Ladislav Bačo returned on March 11 for the second part of his Homelab Network Security with Suricata. While in the first part he focused on setting up Suricata in small labs and home offices (aka SOHO) environments, in this session the focus was a deeper dive on malware analysis and incident response, using the same small office setup.
Ladislav covered the Incident Response Lifecycle; did a live demo of an attack through email and an infected PDF file; and went over the attack and malware analysis using Suricata and OpenObserve, with his AtomIDS and CyberChef. He highlighted the importance of Analytical Pivoting to get a bigger picture of the attack scenario, using this to also showcase how one can find coverage blind spots, for instance.
After showing an assortment of techniques and tools to understand the traffic and Suricata alerts and events seen, Bačo wrapped-up the webinar sharing how one could use detailed snapshots of the traffic between source and destination in a TLS connection to get an idea of the type of communication that is happening – for instance, a CnC/ C2 attack.
This was a very interesting webinar to follow, and honestly felt like a super condensed version of what we see in depth during the Intrusion Analysis and Threat Hunting with Suricata pre-SuriCon training sessions that we have. So, if you are interested in this sort of content and want to boost your learning, check out the 2-days pre-conference trainings that we have for next SuriCon: https://suricon.net/trainings/
Ladislav Bačo has a lot of knowledge to share! If you missed it, watch the full webinar: https://youtu.be/2HCqfOZuMJU?si=gsXicNtRBScyKKqN and get the slides.
Want more webinars? Visit our webinar’s archive page: https://suricata.io/webinars/
Thanks for being with us, and don’t miss our April Suricata webinar, with Peter Manev: DNS did it!
The post Incident Response and Network Monitoring with Suricata: a webinar with Ladislav Bačo appeared first on Suricata.
