Subscribe to the RSS Feed

Subscribe to the RSS Feed

Incident Response and Threat Hunting with Wireshark

Early Bird Registration: $975 USD (Ends May 1st, 2019)
Standard Registration: $1250 (Ends May 18th, 2019)
On-site Registration: $1600 USD

Training Registration

Head over to the Registration page for more details or click below to register directly via Universe:

Get Tickets


Tired of being unsure how to track down bad guys on your networks? Not sure what tools to use? This training will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the day, we’ll examine what different attacks look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network.

Topics covered in this training:

  • Introduction to Threat Hunting & Incident Response
  • Introduction to Wireshark Protocol Analyser
  • Malicious Network Traffic Analysis
  • Wireshark Filtering and Options
  • Wireshark Stream Analysis
  • Wireshark Protocol Dissection
  • identifying Incidators of Compromise

Who Should Take This Course?

This course is intended for incident response personnel, blue teams, penetration testers, security analysts, security administrators, network administrators with a security focus, and anyone else interested in learning about threat hunting and incident response techniques. This course focuses on the fundamentals of threat analysis and is appropriate for beginner to intermediate skill levels.

Student Requirements

Students should have a basic understanding of TCP/IP network and bring a laptop with Wireshark installed.

What Will Students Be Provided With?

Students are provided with a collection of lab materials, including network captures for baseline activity and captures for threat activity.


Arnel Manalo is a Cybersecurity Architect at Richey May Technology Solutions. Arnel has more than a decade of experience in the information technology and cybersecurity industry, with an emphasis on developing strategic security solutions for highly-regulated financial services and healthcare organizations. Arnel is a Certified Information Systems Security Professional, Amazon Web Services Certified Solutions Architect and holds dual undergraduate degrees in Network Technology and Computer Systems Security.

Return to the Trainings page.