Malware Traffic Analysis

@malware_traffic specializes in network traffic analysis of malware infection traffic. After more than 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) routinely posts diaries at He frequently blogs technical details and analysis of infection traffic at, where he provides malware specimens and examples of malicious network traffic to the community.

This is a one-day workshop that provides a foundation for investigating malicious network traffic. It begins with investigation concepts, using Wireshark, and identifying hosts from traffic indicators. The workshop then covers characteristics of malware infections and suspicious network traffic. Participants will learn how to determine the root cause of an infection. The workshop concludes with an evaluation in reviewing traffic and drafting an incident report. More infomation can be found at