Analysing Malicious HTTP Traffic from a PCAP null Pune Meet 07 May 2016 Monthly
Abstract
In this talk, we'll take a PCAP file containing traffic from an exploit kit infection and then will try to analyse the traffic and see how the victim was exploited. This will be mostly a hands-on session. The tools that we'll mainly use are Wireshark and CapTipper. Attendees can come with these tools installed if they want to follow along. Additionally, we might also use Security Onion distro.
Speaker
Rahul (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Blackhat Arsenal, Nullcon, PHDays, Seasides, c0c0n, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.
Timing
Starts at Saturday May 07 2016, 10:45 AM. The sessions runs for 40 minutes.