ATI -1 - Understanding, Identifying and Mitigating Malicious Internet Activity

Program Agenda

Overview and Objectives

This training program is intended to provide a comprehensive introduction into the nature and operation of malicious activity on the Internet. By knowing how criminals perpetrate cybercrimes on the Internet, and what technologies / methodologies they use, participants will be able to more confidently and effectively identify miscreant activity and take pro-active measures to protect their networks


The program assumes a basic understanding of Internet technologies (although these will be reviewed) and at least an intermediate level of general computer literacy (use of the Windows operating system, ability to install and run applications, manipulate files and folders, basic familiarity of the Unix environment and use of the command line interface )


The program encompasses 4 main elements:

  • Understanding the Internet and its operation
  • Looking at the nature of online badness and understanding cyberime enabling technologies – Botnets, exploit kits and malware
  • Observing, identifying and monitoring malicious Internet activity
  • Deploying systems to support  good practice  - NfSen

Workshop Outline

Day 1

Introduction and Familiarization

Day 1
Module 1

The Management and Operational Infrastructure of the Internet

Day 1
Module 2

Internet Operational Technologies Overview


Day 1
Module 3

TCP/IP Review -
Understanding  and Analysing Internet Traffic

Day 1
Module 4

The Underground Economy –


Day 1

Module 5

Internet Forensics -
The Anatomy of a network attack – Where are the clues?

Day 2
Module 6

Understanding Malware, Botnets and Botnet Operation

Day 2

Module 7

Botnets in Action

Day 3

Module 8

Netflow and Nfsen –a practical application from concept to implementation


Conclusion and review