Track 3
5 Feb 2022 12:00 PM - 12:30 PM

SOC analysts are familiar with Wireshark and all of it's capabilities but are often at a roadblock when the pcap is relatively large. My tool, PacketSifter, and the open-source tool TShark will enable analysts to jump over that hurdle and learn to analyze pcaps on the command line!

Gone are the days of opening a large pcap in Wireshark and waiting two days for Wireshark to parse and load the pcap. PacketSifter will carve out noteworthy traffic as well as provide enrichment capabilities with GeoIP lookups via AbuseIPDB and hash lookups via VirusTotal.

This talk will demo PacketSifter as well as introduce TShark to continue on with the output files provided by PacketSifter.

Ross Burke
Mandiant - Security Consultant | University of Houston - Instructor
@packetsifter

Ross Burke is a Security Consultant at Mandiant and also an Instructor of Information Science and Technology at the University of Houston. Ross has worked across several aspects of cybersecurity including operating as a SOC analyst at an MSSP as well as staff augmentation and strategic consulting projects.

Ross has two degrees from the University of Houston including a Bachelor of Science in Computer Information Systems and Master of Science in Cybersecurity. He also holds several cybersecurity certifications including CISSP, GCIA, GCDA, GCFA, and Security+. Ross is also the developer of the open-source tool PacketSifter (https://github.com/packetsifter/packetsifterTool) which he presented at Wild West Hackin' Fest - Way West 2021.

On his free time, he enjoys kickstarting board games after having a few drinks.