»Getting Your Hands Dirty: How to Analyze the Behavior of Malware Traffic and Web Connections«
2018-10-17, 13:30–17:30, Echternach - Diekirch

Being able to analyze and understand the dynamic behavior of malware is becoming more and more important. Network traffic analysis has become a more and more important, as it allow analysts to understand what really happened in the network level, but also to understand the attackers intentions. This workshop is not focused on the tools, but in gaining experience through the analysis of real malware traffic captures.

Nowadays there are a lot of tools to analyze traffic, but the most important thing to have is the experience and knowledge of a malware analyst. The goal of the workshop is to give a hands-on experience on analyzing the behavior of malware and botnet traffic in the network by studying their web patterns and their traffic behavior. The workshop will use both pcap files of real malware captures and real normal captures. Participants will learn a proven approach on how to do their traffic analysis, how to recognize malicious connections, how to separate normal behaviors from malicious behaviors, how to recognize anomalous patterns and how to deal with large amounts of traffic. Analyzing only malware traffic may not be so complicated for some people, but accurately separating it from normal traffic is harder.

The most important lesson of the workshop is not about how to use wireshark or tcpdump. The goal is to transmit the experience of recognizing the malicious actions of malware in the network. Specifically how malware hides, how to recognize the encryptions, how to analyze the web patterns and how to discard false connections. The participants should leave with a good knowledge about how to do an overall analysis picture of the traffic to recognize if there are malicious behaviors on it.

Brief Outline of the Workshop 1. Introduction (30’) 2. How network protocols work. A baseline reminder (10’) 3. The experience of analizing malware and normal (150’) 3.1. Basic tools 3.2. Real life practice through 6-10 exercises 4. Working with Large Files: Flows and Behaviors (20’) 5. Wrap up and take aways