Network Forensics for Incident Response

Event Dates: February 23-26, 2026
Time: 13:00 to 17:00 CET (7am to 11am EDT)
Location: Live Online
Cost: 920 EUR ($1,070 USD)

Description:

A hands-on network forensics course that allows you to deep dive into analyzing captured full content network traffic in PCAP files. The training data is a unique data set captured during 30 days on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices.

We will analyze traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!

Part 1 (4 hours)

  • Investigating spear phishing email with malware attachment
  • Reassembling exfiltrated data
  • Identifying C2 traffic in decrypted HTTPS traffic
  • Analyzing decrypted HTTPS traffic from a transparent TLS inspection proxy
  • Tracking lateral movement with stolen Windows credentials
  • Searching application layer data with Wireshark, tshark, tcpflow and ngrep

Part 2 (4 hours)

  • Threat Hunting with Security Onion
  • Leveraging passive DNS to track C2 domains
  • Decoding proprietary C2 traffic from a RAT
  • Extracting files from PCAP with NetworkMiner
  • Sandbox execution of malware and behavioral analysis
  • Supply chain attacks
  • Extracting files from SMB and SMB2 traffic
  • Analyzing exfiltration by an APT style attacker
  • Investigating a spear phishing attack with credential theft

Part 3 (4 hours)

  • Theory: HTTP Cookies
  • Analyzing Cobalt Strike beacons
  • Investigation of botnet infection (TrickBot)
  • Tracking botnet C2 traffic using JA3
  • Extracting and verifying X.509 certificates from network traffic

Part 4 (4 hours)

  • Learning about Man-on-the-Side (MOTS) attacks, such as NSA’s QUANTUMINSERT and HackingTeam’s “Network Injection”
  • Investigating a brute force attack on a web CMS
  • Analyzing exploitation of a web server
  • Tracking commands sent to web shells
  • Tracking lateral movement via Linux servers
  • Using JA3 and JA4 to track TLS encrypted malware traffic

Target Audience

The Network Forensics for Incident Response course is built for blue teams, incident responders and SOC analysts, but can also be relevant for law enforcement investigators. Students must be comfortable using linux command line tools and have a basic understanding of TCP/IP communications.

Event Details
Event Details
Event Tags
Related Events
You might also love these events.
Haunted Pumpkin OSINT CTF
October 31, 2025
November 1, 2025
6:00 pm
$0
Course 4 – Free IoT Training Courses for U.S. Based Law Enforcement Personnel
October 9, 2025
October 10, 2025
6:00 pm
$0
Course 3 – Free IoT Training Courses for U.S. Based Law Enforcement Personnel
October 6, 2025
October 7, 2025
6:00 pm
$0