Getting Your Hands Dirty: Understanding & Hunting Down Malware Attacks in Your Network

May 27th and 28th

Course Abstract

This hands-on training teaches the essential know-how of malware traffic analysis: the experience and knowledge of understanding malware behaviors on the network. The core of the training is not about the tools, but the experience transmitted and gained by students. Students should leave with the knowledge to recognize malicious actions of malware in the network.

Our training platform and diverse exercises aim to teach students an analysis methodology to recognize malicious connections, distinguish normal from malicious behaviors, and deal with large amounts of traffic. Specifically, how the malware hides, how to hunt it down, to analyze traffic patterns, and to discard false positives connections. Students will execute their own malware, exploit active services, capture the traffic, and analyze it. This edition focuses on giving students knowledge of machine learning, SIEM analysis, modern malware attacks.


Day 1

  • Introduction to the Training
  • Module 1 - Networking and Security
  • Module 2 - Fundamentals on Tools and Analysis Methodology
  • Module 3 - Threat Intelligence For Malware Traffic Analysis
  • Module 4 - Detecting High-Risk Malware Attack and Ransomware
  • Module 5 - Real-Time Exploit Attacks on the Network

Day 2

  • Module 6 - Network Flows, Uninformed Decisions with Good Inference
  • Module 7 - Threat Hunting on a SIEM
  • Module 8 - Machine Learning to Detect Advanced Attacks
  • Module 9 - Executing Malware to Understand How to Detect it

Who Should Attend

This course is ideal for those in charge of their organization’s network security, and they need to know how, when, and who is attacking them. This training is for those who want to take their network traffic analysis skills to the next level and learn to identify and recognize normal and malicious behaviors on the network to better protect their organizations. Specifically, this training is designed to help network operators, network analysts, network administrators, threat hunters, red and blue teams.

What You Need

Laptop + Power cord, Tools installed: Wireshark, tcpdump.


Veronica Valeros , Czech Technical University

Veronica is a researcher and intelligence analyst from Argentina. Her research strongly focuses on helping people. A jack of all trades, she currently specializes in threat intelligence, malware traffic analysis, and data analysis. She has presented her research at international conferences such as BlackHat, EkoParty, Botconf, Virus Bulletin, Deepsec, and others. She is the co-founder of the MatesLab hackerspace based in Argentina and co-founder of the Independent Fund for Women in Tech. She is currently the director of the Civilsphere project at the Czech Technical University, dedicated to protecting civil organizations and individuals from targeted attacks. She's also the project leader at the Stratosphere Laboratory, a research group in the Czech Technical University dedicated to study and research in cybersecurity and machine learning.

Sebastian Garcia , Czech Technical University

Sebastian is a malware researcher and security teacher with extensive machine learning experience applied to network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace, he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra), and biohacking.

Return to training sessions