• 01: BACNet and Wireshark for Beginners by Werner Fischer
• Presentation Video
• 02: Going down the retransmission hole by Sake Blok
• Presentation Video
• 03: IPv6 security assessment tools (aka IPv6 hacking tools) by Graham Bloice
• Presentation Video
• 04: Improving packet capture in the DPDK by Stephen Hemminger
• Presentation Video
• 05: Kismet and Wireless Security 101 by Mike Kershaw
• Presentation Video
• 06: Packets! Wait... What? A very improvised last-minute Wireshark talk about things you can find in pcap files that are funny, interesting or weird. I don't know. Let's find out together by Jasper Bongertz
• Presentation Video
• 07: TLS encryption and decryption: What every IT engineer should know about TLS by Ross Bagurdes
• Presentation Video
• 08: Why an Enterprise Visibility Platform is critical for effective Packet Analysis? by Keval Shah
• Presentation Video
• 09: Troubleshooting Cloud Network Outages by Chris Hull
• 10: TCP SACK overview & impact on performance (subject to change) by John Pittle
• Presentation Video
• 11: Automation TIPS & tricks Using Wireshark/tshark in Windows by Megumi Takeshita
• Presentation Video
• 12: How Long is a Packet? And Does it Really Matter? by Stephen Donnelly
• Presentation Video

FRIDAY SESSIONS

• 13: Make the bytes speak to you by Roland Knall
• Presentation Video
• 14: USB Analysis 101 by Tomasz Moń
• Presentation Video
• 15: TLS decryption examples by Peter Wu
• Presentation Video
• 16: The Packet Doctors are in! Packet trace examinations with the experts by Drs. Blok, Greer Landström, Rogers
• 17: Analyzing Honeypot Traffic by Tom Peterson
• Presentation Video
• 18: Intrusion Analysis and Threat Hunting with Suricata by Josh Stroschein and Jack Mott
• Presentation Video
• 19: The Other Protocols (used in LTE) by Mark Stout
• Presentation Video
• 20: Practical Signature Development for Open Source IDS by Jason Williams and Jack Mott
• Presentation Video
• 21: Ostinato - craft packets, generate traffic by Srivats P
• Presentation Video
• 22: Introduction to WAN Optimization by John Pittle
• Presentation Video
• 23: Solving Real World Case Studies by Kary Rogers
• Presentation Video
• 24: Analyzing 802.11 Powersave Mechanisms with Wireshark by George Cragg
• Presentation Video

Latest Wireshark Developments & Road Map
Gerald Combs

TUESDAY CLASSES

• 01: War story: troubleshooting issues on encrypted links by Christian Landström
• 02: TLS encryption & decryption: What every IT engineer should know about TLS by Ross Bagurdes
• Presentation Video (1:22:25)
• 03: Writing a Wireshark Dissector: 3 ways to eat bytes by Graham Bloice
• Presentation Video (1:18:07)
• 04: Solving (SharkFest) packet capture challenges with only tshark by Sake Blok
• Presentation Video (1:14:11)
• 05: How long is a packet? And does it really matter? by Stephen Donnelly
• Presentation Video (1:17:54)
• 06: Creating dissectors like a pro by generating dissectors by Richard Sharpe
• Presentation Video (1:20:38)
• 07: To Send or not to Send? How TCP congestion control algorithms work by Vladimir Gerasimov
• Presentation Video (1:30:56)
• 08: Taking a bite out of 100GB files by Betty DuBois
• Presentation Video (1:11:33)
• 09: Debugging TLS issues with Wireshark by Peter Wu
• Presentation Video (1:10:44)
• 10: IPv6 troubleshooting with Wireshark by Jeff Carrell
• 11: When TCP reassembly gets complicated by Tom Peterson
• Presentation Video (41:47)
• 12: Jumbo frames & how to catch them by Patrick Kinnison
• 13: Kismet & wireless security 101 by Mike Kershaw
• Presentation Video (1:20:16)
• 14: Tracing the untraceable with Wireshark: a view under the hood by Roland Knall

WEDNESDAY CLASSES

• 15: Automating cloud infrastructure for analysis of large network captures by Brad Palm & Brian Greunke
• Presentation Video (1:30:15)
• 16: My TCP ain't your TCP - ain't no TCP? by Simon Lindermann
• Presentation Video (1:26:14)
• 17: TLS1.3, DNS over HTTPs, DNS over TLS, QUIC, IPv6 PDM & more!by Nalini Elkins
• 18: Practical Tracewrangling: Exploring capture file manipulation/extraction by Jasper Bongertz
• Presentation Video (1:24:32)
• 19: TCP SACK overview & impact on performance by John Pittle
• Presentation Video (1:11:54)
• 20: IPv6 security assessment tools (aka IPv6 hacking tools) by Jeff Carrell
• Presentation Video (1:35:25)
• 21: Troubleshooting slow networks by Chris Greer
• Presentation Video(1:10:57)
• 22: Analyzing Windows malware traffic with Wireshark (Part 1) by Brad Duncan
• Presentation Video(1:10:57)
• 23: To send or not to send? How TCP congestion control algorithms work by Vladimir Gerasimov
• Presentation Video (1:30:56)
• 24: The packet doctors are in! Packet trace examinations with the experts by Drs. Blok, Bongertz, and Landström
• 25: Analyzing Windows malware traffic with Wireshark (Part 2) by Brad Duncan
• Presentation Video (1:04:26)
• 26: TLS encryption & decryption: what every IT engineer should know about TLS by Ross Bagurdes
• 27: Developer bytes lightning talks by Wireshark Core Developers
• 28: Wireshark visualization TIPS & tricks by Megumi Takeshita
• 29: Kismet & wireless security 101 by Mike Kershaw
• Presentation Video (1:20:16)

THURSDAY CLASSES

• 30: Using Wireshark to solve real problems for real people: step-by-step case studies in packet analysis by Kary Rogers
• Presentation Video (1:20:01)
• 31: TCP split brain: compare/contrast TCP effects on client & server with Wireshark (Part 1) by John Pittle
• Presentation Video (1:24:11)
• 32: Kismet & wireless security 101 by Mike Kershaw
• Presentation Video (1:20:16)
• 33: Capture file format deep dive by Jasper Bongertz
• Presentation Video (1:11:14)
• 34: TCP split brain: compare/contrast TCP effects on client & server with Wireshark (Part 2) by John Pittle
• Presentation Video (1:27:25)
• 35: Solving the impossible by Mike Canney
• Presentation Video (1:02:20)
• 36: A deep dive into LDAP: Everything you need to know to debug and troubleshoot LDAP packets by Betty DuBois
• 37: Wireshark visualization TIPS & tricks by Megumi Takeshita
• 38: Enrich your network visibility & analysis with Wireshark & ELK by Tajul Ariffin
• Presentation Video (1:05:55)
• 39: A walkthrough of the SharkFest Group & Individual Packet Challenges by Sake Blok, Christian Landström, and Jasper Bongertz

“捕影”应急响应小组是安徽三实公司旗下专门负责网络疑难故障处置、安全事件应急响应、业务系统性能优化、日志分析的团队。

1.    公安部一所网防G01安徽技术支撑团队；

2.    安徽省公安厅网安总队技术支撑团队；

3.    安徽唯一一支专注于网络疑难杂症与黑客攻击入侵应急响应的团队；

4.    协助政企金融用户处理数百起网络疑难故障；

5.    协助多地网安与用户处理数百起黑客入侵事件；

6.    在freebuf、团队博客蚂蚁网上发表了数百篇专业疑难故障与应急响应类文章；

7.    安徽省19大网络安全应急保障工作、组织几十家用户的应急演练；

8.    多次为安徽省公安厅、安徽省经信委、各地市公安/网信办提供技术培训和讲座；

9.    多位网络分析专家/应急服务专业级工程师/CISP/各种安全厂商认证工程师；

10.  团队博客www.vants.org、www.freebuf.com/author/feiniao。

    0x03 招人计划

 助理工程师

1.    熟悉常见网络结构；

2.    了解基本的网络原理(交换机、路由器、防火墙等)；

3.    掌握wireshark、科来等抓包软件的使用；能够在故障现场根据具体故障现象抓取相应的数据包；

4.    了解常见的网络设备、服务器、登录配置操作；

5.    了解常见安全设备、存储设备、虚拟化的工作机制和原理，能够完成常规的操作；

6.    能与用户沟通，完成日常工作，并撰写报告；

7.    常规问题的分析和解决；

8.    协助团队负责人完成其他常规工作。

技术工程师

1.    具备一定的安全能力，熟悉网络安全与web安全的原理；

2.    了解常见攻击方式，如xss、sql注入、文件上传等原理；

3.    熟悉主流安全设备的工作原理；

4.    具有一定的分析和处理入侵事件的能力；

5.    具备一定的日志分析能力，能够通过日志分析黑客攻击的痕迹；

6.    熟悉TCP/IP协议，对数据包有一定的分析能力；

7.    熟悉主流的网络设备,了解网络设备的工作原理；

8.    能够独立处理日常的工作；

9.    独立撰写用户服务过程文档。

(以上至少满足5条)

 中高级安全工程师

1.    精通TCP/IP原理，具有独立解决用户网络疑难故障的能力；

2.    深入理解应急响应的流程、具体步骤，可独立进行安全事件的应急处置；

3.    了解IT项目管理知识体系,能够胜任公司大型安全服务项目经理；

4.    撰写体系化的技术文档并进行团队分享。

  C开发工程师

1.  独立完成系统模块开发、维护，按计划完成各个模块日常开发工作；

2.  配合同事以及上级领导制定软件开发方案；

3.  解决项目中因程序引起的故障问题；

4.  项目维护和新功能模块开发；

5.  良好的代码编写习惯、以及技术文档书写能力；

6.  良好的沟通与表达能力、思路清晰，较强的动手能力与逻辑分析能力。

    0x04  联系方式

 地址

合肥市高新区长江西路118号5F创业园A座408。

联系方式

Tel:132 9551 2120

Mail:liuqy@ahsss.com.cn

1.1 拓扑结构

   服务器通过交换机、WAF、IPS，经防火墙映射对外提供服务，办公外网与互联网通过出口交换机访问服务器。

1.2 情况简介

   2017年11月17日有市局反应省局门户网站地市信息公开栏目访问异常。

   点击信息公开栏目后如下图所示：

   大部分市局...

   如上拓扑所述，省厅A的客户端1和客户端2属于两个不同的安全域，通过防火墙代理，经过互联网，访问省厅B一台层层安全防护的预算系统服务器。

1.2 情况简介

   预算系统分别使用B/S、C/S架构对外提供服务，服务端域名是xxx.com，解析后的公网IP分别是X.X.X.155和X.X.X.22，浏览器访问比客户端访问多...

1.1  网络拓扑结构

    梳理省厅网络拓扑结构，了解WEB服务器通过接入交换机、WAF、抗D，经防火墙对外映射对外提供服务，其中交换机、抗D、WAF均为二层部署，如下图所示：

1.2 情况简介

    A市局近期有无法访问省厅门户网站的现象，换个IP即可正常访问，与省厅沟通后发现其他市局和互联网用户均能正常访问。

1.3 分析思...