NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in Paris
Hack in Paris via YouTube
Overview
This course aims to teach learners how to operationalize Netflow data for network forensics analysis. The learning outcomes include understanding Netflow, extracting Netflow data from PCAPs, and utilizing various analysis methods for efficient and in-depth investigation. The course covers skills such as compression, filtering, generating CSV files, and using tools like SoftElk, Thread Hunt, and Jupiter for analysis. The teaching method involves a lecture-style presentation with a demo. This course is intended for individuals interested in network forensics, cybersecurity, and leveraging Netflow data for investigative purposes.
Syllabus
Introduction
Why this talk
Agenda
Compression
Filtering
What is Netflow
Typical Netflow fields
Similar products
Pcaps vs Netflow
What you need
Flowing the path
Generating the CSV
Getting silk installed
Analysis methods
Free trial
Other tools
SoftElk
Thread Hunt
Jupiter
Jupiter demo
Two things that come to mind
Standard deviation
VPN
Taught by
Hack in Paris