NETRESEC Network Security Blog - Tag : Training

rss Google News

Network Forensics Classes for EU and US

We have now scheduled two new live online classes, one in September and one in October. The September class is adapted to European time and the October one is adapted to American time. The contents are exactly the same in both classes.

PCAP in the mornining

The training is split into four interactive morning sessions (4 hours each), so that you have the afternoon free to either practice what you learned in class or do your “normal” day job. The number of attendees will be limited in order to enable attendees to ask questions or even cover short ad-hoc side tracks. We plan to accept something like 10 to 15 attendees per class. The class registration will be closed once we reach this attendee limit.

  • 🇪🇺 September 20-23, 2021. Live Online Training "PCAP in the Morning EU"
    ⏲️ Time: 8:30 AM to 12:30 PM CET (Central European Time)
    💸 Price: € 820 EUR per student (€ 738 EUR if registering before August 20)
  • 🇺🇸 October 25-28, 2021. Live Online Training "PCAP in the Morning US"
    ⏲️ Time: 9:00 AM to 1:00 PM EDT (US Eastern Daylight Time)
    💸 Price: $1,000 USD per student ($900 USD if registering before September 25)

We will be analyzing a unique 30GB PCAP data set captured during June 2020 on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!

See our training page for more info about the “PCAP in the Morning” classes.

To sign up for a class, simply send an email to sales@netresec.com with the class dates, your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration.

Hope to see you there!

Erik H

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Posted by Erik Hjelmvik on Monday, 07 June 2021 09:55:00 (UTC/GMT)

Tags: #Netresec #PCAP #Training #Network Forensics #Class

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=216851d


Live Online Training - PCAP in the Morning

Would you like to spend four mornings in May analyzing capture files together with me?

I love the smell of PCAP in the Morning

I have now scheduled a live online network forensics training called “PCAP in the Morning” that will run on May 3-6 (Monday to Thursday) between 8:30 AM and 12:30 PM EDT (US Eastern Daylight Time). We will be analyzing a unique 30GB PCAP data set captured during June 2020 on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices. As you’ve probably guessed, the capture files contain traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!

See our training page for more info about the “PCAP in the Morning” training.

To sign up for my “PCAP in the Morning” class, simply send an email to sales@netresec.com with your name and invoice address. We will then send you a PayPal payment link that you can use to complete your training registration. The training costs $950 USD per participant, for which you will also get a six month single user license for NetworkMiner Professional and CapLoader.

Hope to see you there!

Erik H

Cheers,
Erik Hjelmvik
Creator of NetworkMiner and founder of Netresec

Update June 7, 2021

We have now scheduled two new training events adapted for students in different time zones.

  • September 20-23, 2021. Live Online Training "PCAP in the Morning EU" (🇪🇺)
  • October 25-28, 2021. Live Online Training "PCAP in the Morning US" (🇺🇸)

More information about the network forensics classes can be found on our training page.

Posted by Erik Hjelmvik on Friday, 19 March 2021 14:03:00 (UTC/GMT)

Tags: #Netresec #PCAP #Training #Network Forensics

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=21300ef


Network Forensics Training at TROOPERS 2017

Troopers logo with Network Forensics Training

I will come back to the awesome TROOPERS conference in Germany this spring to teach my two-day network forensics class on March 20-21.

The training will touch upon topics relevant for law enforcement as well as incident response, such as investigating a defacement, finding backdoors and dealing with a machine infected with real malware. We will also be carving lots of files, emails and other artifacts from the PCAP dataset as well as perform Rinse-Repeat Intrusion Detection in order to detect covert malicious traffic.

Day 1 - March 20, 2017

The first training day will focus on open source tools that can be used for doing network forensics. We will be using the Security Onion linux distro for this part, since it contains pretty much all the open source tools you need in order to do network forensics.

Day 2 - March 21, 2017

We will spend the second day mainly using NetworkMiner Professional and CapLoader, i.e. the commercial tools from Netresec. Each student will be provided with a free 6 month license for the latest version of NetworkMiner Professional (see our recent release of version 2.1) and CapLoader. This is a unique chance to learn all the great features of these tools directly from the guy who develops them (me!).

NetworkMiner   CapLoader

The Venue

The Troopers conference and training will be held at the Print Media Academy (PMA) in Heidelberg, Germany.

PMA Early Morning by Alex Hauk
Print Media Academy, image credit: Alex Hauk

Keeping the class small

The number of seats in the training will be limited in order to provide a high-quality interactive training. However, keep in mind that this means that the we might run out of seats for the network forensics class!

I would like to recommend those who wanna take the training to also attend the Troopers conference on March 22-24. The conference will have some great talks, like these ones:

However, my greatest takeaway from last year's Troopers was the awesome hallway track, i.e. all the great conversations I had with all the smart people who came to Troopers.

Please note that the tickets to the Troopers conference are also limited, and they seem to sell out quite early each year. So if you are planning to attend the network forensics training, then I recommend that you buy an “All Inclusive” ticket, which includes a two-day training and a conference ticket.

You can read more about the network forensics training at the Troopers website.

UPDATE 2017-02-15

The network forensics training at Troopers is now sold out. However, there are still free seats available in our network forensics class at 44CON in London in September.

Posted by Erik Hjelmvik on Tuesday, 24 January 2017 07:20:00 (UTC/GMT)

Tags: #Netresec #Network Forensics #Troopers #NetworkMiner #CapLoader #Training #Security Onion

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=171628b


Network Forensics Training at TROOPERS

Troopers logo with Network Forensics Training

I'm happy to announce that I will teach a two-day Network Forensics class at the upcoming Troopers conference in March! The first day of training (March 14) will cover how to use open source tools to analyze intrusions and malware in captured network traffic. On day two (March 15) I will show attendees some tips and tricks for how to use software developed by us at Netresec, i.e. NetworkMiner Professional and CapLoader. This training is a rare opportunity to learn how to use this software directly from the main developer (me). Everyone taking the class will also get a free 6 month personal license for both NetworkMiner Pro and CapLoader.


Scenario and Dataset

The dataset analyzed in the class has been created using REAL physical machines and a REAL internet connection. All traffic on the network is captured to PCAP files by a SecurityOnion sensor. The scenario includes events, such as:

  • Web Defacement
  • Man-on-the-Side (MOTS) attack (much like NSA/GCHQ's QUANTUM INSERT)
  • Backdoor infection through trojanized software
  • Spear phishing
  • Use of a popular RAT (njRAT) for remote access and exfiltration
  • Infection with real malware

Class attendees will learn to analyze captured network traffic from these events in order to:

  • Investigate web server compromises and defacements
  • Detect Man-on-the-Side attacks
  • Identify covert backdoors
  • Reassemble incoming emails and attachments
  • Detect and decode RAT/backdoor traffic
  • Detect malicious traffic without having to rely on blacklists, AV or third-party detection services

Training Room
Training room at TROOPERS'15

For more details about the training, please visit Netresec's or Troopers' training pages:
http://www.netresec.com/?page=Training
https://www.troopers.de/events/troopers16/576_network_forensics/

 Print Media Academy in Heidelberg

The Venue

The TROOPERS conference and training take place at the Print Media Academy in Heidelberg, Germany. For more info about travel and accommodation, please visit:
https://www.troopers.de/troopers16/travel/

Hope to see you at TROOPERS16 in Heidelberg, Germany!


Posted by Erik Hjelmvik on Tuesday, 15 December 2015 10:53:00 (UTC/GMT)

Tags: #Netresec #PCAP #Troopers #Network Forensics #Training #Class #NetworkMiner #CapLoader

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=15C5EC9


Two-day Network Forensics Class in Stockholm

Network Forensics Training in Stockholm

We are running a two-day Network Forensics class in Stockholm on 15-16th of September.

SEC-T.org logo Our class is held the days before the SEC-T conference, which is a great technical information security conference in Stockholm, and at the same venue (Nalen). Visitors can thereby plan 4 days of training and conferencing in Stockholm without having to transfer between hotels.

The Network Forensics class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

You can find more information about the class here:
http://www.netresec.com/?page=Training

Posted by Erik Hjelmvik on Wednesday, 03 June 2015 21:30:00 (UTC/GMT)

Tags: #Netresec #PCAP #NSM #Network Forensics #Class #Training #SEC-T

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=156A65B

twitter

NETRESEC on Twitter

Follow @netresec on twitter:
» twitter.com/netresec


book

Recommended Books

» The Practice of Network Security Monitoring, Richard Bejtlich (2013)

» Applied Network Security Monitoring, Chris Sanders and Jason Smith (2013)

» Network Forensics, Sherri Davidoff and Jonathan Ham (2012)

» The Tao of Network Security Monitoring, Richard Bejtlich (2004)

» Practical Packet Analysis, Chris Sanders (2017)

» Windows Forensic Analysis, Harlan Carvey (2009)

» TCP/IP Illustrated, Volume 1, Kevin Fall and Richard Stevens (2011)

» Industrial Network Security, Eric D. Knapp and Joel Langill (2014)