Abstract: Security Operations Center (SOC) teams monitor network traffic using SIEM and IPS solutions, along with other security tools. However, these tools can sometimes fall short in their capability, particularly when faced with complex attacks that exploit legitimate network protocols, such as a single, crafted packet. To combat these threats, SOC teams must adopt advanced techniques such as Deep Packet Inspection (DPI). The webinar explores DPI analysis techniques to detect and mitigate “One Packet Killers,” using real-world examples from DHCP, H.225.0, Modbus over TCP, WTP, and BAT_GW protocols. Furthermore, it examines the intricacies of each protocol and highlights how specific message manipulations within these protocols can activate Denial-of-Service (DoS) attacks or disrupt communication flows. By mastering DPI techniques and addressing these protocol security weaknesses, SOC teams can enhance their ability to maintain a robust network security posture.
Key Takeaways:
- Understand how attackers exploit protocols with single packets and the limitations of IPS, WAF, and SIEM in detecting them.
- Learn about “One Packet Killers” and how they bypass traditional security measures.
- Grasp the importance of DPI analysis in identifying “One Packet Killers.”
- Analyze “One Packet Killers” using examples from DHCP, H.225.0, Modbus/TCP, WTP, and BAT_GW.
- Implement monitoring techniques and learn mitigation strategies using DPI and protocol-specific anomaly detection.
Speaker:
Michał Sołtysik, Deep Packet Inspection Analyst
Bio: Michał Sołtysik is a Deep Packet Inspection Analyst and Cybersecurity Consultant specializing in network edge profiling and 0-day attacks. With a focus on IT, OT, and IoT areas, he has identified around 254 protocols used for cyber-attacks. Michał is also a skilled Digital and Network Forensics Examiner, a CyberWarfare Organizer, and a SOC Trainer, enhancing his cybersecurity roles with a broad range of expert knowledge.
Certified as:
- C|CSA – Certified Cyber Security Analyst
- C|SA – Certified SOC Analyst
- C|NFE – Certified Network Forensics Examiner
- C|DFE – Certified Digital Forensics Examiner
- WCNA – Wireshark Certified Network Analyst
- C|ND – Certified Network Defender
- C|PTC – Certified Penetration Testing Consultant
- C|PTE – Certified Penetration Testing Engineer
- C|PEH – Certified Professional Ethical Hacker
- C|VA – Certified Vulnerability Assessor
- RvBCWP – Red vs Blue Cyber Warfare Practitioner
- C|IoTSP – Certified Internet of Things Security Practitioner
- OOSE – OPSWAT OT Security Expert
- C|NSP – Certified Network Security Practitioner
- C|NSE – Certified Network Security Engineer
- C|CE – Certified Cybersecurity Expert
- C|CSS – Certified Cyber Security Specialist
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)
