Matt Posted July 13, 2013 Report Share Posted July 13, 2013 1.WIRESHARK NETWORK FORENSICSDescription This session was recorded at Sharkfest 2013, UC Berkeley, CA Join Laura Chappell in this session as she examines a slew of malicious traffic, customizes Wireshark to detect these problems faster, and extracts relevant information using command-line tools. You'll learn how Wireshark can be used as network forensic software and how it helped detect various successful/unsuccessful breaches in a recent project. Laura Chappell is the founder of Chappell University and the co-founder of Wireshark University with Gerald Combs. Long-time, well-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms. Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer product. She has worked with numerous analyzer products since then but, in 1999, decided to focus her analysis time working exclusively with the open source Ethereal (now known as Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network Analyst Program and manages the Wireshark University Authorized Training Partner Program and the Wireshark University Authorized Instructor Program. 2.USERS ASK THE EXPERTSDescriptionCome to this session if you want the chance to experience a lively exchange of information between the Wireshark developer and user communities. Moderated by long-time Wireshark User and Enthusiast Chris Bidwell, you will have the opportunity to ask questions of Gerald Combs, the creator of the Ethereal and Wireshark open source projects, and core developers actively engaged in the product and help influence the development direction of the Wireshark project. Chris Bidwell is a Network Engineer for an IT services company in the UK implementing low-latency IT systems for use in investment management. Chris is also a veteran Wireshark user and lively advocate for the open source project. 3.UNDERSTANDING ENCRYPTION SERVICES USING WIRESHARKDescriptionThis session was delivered at Sharkfest 2013 - UC Berkeley, CA Many people equate cryptography with confidentiality, but today we use cryptographic algorithms to validate authenticity, integrity and non-repudiation of information as well. In this session Larry will use Wireshark to sniff a number of SSL handshakes, using different browsers, to explain how algorithms are negotiated and keys exchanged. The hardest part about encryption, key management will also be discussed including a description of PKI standards, using Wireshark to illustrate certificate signing and revocation using both Certificate Revocation Lists (CRL) and the Online Certificate Status Protocol (OCSP). Larry started his IT career in 1984 as a technician for MicroAge, cutting his teeth on IBM PC-based networks and Netware 86. After four years in the 90s working for CGI/IBM as a senior network consultant designing and supporting IPX, SNA and TCP/IP-based network solutions, Larry founded InterNetwork Defense, an information security training and consulting company, where he currently teaches CEH, CISM and CISSP training classes. Larry is also the co-author of the cryptography section for the CEH official study guide. 4. ATTACK TRENDS AND TECHNIQUESDescriptionThis session was recorded at Sharkfest 2013 - UC Berkeley, CA The bad guys just keep getting better! They're constantly changing their tactics and inventing new techniques to cause you harm, damage your data, and make your resources unavailable. Why do they do this? What motivates someone to—let's call it what it is—commit computer-related crimes? How have they changed and improved? What kinds of attacks are popular now and why are they so effective? What might we expect to see in the future? We'll help you understand the latest in attacker trends and techniques, so that you can plan appropriately and implement effective processes and technologies to mitigate threats. Steve Riley is a Technical Director in the Office of the CTO at Riverbed Technology. His specialties include the performance and security aspects of enterprise and cloud computing. Steve has a long career of public speaking, having participated in hundreds of events around the world. He is co-author of Protect Your Windows Network, contributed a chapter to Auditing Cloud Computing, has published numerous articles, and conducted technical reviews of several data networking and telecommunications books. At Riverbed, Steve concentrates on high-performance architectures that span multiple clouds, public and private; advises field teams and customers about secure deployments; and contemplates the future of networking. Before Steve joined Riverbed, he was the cloud security strategist at Amazon Web Services and a security consultant and advisor at Microsoft; in both capacities, he developed patterns and practices for secure deployments and operations. Steve is a member of the Kubuntu Team (which maintains Ubuntu's KDE-flavored distribution) and is a global moderator of its community forum. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture. 5.TRACE FILE SANITIZATIONDescriptionThis session was recorded at Sharkfest 2013 - UC Berkeley, CAPCAPng is the new default capture file format, and it comes with new challenges when trying to remove sensitive information. Most tools do not support the format yet, and converting pcapng files to pcap to do it isn't helping either. We will take a look at the tools available and compare their functionality. 6.Inside the TCP HandshakeDescriptionAll TCP streams begin with the handshake, yet so often its power to determine fault in low throughput, connection failures, and hideous user experience streams is unrecognized. If you can capture the handshake in Wireshark, troubleshooting time is greatly minimized. This session will cover the handshakes from the single required option to the complex option combinations, and how they affect the subsequent conversation. Both live capturing and trace files will be used in the session so bring your laptops! 7.Keynote: Musings Of An Early NetworkerDescriptionAt Sharkfest 2013, Mr. Seifert discussed in his keynote session the original DEC-Intel-Xerox Ethernet development and the evolution of network standards over the past 30 years. From early battles between Ring, Star, and Bus topologies through the market war among Ethernet, Token Ring, and ATM, he provides insight into why some technologies succeed and others fail. As a test of that insight, he revisits his 2001 proclamation of "Stupid Network Ideas" to see where he was right and where he wasn't. Recorded at Sharkfest 2013, UC Berkeley, CA. 8.Deep Dive Packet Analysis Session 1 Quote Link to comment Share on other sites More sharing options...
