Our June event was a big success with record attendance for our “Don’t jump the (wire)shark! - Wireshark Workshop. ISSA Chattanooga brought a DEFCON 27 workshop to your home. This workshop did what it promised! It took our attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis.
Our instructor, Mike Wylie began with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic were discussed in detail. Throughout the workshop, we examined what different attacks and malware look like in Wireshark.
A little about Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Our attendees got hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There were also plenty of labs to take home for additional practice for those who requested.
Our chapter event helped all attendees walk away with a better understanding of how to use Wireshark for Incident Response and Threat Hunting by learning:
How to collect network traffic
Wireshark best practices
How to build custom profiles
How to identify IOCs
How to optimize Wireshark to identify malicious network traffic
We have to brag on our instructor, Michael Wylie, MBA, CISSP. He is the Director of Cybersecurity Services at Richey May Technology Solutions and an ISSA chapter member of LA and Newport, CA.
Michael is responsible for delivering information assurance by means of vulnerability assessments, TPN vendor assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GPEN, GMON, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Follow Mike below:
Twitter: @TheMikeWylie
LinkedIn: https://linkedin.com/in/mwylie
We had a great event and are still talking about it!