Full Packet Capturing with TShark for Continuous Monitoring & Threat Intel via IP, Domains, & URLS

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=ikhKUylOJCw


Duration: 59:29
2,331 views
51

Living in a world in which you have to assume breach, makes the thought of detecting threats more antagonizing. Compounding this agony, is a world in which we have a global pandemic and the threat actors are looking to take advantage of one of humans' most recent calamities. Since threat actors do not take time off matters the season or pandemic, it is imperative, we as defenders, have solutions in place to quickly detect their activities.

Considering the preceding, this webcast will touch on why full packet capture is important. We will provide a Python consisting of two scripts you can use to make the analysis of your packets a bit easier.

Speaker Bio
Nik Alleyne
Nik has over 18 years in IT, with the last 10 being more focused on Security. He is currently employed as a Director Business Development, for a Managed Security Services Provider (MSSP), where he is responsible for leading multiple teams supporting various security technologies including IDS/IPS, Anti-Malware tools, proxies, firewalls, SIEM, Cloud, WAF, etc. He also works with local colleges through their co-op programs, to aid in the development of their cyber security students.

Nik is author of SANS course SEC582: Mastering TShark Packet Analysis. He is also a SANS Instructor, teaching both the SEC503: Intrusion Detection In-Depth & SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling. Additionally, he also authored the book "Learning By Practicing - Hack & Detect: Leveraging the Cyber Kill Chain for Practical Hacking and its Detection via Network Forensics" and during his free time actively writes on his blog at www.securitynik.com.



Other Videos By SANS Cyber Defense


2020-12-07Ransomware Defense and Response: Minimizing Risk of an Increasing Threat | SANS Cyber Defense Forum
2020-12-06Resolve Security Alerts with Adaptive Intelligence and Guided Response | SANS Cyber Defense Forum
2020-12-05And Then There Were None (More False Positives): Writing Better EDR Detections | Cyber Defense Forum
2020-12-03XDR - The Hidden Pitfalls of Evaluation and Deployment | SANS Cyber Defense Forum 2020
2020-12-01Metrics on Steroids: Improving SOC Maturity using the SOC-CMM | SANS Cyber Defense Forum 2020
2020-12-01Taking Your Detection Program to the Next Level | SANS Cyber Defense Forum 2020
2020-11-29Analysis 101 for Incident Responders | SANS Cyber Defense Forum 2020
2020-11-28Hiding in the clouds: How attackers can use applications for sustained persistence & how to find it
2020-11-27Asking Questions and Writing Effectively | SANS Cyber Defense Forum 2020
2020-11-25New Tools for your Threat Hunting Toolbox | SANS Cyber Defense Forum 2020
2020-11-16Full Packet Capturing with TShark for Continuous Monitoring & Threat Intel via IP, Domains, & URLS
2020-09-14PowerShell 2020: State of the Art / Hack / Infection
2020-07-30Social Engineering Your Way to Success | Justin Henderson & Ismael Valenzuela
2020-07-22Extending Your Home Lab to include Cloud
2020-07-17Danger Stewards – Measuring Risk and Predicting the Future for Fun and Profit
2020-07-17Network Compromise for the Technically Challenged (Dummies)
2020-07-17You Can Write an Infosec Book!
2020-07-17ICMP: A world beyond ping
2020-07-17CISSP Test-Taking Tactics: Successfully Navigating Adaptive Exams
2020-07-08Threat Intelligence: How to Focus Fire on the Bad Guys Coming for Your Network-SANS Blue Team Summit
2020-07-08DevBlue: Applying Software Engineering Practices to Blue Teaming for the Win! -SANS Blue Team Summit


Tags:
Nik Alleyne
SEC582
SANS Institute
blue team
blue team operations
mastering Tshark packet analysis
packet analysis
Tshark
SEC582 mastering Tshark packet analysis
continuous monitoring
packet threat intelligence