Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past 10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.

Tickets for 44CON 2016 are on sale

44CON 2016 tickets are now on sale in our shop go and get yours now!

We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol.

Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

Dawid Czagan’s training course is still going ahead

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

Do check it out!

Training course at 44CON Cyber Security 2016

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

Do check it out!