Finding elusive bad guys with NetWitness
Friday, 16th November 2012; 2pm-4pm.
This presentation and hands on lab will demonstrate the methodologies used by sophisticated adversaries to infiltrate and persist on target networks. We examine these tactics to reveal the evidence left behind by even the most skilful adversaries. Based on real world investigations an attack model is defined to help security analysts of all skill levels uncover even the most deceptive bad guys. After an initial presentation the group will take up the challenge of pulling apart network captures in order to find evidence of the phases of attacks found in real world "APT" network compromises. The methodology and knowledge gained from this session will help you uncover many more interesting finds in your own investigations and incident response.
Only fourteen Kiwicon attendees will be able to attend this afternoon of advanced persistent threat discovery!
To participate in the hands-on portion of the lab you’ll need:
- A laptop (with the ability to install software)
- A copy of the Netwitness Investigator (http://netwitness.com/products-services/investigator-freeware)
To sign up fill in the form below. The Crue will select the top fourteen people who provide the best reason for attending. Please don't register unless you're sure you can come, and you're going to turn up equipped and ready to go.
Registration this workshop has now finished.