Uncover System Intrusions by Identifying Malicious Network Activity
There are a tremendous amount of network-based attacks to be aware of on the internet today and the number is increasing rapidly. You can’t defend against these lethal network attacks if you don’t know about them or if you’ve never seen what it looks like at the packet level. This course teaches you how to analyze, detect and understand all the network-based attacks that we could find being used today in modern network warfare.
From Layer 2 attacks against network devices through complex botnets and specific application vulnerabilities, this class will fulfill your desire to see what these attacks look like. We even show you how to detect attacks using Flow Analysis if you don’t have network packets to analyze or you only have statistical information at your disposal. We’ll use the popular protocol analyzer Wireshark and session analysis tool Netwitness alongside custom tools developed by ANRC networking experts to show you how to detect these network attacks and be prepared to handle them.
- Strategic, Tactical, and Operational Analysis
- Situational Awareness
- Current Networking Trends in Malware
- IDS / IPS evasion techniques
- Flow Analysis to help identify malicious behavior
- Coordinated Attacks
- Botnets
- Browser Attacks (Javascript, Obfuscation)
- Drive-By-Downloads
- OSI Layer 2,3,4,5,6,7 Attacks
- Social Engineering and Phishing Attacks
- Tunneling and Advanced Tunneling
Course Details:
- 70% Labs, 30% Lecture using real-world network attack captures
- Laptops are provided during the class
- Student will receive a link to download student materials after the course
What You'll Learn
⌃
Outline
⌃
DAY 1:
- Netflow Analysis Tools Lab
- Wireshark Exercise Part 1
- Wireshark Exercise Part 2
- Lab 01 – Identify the Reconnaissance #1
- Lab 02 – Identify the Reconnaissance #2
- Lab 03 – Identify the Reconnaissance #3
- Lab 04 – Identify the Reconnaissance #4
- Lab 05 – Identify the Reconnaissance #5
- Lab 06 – Identify the Reconnaissance #6
- Lab 07 – Identify the Reconnaissance #7
DAY 2:
- Lab 08 – Identify the OSI Layer Intrusion #1
- Lab 09 – Identify the OSI Layer Intrusion #2
- Lab 10 – Identify the OSI Layer Intrusion #3
- Lab 11 – Identify the OSI Layer Intrusion #4
- Lab 12 – Identify the OSI Layer Intrusion #5
- Lab 13 – Identify the OSI Layer Intrusion #6
- Lab 14 – Identify the OSI Layer Intrusion #7
- Lab 15 – Identify the OSI Layer Intrusion #8
- Lab 16 – Identify the OSI Layer Intrusion #9
DAY 3:
- Lab 17 – Identify the Botnet #1
- Lab 18 – Identify the Botnet #2
- Lab 19 – Identify the Botnet #3
DAY 4:
- Lab 20 – Find and decrypt the covert channel
Labs
⌃
- Knowledge of IPv4 networking protocols is required
- Skills and experience with Wireshark display filtering is required
- Knowledge of RSA Netwitness is recommended
- Attending students should have a thorough understanding of Microsoft Windows
- Python scripting abilities would be beneficial
- Comptia’s Network+ and Security+ certifications would be beneficial but not required
Prerequisites
⌃
- Threat operation analysts seeking to have a better understanding of network based malware and attacks
- Incident responders who need to quickly address a system security breach
- Forensic investigators who need to identify malicious network attacks
- Individuals who want to learn what malicious network activity looks like and how to identify it
Who Should Attend
⌃