×
Cyber Phoenix

Basic Network Analysis 102

Due to Covid-19 safety restrictions PhoenixTS will temporarily be unable to provide food to our students who attend class at our Training Center; however, our Break Areas are currently open where students will find a constant supply of Coffee, Tea and Water. Students may bring their own lunch and snacks to eat in our breakrooms or at their seat in the classroom or eat out at one of the many nearby restaurants.

Course Overview

Our 5-day, instructor-led course is designed for cyber security professionals. It will cover:
• Conducting Protocol Analysis
• Wireshark Filtering
• Protocol Analysis
• Analyzing Basic Attacks
• Advanced Attack Analysis
• Incident Response
• Process Analysis
• Live Memory Analysis
• Malware
• Leveraging Analysis Results with Tools

Prerequisites: Before taking this course, it is recommended that you complete Basic Network Analysis 101.

Schedule

Basic Network Analysis 102

date
location
price
9/12/22 - 9/16/22 (5 days)

8:30AM - 4:00PM

Columbia, MD
Sold Out
$3,750
10/10/22 - 10/14/22 (5 days)

8:30AM - 4:30PM EST

Tysons Corner, VA
Open
$3,750
10/17/22 - 10/21/22 (5 days)

8:30AM - 4:30PM EST

Online
Open
$3,750
10/17/22 - 10/21/22 (5 days)

8:30AM - 4:30PM EST

Columbia, MD
Open
$3,750
1/30/23 - 2/03/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
2/06/23 - 2/10/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
2/06/23 - 2/10/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
2/27/23 - 3/03/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
3/06/23 - 3/10/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
3/06/23 - 3/10/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
3/27/23 - 3/31/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
4/03/23 - 4/07/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
4/03/23 - 4/07/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
4/24/23 - 4/28/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
5/01/23 - 5/05/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
5/01/23 - 5/05/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
5/22/23 - 5/26/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
6/05/23 - 6/09/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
6/05/23 - 6/09/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
7/24/23 - 7/28/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
7/31/23 - 8/04/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
7/31/23 - 8/04/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
8/28/23 - 9/01/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
9/11/23 - 9/15/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
9/11/23 - 9/15/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
10/30/23 - 11/03/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
11/06/23 - 11/10/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
11/06/23 - 11/10/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750
12/11/23 - 12/15/23 (5 days)

8:30AM - 4:30PM

Tysons Corner, VA
Open
$3,750
12/18/23 - 12/22/23 (5 days)

8:30AM - 4:30PM

Online
Open
$3,750
12/18/23 - 12/22/23 (5 days)

8:30AM - 4:30PM

Columbia, MD
Open
$3,750

Course Outline

Conducting Protocol Analysis

  • Examining the data at the packet level
  • Control flags of TCP
  • Identifying the characteristics of network connections
  • Using protocol analyzers

 LAB: Protocol Analysis 

Wireshark filtering

  • Complex protocol filters
  • Customization
  • VOIP conversations
  • Endpoint monitoring
  • Statistics  

LAB: Building Filters 

Protocol Analysis One

  • Extracting data from sessions
  • Command line Wireshark
  • PCAP file analysis
  • Merging capture files
  • Dissecting PCAP files
  • Saving capture files and extracting packets 

LAB: Protocol Analysis One 

Protocol Analysis Two

  • Low level protocol analysis
  • Header components
  • Byte offsets
  • tcpdump
  • dsniff
  • ettercap and bettercap
  • credential extraction
  • etherape

 LAB: Protocol Analysis Two 

Protocol Analysis Three

  • Crafting packets
  • Obfuscating headers
  • Customizing captures
  • Recording network traffic
  • Replaying capture files for training purposes
  • Processing capture files with Intrusion Detection Systems 

LAB: Protocol Analysis Three 

Analyzing Basic Attacks

  • Identify suspicious packets
  • Exploring discovery methods
  • ARP
  • Sweeps
  • Open ports
  • Services
  • Enumeration
  • Types of scans
  • Vulnerability analysis methods
  • Exploitation tools
  • Manual versus tool based 

LAB: Analyzing Basic Attacks 

Protocol Analysis Tools

  • Sniffers
  • Snort
  • Network miner
  • Microsoft message analyzer 

LAB: Protocol Analysis Tools 

Advanced Attack Analysis

  • Components of advanced attacks
  • Protocol encapsulation
  • Methods of tunneling
  • Classifying the tunnel techniques
  • Detecting encryption
  • Extracting data from encrypted sessions 

LAB: Advanced Attack Analysis 

Incident Response

  • Security Policy and its role in incident response
  • Introduction and overview of computer forensics and incident response
  • Planning for incident response: Developing a plan of action
  • Incident response life cycle explained
  • Analyzing volatile data
  • Analyzing non-volatile data 

LAB: Incident Response Workshop 

Basic Process Analysis

  • Network connections
  • Ports
  • Processes
  • Memory of processes
  • Open files and handles
  • System memory
  • Process image 

LAB: Basic Process Analysis 

Advanced Process Analysis

  • String extraction
  • System architecture
  • Memory management
  • Cache management
  • Dumps analysis
  • Process antecedence
  • Process privileges
  • Rings of the process
  • Windows rootkits 

LAB: Advanced Process Analysis 

Live Memory Analysis

  • Process priority
  • Path to the process
  • Process ID
  • Process Description
  • Process tokens
  • Process DLLs and system calls
  • In RAM analysis
  • Imaging RAM 

LAB: Live Memory Analysis

Malware Introduction

Designing a malware analysis lab

  • Malware triage
  • Basic dynamic analysis
  • In depth analysis and reverse engineering introduction
  • Cyber threat intelligence
  • Software compilation and program execution
  • File type verification
  • Embedded files

LAB: Malware Introduction 

Malware Analysis 101

  • Malware Triage
  • Basics of dynamic analysis
  • Techniques of reverse engineering
  • Disassembly tactics
  • Methods of anti-reversing
  • VM detection
  • Debugging

 LAB: Malware Analysis 101 

Leveraging Analysis Results with tools

  • Putting it all together
  • SIEM
  • Distributed Snort
  • Splunk
  • OSSIM
  • Security Onion 

LAB: Analysis Tools 

 

Due to Covid-19 safety restrictions PhoenixTS will temporarily be unable to provide food to our students who attend class at our Training Center; however, our Break Areas are currently open where students will find a constant supply of Coffee, Tea and Water. Students may bring their own lunch and snacks to eat in our breakrooms or at their seat in the classroom or eat out at one of the many nearby restaurants.

Subscribe now

Get new class alerts, promotions, and blog posts