Attendance is limited to 300, so don’t miss out on this opportunity to learn with the best and meet hundreds of your peers!

Register

Registration Fees Early Bird (Valid through 2/15/19) Standard (Valid 2/16/19)
SharkFest Conference Only $1295 $1495
SharkFest + Pre-Conference Class I: Wireshark Analysis Foundations $2290 $2790
SharkFest + Pre-Conference Class II: Hunt Like a Shark $2290 $2790
Pre-Conference Class I: Wireshark Analysis Foundations $1295 $1295
Pre-Conference Class II: Hunt Like a Shark $1295 $1295
What's the Schedule? June 10th: Badge Pick-Up/Registration, Welcome Dinner
June 11th: Keynote, Sessions, Developer Den, Sponsor Technology Showcase
June 12th: Sessions, Developer Den, PacketPalooza Group Competition Dinner
June 13th: Sessions, Developer Den, Packet Challenge Awards, Closing Keynote, Farewell Reception/Dinner
Location UC Berkeley Clark Kerr Campus
Berkeley, CA
Dates June 8 - 13, 2019
Where Should I Stay? Click HERE to go to the Lodging page.
Price $1295 (valid through 2/15/19, $1495 after that date)
Payment Methods Payment for SharkFest is by credit card. POs are accepted for commercial businesses registering multiple attendees and government agencies. Payments via wire transfer will incur an additional $30 fee.
Available SharkFest Discounts*

• Full-time CS students, CS faculty and IT staff of accredited educational institutions
• Active-duty military personnel
• Returning SharkFesters

*Please contact [email protected] for discount codes.

CANCELLATION POLICY
14 days or more before the SharkFest’19 US Conference start date Full Refund minus $100 Administration Fee
Less than 14 days before the SharkFest’19 US Conference start date No Refund

All cancellation requests must be made in writing to [email protected] If registered but unable to attend, another attendee within your organization may be designated to take your place at no additional charge. All substitution requests must be submitted by the original attendee via e-mail to [email protected] On-site substitutions may be allowed if the substituting attendee provides a written request from the original attendee.

Course Description In this hands-on pre-conference course, we will cover core concepts of the Wireshark Analyzer and TCP/IP which will enable attendees to improve their skills in capturing and interpreting network traffic. Rather than capturing large amounts of data and being overwhelmed by the details, attendees will learn how to practically use Wireshark to attack network problems and hone in on the packets that matter.

The concepts in this course will prepare attendees to get the most out of the Sharkfest sessions that will follow during the conference, enabling them to progressively heighten their skills throughout the week.
Course Outline
Day 1
Troubleshooting with the Wireshark Analyzer
  • • How and where to capture packets
  • • TAP vs SPAN vs Direct Capture
  • • Configuring Wireshark for Analysis
  • • Configuring Profiles and Coloring Rules
  • • Using Custom Columns
  • • Filtering for the traffic that matters
  • • Visualizing traffic using I/O Graphs
  • • Analyzing core network protocols such as ARP, IP, UDP, DNS, DHCP
  • • Creating Filter Expressions
Day 2 TCP Fundamentals
  • • The Handshake
  • • TCP Options
  • • How TCP Windows work and Window Scaling
  • • SACK
  • • Using Custom Columns
  • • TCP Congestion Algorithms
  • • TCP Stream Graphs
  • • Building Filters for Common TCP Issues
  • • How Retransmissions work
Day 3 Case files and Real-World Scenarios
Jasper, Christian, Chris, Sake
Who Should Attend: Network technicians, network engineers, and application developers who are at the beginning stages of packet analysis. The course will be focused on core concepts around Wireshark and TCP/IP, helping attendees get comfortable with analyzing core protocols.
Dates & Time June 8-10, 2019, 9am - 5pm
Location UC Berkeley Clark Kerr Campus
Krutch Auditorium
Instructors Chris Greer, Jasper Bongertz, Christian Landström, Sake Blok
Price $1295 for the Wireshark Analysis Foundations Class
$2290 for the Wireshark Analysis Foundations Class + SharkFest Conference (valid through 2/15/19, $2790 after that date)
Payment Methods Payment is by credit card. POs are accepted for commercial businesses registering multiple attendees and government agencies. Payments via wire transfer will incur an additional $30 fee.
CANCELLATION POLICY
14 days or more before the Wireshark Analysis Foundations class start date Full Refund minus $100 administrative fee
Less than 14 days before the Wireshark Analysis Foundations class start date No Refund

All cancellation requests must be made in writing to [email protected] If registered but unable to attend, another attendee within your organization may be designated to take your place at no additional charge. All substitution requests must be submitted by the original attendee via e-mail to [email protected] On-site substitutions may be allowed if the substituting attendee provides a written request from the original attendee.

Course Description Threat hunting is the missing chapter in the security operations handbook and leverages investigation theory, scientific method, and good 'ol hunter instincts that are baked into your DNA. Threat hunting is the future of the infosec life cycle. While vulnerability scans simply tell you something is vulnerable, and penetration tests tell you if it can be exploited, threat hunting tells you if something actually has been compromised. Your organization can't be secure if the operational mode is to run blind and assume the worst hasn't happened. Since the packets present the ground truth of the network, that’s the perfect place to start hunting. Threat hunting requires a network analysis skill set and is a perfect progression for those that understand how to analyze packets for troubleshooting and performance tasks; now you just need to think about how an attacker could abuse these protocols and what trail they leave behind.

Despite what some may lead you to believe, threat hunting can and should be done by any business organization at any level of security practice maturity. This course will address the tools and techniques that will help you be successful in hunting at your business' given level by pulling fundamentals from centuries-old, battle-hardened lessons and applying them in the context of modern IT security practices.
Course Outline
Day 1
Morning (Foundations):
  • • Who cares about defense?
    • - Graduating from a network analysis focus on troubleshooting and performance to security topics
  • • History of network defense/blue teaming and the paradigm shift that defines the modern defense, which is a response to changing adversarial tactics:
    • - Client-side exploits are more common than server exploits
    • - Assumption of compromise
    • - Paradigm shift: from prevention (insufficient) to detect-respond lifecycle (the goal is speed!)
  • • Meatspace examples and why they map to cyberspace
    • - Prep the discussion for military lessons learned
    • - Create defensible space - forest service and urban planning example
  • • Brilliance in the Basics
    • - CIS Top 5
    • - Tips on prevent, detect, respond
    • - NIST - identify, protect, detect, respond, recover
    • - Hardening/IaC/CM/Ansible/DevOps
    • - Monitoring
  • • Active Defense
  • • What is threat hunting?
    • - Identification of your blind spots and actively patrolling them
    • - Requires human intuition (staying ahead of automation power curve)
    • - Investigation theory (Chris Sanders)
    • - Heuristics
    • - Analysis & active investigation –> investigate, apply context, draw conclusions, formulate guidance, analyze
    • - Scientific method
    • - Our workflow -> hypothesize, develop test, gather facts, distill (preprocess/postprocess), analyze
    • - Why is this the missing chapter in cybersecurity?
    • - Discussion on lessons learned from Field Manuals (FM) and Marine Corps Warfighting Publications (MCWP)
      • 1.) MCWP 3-1 Ground Combat Operations
      • 2.) Rifle Platoon in the Defense
      • 3.) LP/OPs, roving patrols, defense in depth, obstacle plans
    • - Network baselines are key
Afternoon (low security maturity level practical application):
  • • Review defensive objectives with regard to a low security maturity level (PRISMA Maturity level 0-1)
  • • Introduce SOPs/TTPs
  • • Lab environment for low security maturity level
Day 2 Morning (medium security maturity level practical application):
  • • Review defensive objectives with regard to a medium security maturity level (PRISMA Maturity level 2-3)
  • Introduce SOPs/TTPs
  • Lab environment for medium security maturity level
Afternoon (high security maturity level practical application):
  • Review defensive objectives with regard to a high security maturity level (PRISMA Maturity level 4-5)
  • Introduce SOPs/TTPs
  • Lab environment for high security maturity level
Day 3 (Instructors will be available in the "SharkFest Lab" to answer any questions)
Dates & Time June 8-10, 2019, 9am - 5pm
Location UC Berkeley Clark Kerr Campus
Garden Room
Instructors Brad Palm, Ryan Richter, Brian Greunke
Price $1295 for the Hunt Like a Shark Class
$2290 for the Hunt Like a Shark Class + SharkFest Conference (valid through 2/15/19, $2790 after that date)
Payment Methods Payment is by credit card. POs are accepted for commercial businesses registering multiple attendees and government agencies. Payments via wire transfer will incur an additional $30 fee.
CANCELLATION POLICY
14 days or more before the Hunt Like a Shark class start date Full Refund minus $100 Administration Fee
Less than 14 days before the Hunt Like a Shark class start date No Refund

All cancellation requests must be made in writing to [email protected] If registered but unable to attend, another attendee within your organization may be designated to take your place at no additional charge. All substitution requests must be submitted by the original attendee via e-mail to [email protected] On-site substitutions may be allowed if the substituting attendee provides a written request from the original attendee.