Different types of incident response investigations lend themselves to network-based analysis to different degrees. This course consists of a series of demonstrations where analysis of network traffic is used to infer information about different types of malware, including remote access Trojans (RATs), fileless malware, network worms and multi-stage infections.
Remote Access Trojan (RAT) DemoDuration: 13:23
Demonstration of the analysis of a Remote Access Trojan's command-and-control traffic.
Fileless Malware DemoDuration: 16:07
Demonstration of the analysis of fileless malware using a traffic capture.
Network Worm DemoDuration: 14:03
Demonstration of how a network worm looks in a traffic capture.
Multi-Stage Malware DemoDuration: 22:41
Demonstration of analysis of a multi-stage malware infection based on a traffic capture.
Meet the author
Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at email@example.com or via his website at https://www.howardposton.com.
You're in good company
"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had."
"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."
"I’ve taken five boot camps with Infosec and all my instructors have been great."