Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Forensics Backwards and Forwards

888 views

Published on

When you suspect an attack, you need to answer the questions who, what, when and how - fast. Network forensics is the answer. In this webinar, you'll learn from our special guest, Keatron Evans, how network forensics—network traffic recording along with powerful search and analysis tools—can enable your in–house security team to track down, verify, and characterize attacks. Keatron will walk you through a few real-world security breach scenarios and demonstrate live best practices for attack analysis using network forensics to find the proof you need quickly to take action.

Special Guest: Keatron Evans:
Keatron, one of the two lead authors of "Chained Exploits: Advanced Hacking Attacks From Start to Finish", is regularly engaged in training and consulting for members of the United States intelligence community, military, and federal law enforcement agencies. Keatron specializes in penetration testing, network forensics, and malware analysis. Keatron serves as Senior Security Researcher and Principle of Blink Digital Security which performs penetration tests and forensics for government and corporations.

Published in: Technology
  • Be the first to comment

Network Forensics Backwards and Forwards

  1. 1. www.wildpackets.com© WildPackets, Inc. Forensics Backwards and Forwards with Omnipeek March 2015 Keatron Evans Security Researcher kevans@blinkdigitalsecurity.com @infoseckeatron
  2. 2. © WildPackets, Inc. 2 Agenda • The Bad Guys Are Winning • Security Attack Analysis with Network Forensics
  3. 3. © WildPackets, Inc. 3 How are we doing? • Ok, but not great… • Bad guys are getting more advanced and organized. • We keep doing the same things. • We’re defending against last years attacks. • They’ve moved on to newer and better.
  4. 4. © WildPackets, Inc. 4 The good! • FireEye, BlueCoat, and other advanced threat detection/prevention technology • Great for telling us something is wrong • Time gap from breach to notification is improving….slowly.
  5. 5. © WildPackets, Inc. 5 The Bad! • Most security teams are missing key skills and threat/attack knowledge. • Are often limited to whatever the expensive boxes can automate.
  6. 6. © WildPackets, Inc. 6 The bad! • Not only are they losing…. • They’re not even in the game. ‒Many security personnel have become spectators, watching the threat actors and their appliances do battle.
  7. 7. © WildPackets, Inc. 7 Network Forensics • Find needles in haystacks! Big haystacks… • Once the needles are found put “some” hay back to gain context (what, when, where, how). • Put together the pieces. • Operating Systems and Host based forensics tools can be made to lie (Anti-Forensics Techniques/Rootkits) • Packets always tell the truth
  8. 8. © WildPackets, Inc. 8 Timeline of Events • Something has happened! ‒ FireEye ‒ BlueCoat ‒ Cisco IDS/IPS • What has happened and where’s the evidence? ‒ Omnipeek and OmniPliances ‒ Custom Scripts • Let’s examine the evidence in detail and keep this from happening again. ‒ IDA Pro ‒ Malware Reverse Engineering ‒ File and Data Analysis
  9. 9. © WildPackets, Inc. 9 What I’ll demonstrate • Client Side Web Browser exploit • Covert Channel Attack • Then forensics on both using just packet data (pcaps) and Omnipeek.
  10. 10. © WildPackets, Inc. 10 Summary • We need to stop the “Bad Guys” from winning. ‒ Analyst and security professionals need to get back in the game! ‒ Ominpeek is a great bridge between the big data hardware/appliances and malware/attack tool reversing.

×