Yesterday (not as on the ball as Rob) at SANSFire

Published: 2012-07-13
Last Updated: 2012-07-13 01:29:21 UTC
by Richard Porter (Version: 2)
3 comment(s)

Last night I presented a series of tips and gotchas whilst setting up a home lab for Malware and Packet collection. 


Packet and Malware Collection for the Home Network, Research Starts at Home!

- Richard Porter, ISC Handler
- Wednesday, July 11 * 8:15pm - 9:15pm

If you are just getting started in the Information Security Field, or want to practice your packetFu or MalwareFu? A place to start is on the home network! Often at a SANS Conference you will hear the Instructors, Faculty or even the Handlers reply with "Get Written Permission!" With that, you have permission on a network you own. This talk will go over setup, tools, pit-falls and things to be aware of for the home network. This discussion is a useful addition to both Security 503: Intrusion Detection In-Depth and Forensics 610: Reverse Engineering Malware.


It was well attended, and thanks for all the kind words. There were so many requests for my presentation and tips that when we recover from SANSFire, I will write another diary on more hints and tips but here are a couple:


1 - Roomate/Spouse/KId Alerting: Let them know you will be capturing traffic (Or not )

2 - Power: Check power where your lab is, your home wiring may be in series [1]




@packetalien - Twitter


And thanks again for all those who attended. Check back for more tips about running a lab at home (along with the Dionaea Virtual machine, when it is more stable.)


From SANSfire 2012, signing off!

Signing back on for an UPDATE: @karl thanks!

Tip 2, power, don't overload your circuit. I have dedicated drops at points in my home. As he pointed out, my tip is to not add to much load to one circuit and plan how much you are going to draw.


3 comment(s)
Diary Archives