Brad Duncan.jpeg

Malware Traffic Analysis Workshop

Brad Duncan

This workshop provides a foundation for investigating pcaps of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to determine the root cause of an infection and determining false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.

Speaker Bio: Based in Texas, Brad Duncan specializes in traffic analysis of malware and suspicious network activity. After more than 21 years of intelligence work for the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at He routinely blogs technical details and analysis of infection traffic at, where he's provided over 1,600 malware and pcap samples to a growing community of information security professionals. Brad is also active as @malware_traffic on Twitter.