[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

TECH TRAINING 6 - Structured Network Threat Analysis and Forensics

Filed under: Main Page — Administrator @ 11:05 am

April 26, 2006

Title: Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) & Lee Chin Sheng (geek00l)
Capacity: 24 pax
Seats left: CLASS IS FULL
Duration: 2 days
Cost: (per pax) RM2400 (early bird) / RM2800 (non early-bird)



The weary analyst battles the Internet: portscans are coming at you left and right, worms are spreading like wildfire, servers are compromised and confidential data are lost and stolen. This is a familiar scene, one that could be detected, prevented and and if it has already happened, contained.

This a hands-on class that will teach you on how to detect, analyze, and perform incident response and handling. We will throw at you tons of packet capture files, and we will show you how to analyze them using Open Source tools. When we say analyze, we mean: looking for signs of attacks, determining the source and attack destination, and detecting targetted vulnerabilities. We will also show you how to build, deploy and manage NSM (Network Security Monitoring) architecture.

— At the end of the two-day session, you should be able to

* Perform structured network traffic and threat analysis
* Build, deploy, and manage NSM architecture
* Collect evidence and perform network and server forensic
* Use Open Source tools for SNT/TA effectively
* Build a defensible network using NSM
* Know WHAT to do when given packet capture files

— Whom this training is for

* Security analysts
* System administrators
* Anyone who is interested in building defensible networks
* Anyone who is interested in building NSM architecture

— Prerequisites

* Intermediate to advanced knowledge of TCP/IP
* Knowledge of Unix and Windows system
* Participants must bring their own laptop
* Participants must have administrative rights to install software programs on their laptop
* The laptop must have at least 4 Gb of free space, and with at least 512MB RAM
* VMWare images will be provided. VMWare-Player will also be provided, or participants can install it prior to the training.
* Choice of Operating System is optional (either Windows XP or Linux)

About Meling Mudin

Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian government’s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.

About Lee Chin Shing

C.S.Lee has been working in cyber security industry for the recent 2.5 years, he was previously CEH trainer and adapting in wireless hacking and pentesting. However he starts to adapt to the art of detecion while fascinated by the framework of Network Security Monitoring(NSM). He is NSM practitioner who believes in using Open Source Power Tool to complete his task. On and on he writes how to decode and performing packet analysis in his blog. He is currently working in Exabytes as System Engineer and involving in vulnerability assessment, network incident handling and response as well as network forensic.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore