Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past 10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.

CRESTCon & IISP Congress 2017

44CON is exhibiting at CRESTCon & IISP Congress on 19th April at the Royal College of Surgeons in London. Tickets are available now – www.crestandiisp.com.

CRESTCon & IISP Congress 2017 focuses on cyber security threats, vulnerabilities and industry challenges.

Now in its 5th year, CRESTCon & IISP Congress is a unique event that brings together over 400 leading technical and business information security professionals with a choice of three conference streams along with an exhibition, demo area and research library. The event is run by not-for-profit organisations CREST, which represents the technical information security industry, and the Institute of Information Security Professionals, the leading accreditation body and industry authority.

CRESTCon & IISP Congress in April will feature keynote presentations from a senior NCSC spokesperson and Tarah Wheeler, website security czar at Symantec. Other presentations across the event’s three speaker tracks put the spotlight on topics ranging from how an organisation’s email can be turned against it, protecting wearable technology and cognitive security, through to detecting and bypassing sandboxes, blockchain, and the future of malware.

Stream 1 delivers presentations that are technical in nature and related to penetration testing, incident response or threat intelligence. Stream 2 will look at the cyber security landscape and attempt to predict changes over the next decade, while stream 3 is all about working together to build and enhance cyber skills.

If you’re attending, make sure you stop by and say hello to Emma & Steve.

44CON 2017 Sponsorship Opportunities Available

44CON 2017, now in its seventh successful year, is recognised as a “must-attend” conference for security professionals. Offering unparalleled networking, cutting-edge presentations and thought leadership across the information security arena, we aim to ensure attendees have a great time. This year we had over 400 people attend, that added with speakers from across the world delivering awesome talks on relevant and up to date topics makes 44CON one of the UK’s premier conferences.

44CON 2017 will take place from the 13th – 15th September 2017 at the ILEC Conference Centre, London. There will also be a number of training courses taking place before 44CON 2017. If you have a training proposal you wish us to consider, please email emma@44con.com for more information.

If you wish to become one of our awesome sponsors, then please take a look at our 44CON 2017 sponsor pack. If you have any questions or want to discuss any of the opportunities further please email sponsorops@44con.com

44CON at DeepSec 2016

We are delighted to announce that we will once again be attending DeepSec this year! DeepSec will take place at The Imperial Riding School Vienna on the 10th & 11th November and, once again, they have some great talks – check them out for yourself.

This year we will be running an exclusive survey for DeepSec attendees. So for your chance to WIN a ticket to 44CON 2017 make sure you pick up a flyer or visit the crew in our blue t-shirts for more details.

We look forward to seeing many of you there.

Getting Started With Your HIDIOT Badge

Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.

Thanks to Akos Rajtmar for the HIDIOT assembly video above

If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.

If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.

But what is a HIDIOT 0.7? And how do you make it do something other than blink? Continue reading “Getting Started With Your HIDIOT Badge” →

44CON Community Evening

The 44CON community evening is back again this year and it’s FREE to attend and will be taking place on Wednesday 14th September from 6:30pm (registration from 6pm).

We have some great talks, workshops & networking opportunities – Yes the big red bus is back and this year the bar is being sponsored by Amazon! So make sure you stop by to say hello and grab a drink.

If you can’t make it to the full event but still want to be part of 44CON the community evening is the perfect opportunity. If you have purchased your ticket for 44CON, it includes entry to Wednesday evening, all you need to do is turn up. If you can only attend the Wednesday evening then you will need to register here.

We look forward to seeing many of you soon!

CTF

This year we are delighted to announce that the Ministry of Justice will be running the CTF and they have some great challenges in store for you! Make sure you stop by and see them.

Prison break – Season 6 coming soon!

Do you have what it takes to break into prison?

This year the 44CON CTF is being hosted by the Ministry of Justice. Your challenge is to release your friend by “breaking in” to prison through a series of networking, web, infrastructure and other challenges.

We will host up to 20 teams of up to 5 people so, if you’re new, grab someone, team up or go solo to win a drone kit!

Our platform is over IRC to make this accessible to as many hackers as possible. This is where you submit flags and unlock rooms. Each team will have their own virtual environment so you can use whichever tools you want but, remember, you can only bring your machine down if you play unfair. No DoSing us or other teams!

Are you ready for the challenge?

Speakers and ISSA-UK

ISSA-UK Our CFP panel has been hard at work and speakers’ acceptance letters for 44CON 2016 were sent yesterday. Check our twitter feed and see speakers’ reactions before we make a full announcement shortly.

Emma and Nathalie will be at ISSA-UK’s Security in the Spotlight Training Day Onboard HQS Wellington on Wednesday 13th July. Come and say hello and get a discount code for 44CON 2016!

44CON 2016 CFP is open

44CON 2016 CFP is now open! There are only a few weeks left before it closes so if you have something awesome you wish to share with us please visit our CFP website to enter your submissions.

Good luck!

44CON 2016 Early Bird Tickets on Sale Now!

We here at 44CON are delighted to announce that Early Bird tickets for this year’s 44CON 2016 are on sale now!

44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol.

Early Bird tickets are limited so make sure you visit our shop today!