[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Keynote Videos Now Available for Download

Day 1 Keynote: Bruce Schneier - Schneier on Security
Day 2 Keynote: Jeremiah Grossman - Hacks Happen

TECH TRAINING 3 - Structured Network Threat Analysis and Forensics

Filed under: Main Page — Administrator @ 11:05 am

Title: Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) & Lee Chin Sheng (geek00l)
Capacity: 20 pax
Seats left: 9
Duration: 2 days
Cost: (per pax) USD1499 (early bird) / USD1799 (non early-bird)



The weary analyst battles the Internet: portscans are coming at you left and right, worms are spreading like wildfire, servers are compromised and confidential data are lost and stolen. This is a familiar scene, one that could be detected, prevented and and if it has already happened, contained.

This a hands-on class that will teach you on how to detect, analyze, and perform incident response and handling. We will throw at you tons of packet capture files, and we will show you how to analyze them using Open Source tools. When we say analyze, we mean: looking for signs of attacks, determining the source and attack destination, and detecting targetted vulnerabilities. We will also show you how to build, deploy and manage NSM (Network Security Monitoring) architecture.

At the end of the two-day session, you should be able to

* Perform structured network traffic and threat analysis
* Build, deploy, and manage NSM architecture
* Collect evidence and perform network and server forensic
* Use Open Source tools for SNT/TA effectively
* Build a defensible network using NSM
* Know WHAT to do when given packet capture files

Whom this training is for

* Security analysts
* System administrators
* Anyone who is interested in building defensible networks
* Anyone who is interested in building NSM architecture


* Intermediate to advanced knowledge of TCP/IP
* Knowledge of Unix and Windows system
* Participants must bring their own laptop
* Participants must have administrative rights to install software programs on their laptop
* The laptop must have at least 4 Gb of free space, and with at least 512MB RAM
* VMWare images will be provided. VMWare-Player will also be provided, or participants can install it prior to the training.
* Choice of Operating System is optional (either Windows XP or Linux)

Day 1
Morning Session

- Introduction to FreeBSD + Network Security Monitoring & Network Based Forensics Centric liveCD - HeX
- Revision Of TCP/IP

Afternoon Session

- Tcpdump and the power of BPF Filter
- Network Security Monitoring - The Concepts
- Passive Network Monitoring Instrumentation

Day 2
Morning Session

- NSM Data Collection Techniques
- Practical NSM Data Analysis Techniques(First Part)

Afternoon Session

- Practical NSM Data Analysis Techniques(Second Part)
- Practical Network Based Forensics
- Putting It All Together

About Meling Mudin

Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian government’s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.

About Lee Chin Sheng

C.S.Lee has been working in cyber security industry for the recent 3 years, he was previously CEH trainer and adapting in wireless hacking and pentesting. However he starts to adapt to the art of detecion while fascinated by the framework of Network Security Monitoring(NSM). He is NSM practitioner who believes in using Open Source Power Tool to complete his task. On and on he writes how to decode and performing packet analysis in his blog. He is currently working in Exabytes as System Engineer and involving in vulnerability assessment, network incident handling and response as well as network forensic.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Event Partner



Supported & Endorsed By

UAE Telecommunications Regulatory Authority (TRA)

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)


Gold Sponsors


Microsoft Corporation

Official Media Partner (Magazine)

Network Middle East

Arabian Computer News

ITP Business

Official Airline Partner

Emirates Airlines

Our Speakers are Supported By

Bellua Asia Pacific

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

ISACA Malaysia

IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security

Special Interest Group in Security & Information InteGrity Singapore