SANS Cyber Security 
Webinar Series

Sponsored by Endace

In this online series of webinars, we bring you insights into Real-World Network Forensics and a deep understanding of threat detection and incident response using packet analysis.

Jake Williams Headshot

Jake Williams - SANS Senior Instructor


"Malware Jake" Williams is a cybersecurity expert has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering.

He has worked with government in information security at federal, state, and local levels.

Jake is an IANS Faculty Member and also works as a SANS Analyst and is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

This is an ideal series of videos for those new to packet analysis and network forensics. But even experienced packet analysts will be sure to learn something new.

Series One - Packet Capture 101

In series one, Jake looks at common protocols. He shows what normal traffic looks like and how to spot potentially malicious traffic.  Each episode focuses on a different protocol.


Series Two - Packet Capture 201

In series two, Jake looks at typical incident response scenarios and demonstrates how packet data can provide definitive evidence of exactly what took place. With access to packets, you can be certain whether a threat or attack has succeeded, and how.  Or alternatively, know for sure that a threat was not successful. Along the way, he demonstrates how packet data can provide an invaluable resource for threat hunting.

Episode 1 - Proving the negative, no we didn't breach you

Jake demonstrates how packet capture assists in addressing third-party notifications. Whether you end up proving the negative or quickly confirming the notification is legitimate, *indexed* packet capture rapidly moves you from notification to triage to response.

Episode 2 - Closing the Logging Gaps with Packets

We've all been there - investigating an incident where there's not enough log data. In this webcast, Jake Williams will show you how to leverage packet data in confirming (or refuting) information in web server logs.


Episode 3 - Using Packet Analysis to Identify False Positives

In this episode, we’ll continue to look at web server logs, but this time with a focus on using packet capture to identify log entries that don’t reliably demonstrate exploitation.


Episode 4 - Why Packet Capture is important for Zero Trust

Jake looks at why packet data is an indispensable resource for verifying Zero Trust implementations and troubleshooting Zero Trust administration issues.

Subscribe to our YouTube Channel to see the next episode in this Series of SANS webcasts and other insightful content in the world of Packet Capture and Network Forensics.