The CTU seminar on Malware Network Forensics
# Important news!: As of now (Wed Mar 2 13:01:55 CET 2016) I’m closing the inscription to the seminar because we run out of enough large class rooms. If you still want to come, send us an email anyway and you will be in a waiting list. Also we will inform you of other similar events in the future. Sorry and thanks!.
The Malware Nights is a new seminar about Malware and Network Security given by the Computer Science department of the CTU University. It is a four-day intensive seminar about deep network security, network forensics, web attacks and malware execution and analysis.
The goal of the seminar is to give students a deep understanding of network security and malware by experiencing four hands-on and totally practical classes. By the end of the seminar you should:
- Practically understand how the network works.
- Analyze do forensics analysis of network attacks.
- Understand and do web-based attacks like an attacker.
- Know how to execute real malware in a computer and analyze its traffic.
- Learn how to create better malware protections.
The seminar gives students the opportunity to start a Master Thesis on this topic.
How to get there
CVUT FEL Katedra Pocitacu, Karlovo náměstí 13 - please note the entry is through the building of CVUT FS (Fakulta Strojni) on Karlovo namesti and it is necessary to pass through the building to the yard and then to the building E. We will let the door open for the seminar, so you don’t have to have an entrance card. Also we will put flyers on the walls/floor to guide you. If you are lost, tweet me @eldracote
- Class 1 - 2016-03-10 18:00-21:00 - K1 (aka KN:E-107), CVUT FEL Katedra Pocitacu , Karlovo namesti 13
- Class 2 - 2016-03-17 18:00-21:00 - K9 (aka KN:E-301), CVUT FEL Katedra Pocitacu, Karlovo namesti 13
- Class 3 - 2016-03-24 18:00-21:00 - K9 (aka KN:E-301), CVUT FEL Katedra Pocitacu, Karlovo namesti 13
- Class 4 - 2016-03-31 18:00-21:00 - K1 (aka KN:E-107), CVUT FEL Katedra Pocitacu, Karlovo namesti 13
Who can attend?
The seminar is free to anyone interested in attending. In particular, but not exclusively, is designed for student of CTU University. So if you are interested in traffic analysis, attacks and malware you are welcome to join the seminar. Basic knowledge about Linux and networks is required. No need of prior knowledge on attacks or malware.
To register to the seminar you should send an email to firstname.lastname@example.org saying your name, if you are a student and why you want to attend.
It is highly recommended to subscribe yourself to our mailing list so you can ask questions and get answers. Please send an email to : email@example.com
It is mandatory that you have a personal notebook because the seminar is practical. It is not necessary to have Linux installed in your laptop because we will use the Bootable Linux Distribution Kali later.
Before going to the first class you should be sure that you have at least a way to run the Kali distribution in your computer. Be sure that you can do at least one of the following:
- Boot your computer with a USB pendrive and bring the pendrive (more than 4GB).
- You can run a Virtual Machine with Virtualbox (and then we will boot Kali there during the seminar).
- You can boot with a CD or DVD (and you should burn the Kali distribution your self before attending).
During the seminar we will boot and install Kali, don’t worry, but we should be sure you can boot it.
If you are eager to try something before attending, you can download Kali and boot your computer with it!
Topics in the Seminar
- How network protocols work. A reminder.
- Analysing network traffic, what to see.
- Basic tools: Wireshark, tcpdump, ngrep, etc.
- Security considerations of network traffic: outside the protocols.
- How does the security of network traffic impact us? Pros and cons.
- Port scanning, web crawling and attacks in the network. Can you recognize them?.
- Attacking each other and discovering the traffic.
- The forensics of Network Traffic.
- Motivations to study web attacks, case studies of real malware.
- How does HTTP and HTML work in principle.Looking at the big picture.
- How to do common attacks: SQL Injection, XSS, vulnerability exploiting, code injection and inclusion vulnerabilities.
- Doing the attacks and understanding their network fingerprint.
- Why malware need to attack web pages?
- Why attacking one web page is not the same as the web abuse of malware?
- Common protection solutions and tools.
- Network analysis of the attacks.
- The environment of malware execution. Techniques and ethics.
- What is malware? What is a Botnet?
- What does malware eat?
- Why to execute real malware?
- Downloading and selecting malware samples.
- Executing real malware and watching it work.
- Monitoring malware traffic and its execution.
- Basic Analysis of malware traffic.
- Recognizing the problems.
- Deep analysis of the malware traffic. The hidden patterns.
- Support information tools: flows, web logs, etc.
- Analysis of all the data in order to extract more information.
- Generating an analysis report.
- Identification of malware patterns and behavioral characteristics.
- Where can machine learning help?
- Detection ideas of malware patterns.
More Information About the Seminar
If you are interested in starting you Master Thesis in this topic we have a project called Stratosphere IPS Project where we research about how to detect malware in the network by analyzing its network patterns.