Participation in conferences and webinars as a speaker:
EC-Council University’s CyberTalk
Deep Packet Inspection Analysis: Examining One Packet Killers
Security Operations Center (SOC) teams monitor network traffic using SIEM and IPS solutions, along with other security tools. However, these tools can sometimes fall short in their capability, particularly when faced with complex attacks that exploit legitimate network protocols, such as a single, crafted packet. To combat these threats, SOC teams must adopt advanced techniques such as Deep Packet Inspection (DPI). The webinar explores DPI analysis techniques to detect and mitigate “One Packet Killers”, using real-world examples from DHCP, H.225.0, Modbus over TCP, WTP, and BAT_GW protocols. Furthermore, it examines the intricacies of each protocol and highlights how specific message manipulations within these protocols can activate Denial-of-Service (DoS) attacks or disrupt communication flows. By mastering DPI techniques and addressing these protocol security weaknesses, SOC teams can enhance their ability to maintain a robust network security posture.
ISSA Academy
Computer Forensics and Ethical Hacking Association
Deep packet inspection analyses: A multi-faceted view from the SOC perspective
There is an unquestionable need to perform regular deep packet inspection analysis for a variety of reasons. Providing standard SOC-type services that use tools, such as SIEM, SOAR, IPS, WAF, EDR and others leads to a partial waste of human resources due to the constant dealing with the so-called “false positives” – DPI analysis, among others, will eliminate this problem. Performing such analysis will also help when performing activities typical of SOC teams i.e. malware analysis, phishing messages and digital forensics, or addressing alerts from SIEM, IPS, WAF, EDR or XDR systems. In addition, network edge profiling is recommended to determine what malicious traffic is present at the network edge in a given infrastructure in order to identify and mitigate it – whether or not it is traffic related to 0-day threats.
The Hack Summit
Biggest conference on cybersecurity in Poland
Deep packet inspection analyses: why the typical approach is not enough
There is an unquestionable need to perform regular deep packet inspection analyses, i.e. network edge profiling. Providing standard SOC-type services that use tools, such as SIEM, SOAR, IPS, WAF, EDR and others leads to a partial waste of human resources due to the constant dealing with the so-called “false positives”. The cybersecurity industry is currently characterized by superficiality, insufficient competence and low cyber awareness. Cybercriminals are in possession of hundreds of mechanisms that they regularly take advantage of to break through firewalls. In this lecture, I will present an advanced view of the realities that teams such as SOC are unable to deal with, and explain why this is the case. I will use extensive knowledge of a variety of threats, based on analysis of 252 different network protocols from the areas of IT, OT and IoT.
