Ismael Valenzuela, Principal Architect - McAfee Foundstone Services EMEA
BAYAS (Swahili word for 'badness' aka. malware of any kind, shape or form) continue to grow in number as script kiddies, hacktivists, organised crime and nation-state actors use them to deface websites, steal money, engage on cyber-warfare or "simply" to disrupt large businesses or nation-critical infrastructure.
However, malicious software don't exist in a vacuum; any piece of malware is designed to call-back home sooner or later: to download additional malware, to report back to a C&C server or to exfiltrate data. How can Incident Responders detect hidden malware on the network using open-source tools and what patterns do they need to look for? In my webinar, I will share lessons learnt from practical traffic analysis in the field (i.e. predominate communication protocols, current trends, etc.) and present some effective techniques used to filter suspicious connections and investigate network data for traces of malware using tools like Wireshark, Snort and Bro.
About the speaker:
Ismael Valenzuela 13 years years experience in IT security and currently works as Principal Architect at McAfee Foundstone Services in EMEA. Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also has experience teaching at BlackHat, serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks.
He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including. He is Lead Auditor from Bureau Veritas UK.
Some of his articles are freely available at http://blog.ismaelvalenzuela.com.
Mr. Valenzuela can be followed on twitter at @aboutsecurity