- Have basic understanding of TCP/IP and LAN/WAN operations.
- Security+ or equivalent background knowledge.
- Minimum of 12Gb free disk space (preferably an SSD).
- Minimum of 4Gb RAM (preferably 8Gb or more).
- The lab PCAP files contain malware samples and therefore a non-production / non-work computer is recommended. While the malware binaries are contained in the .pcap/.pcapng files, it is possible for attendees to extract the files onto their system. If attendees are concerned about the contents of the packet capture files, use the an isolated virtual machine.
- Wireshark: https://www.wireshark.org/download.html
- 7-Zip (used to decrypt the Lab files): https://www.7-zip.org/download.html
- Lab PCAPs (password: infected): https://wireshark-workshop.s3.us-west-2.amazonaws.com/Labs.zip
- GeoIP database: https://wireshark-workshop.s3-us-west-2.amazonaws.com/lab/GeoIP.zip
- Wireshark Profiles: https://github.com/themikewylie/wireshark/blob/main/Profiles.zip
- Slide deck: https://wireshark-workshop.s3.us-west-2.amazonaws.com/themikewylie-workshop-wireshark-DC29-4hr.pdf
Michael Wylie, MBA, CISSP is the Sr. Manager of a 24/7/365 global managed threat hunting team. Prior to his current role, he was the Director of Cybersecurity at a top 100 CPA firm where he built out the offensive/defensive security service practice. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Colleges, and for clients around the world. Michael is the winner of numerous SANS challenge coin and holds the following credentials: CISSP, CCNA R&S, GPEN, GMON, GCFE, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, CNVP, Microsoft Azure, and more.
- Web: https://themikewylie.com
- Twitter: @TheMikeWylie
- LinkedIn: https://linkedin.com/in/mwylie