask questions or even cover short ad-hoc side tracks. We plan to accept something like 10 to 15 attendees per class. The class registration will be closed once we reach this attendee limit.

• 🇪🇺 September 20-23, 2021. Live Online Training "PCAP in the Morning EU"
  ⏲️ Time: 8:30 AM to 12:30 PM CET (Central European Time)
  💸 Price: € 820 EUR per student (€ 738 EUR if registering before August 20)
• 🇺🇸 October 25-28, 2021. Live Online Training "PCAP in the Morning US"
  ⏲️ Time: 9:00 AM to 1:00 PM EDT (US Eastern Daylight Time)
  💸 Price: $1,000 USD per student ($900 USD if registering before September 25)

We will be analyzing a unique 30GB PCAP data set captured during June 2020 on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!

See our training page for more info about the “PCAP in the Morning” classes.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Monday, 07 June 2021 09:55:00 (UTC/GMT)

Tags: #Netresec​ #PCAP​ #Training​ #Network Forensics​ #Class​

Network Forensics Training at TROOPERS

I'm happy to announce that I will teach a two-day Network Forensics class at the upcoming Troopers conference in March! The first day of training (March 14) will cover how to use open source tools to analyze intrusions and malware in captured network traffic. On day two (March 15) I will show attendees some tips and tricks for how to use software developed by us at Netresec, i.e. NetworkMiner Professional and CapLoader. This training is a rare opportunity to learn how to use this software directly from the main developer (me). Everyone taking the class will also get a free 6 month personal license for both NetworkMiner Pro and CapLoader.

Scenario and Dataset

The dataset analyzed in the class has been created using REAL physical machines and a REAL internet connection. All traffic on the network is captured to PCAP files by a SecurityOnion sensor. The scenario includes events, such as:

• Web Defacement
• Man-on-the-Side (MOTS) attack (much like NSA/GCHQ's QUANTUM INSERT)
• Backdoor infection through trojanized software
• Spear phishing
• Use of a popular RAT (njRAT) for remote access and exfiltration
• Infection with real malware

Class attendees will learn to analyze captured network traffic from these events in order to:

• Investigate web server compromises and defacements
• Detect Man-on-the-Side attacks
• Identify covert backdoors
• Reassemble incoming emails and attachments
• Detect and decode RAT/backdoor traffic
• Detect malicious traffic without having to rely on blacklists, AV or third-party detection services

For more details about the training, please visit Netresec's or Troopers' training pages:
http://www.netresec.com/?page=Training
https://www.troopers.de/events/troopers16/576_network_forensics/

The Venue

The TROOPERS conference and training take place at the Print Media Academy in Heidelberg, Germany. For more info about travel and accommodation, please visit:
https://www.troopers.de/troopers16/travel/

Hope to see you at TROOPERS16 in Heidelberg, Germany!

Posted by Erik Hjelmvik on Tuesday, 15 December 2015 10:53:00 (UTC/GMT)

Tags: #Netresec​ #PCAP​ #Troopers​ #Network Forensics​ #Training​ #Class​ #NetworkMiner​ #CapLoader​

Two-day Network Forensics Class in Stockholm

We are running a two-day Network Forensics class in Stockholm on 15-16th of September.

Our class is held the days before the SEC-T conference, which is a great technical information security conference in Stockholm, and at the same venue (Nalen). Visitors can thereby plan 4 days of training and conferencing in Stockholm without having to transfer between hotels.

The Network Forensics class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

You can find more information about the class here:
http://www.netresec.com/?page=Training

Posted by Erik Hjelmvik on Wednesday, 03 June 2015 21:30:00 (UTC/GMT)

Tags: #Netresec​ #PCAP​ #NSM​ #Network Forensics​ #Class​ #Training​ #SEC-T​