8-12 May 2017
8-12 May 2017
13 Mar 2017
300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)
The Locked Shields technical environment is very complex and Blue Teams need a network traffic overview to plan their strategy. It is also essential to have an overview of what happened in the network during execution. This course will make use of the latest Locked Shields execution network traffic capture as a learning material.
This intensive hands‐on course concentrates on a single solution out of a number of important Cyber Defence Monitoring techniques and solutions. We will focus only on packet capture and analysis. It is not meant to replace IDS engines, but instead work alongside them to store and index all the network traffic and providing fast access to the captured data. We use Moloch, an open‐source free software tool, to build network security monitoring for different scales, from SOHO/SME up to enterprise level.
The course demonstrates how Moloch is a perfect fit into modern network security monitoring. Attendees gain practical experience of how to build up a scalable system and how challenging the security‐engineering and analysis process can be.
Locked Shields Blue Team members and/or national representatives.
On this course, we will work with network traffic from the recent Locked Shields, which means that the traffic will have real intrusions.
NB! We most strongly discourage the participation of students who do not fulfil these prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the