Title: Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) & Lee Chin Sheng (geek00l)
Capacity: 25 pax
Seats left: CLASS IS FULL
Duration: 2 days
Cost: (per pax) MYR3299 (early bird) / MYR3899 (non early-bird)

Content:

The weary analyst battles the Internet: portscans are coming at you left and right, worms are spreading like wildfire, servers are compromised and confidential data are lost and stolen. This is a familiar scene, one that could be detected, prevented and and if it has already happened, contained.

This a hands-on class that will teach you on how to detect, analyze, and perform incident response and handling. We will throw at you tons of packet capture files, and we will show you how to analyze them using Open Source tools. When we say analyze, we mean: looking for signs of attacks, determining the source and attack destination, and detecting targetted vulnerabilities. We will also show you how to build, deploy and manage NSM (Network Security Monitoring) architecture.

At the end of the two-day session, you should be able to

* Perform structured network traffic and threat analysis
* Build, deploy, and manage NSM architecture
* Collect evidence and perform network and server forensic
* Use Open Source tools for SNT/TA effectively
* Build a defensible network using NSM
* Know WHAT to do when given packet capture files

Whom this training is for

* Security analysts
* System administrators
* Anyone who is interested in building defensible networks
* Anyone who is interested in building NSM architecture

Prerequisites

* Intermediate to advanced knowledge of TCP/IP
* Knowledge of Unix and Windows system
* Participants must bring their own laptop
* Participants must have administrative rights to install software programs on their laptop
* The laptop must have at least 4 Gb of free space, and with at least 512MB RAM
* VMWare images will be provided. VMWare-Player will also be provided, or participants can install it prior to the training.
* Choice of Operating System is optional (either Windows XP or Linux)

Day 1
Morning Session

- Introduction to FreeBSD + Network Security Monitoring & Network Based Forensics Centric liveCD - HeX
- Revision Of TCP/IP

Afternoon Session

- Tcpdump and the power of BPF Filter
- Network Security Monitoring - The Concepts
- Passive Network Monitoring Instrumentation

Day 2
Morning Session

- NSM Data Collection Techniques
- Practical NSM Data Analysis Techniques(First Part)

Afternoon Session

- Practical NSM Data Analysis Techniques(Second Part)
- Practical Network Based Forensics
- Putting It All Together

About Meling Mudin

Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian government’s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.

About Lee Chin Sheng

C.S.Lee is the Founder and CEO of DefCraft - a network security consultancy based in Malaysia. Lee has been in the network security industry for the past 6 years and was previously CEH trainer on wireless hacking and pentesting. Recently his focus has been one the art of detection and network Security Monitoring (NSM) concepts. He is an NSM practitioner who believes in using Open Source tools to complete his task. He has writen papers on dissecting and perform packet analysis and has been involved in projects involving vulnerability assessment, network incident handling and response as well as network based forensics.