×
CyberPhoenix

Basic Network Analysis 102

Course Overview

Our 5-day, instructor-led course is designed for cyber security professionals. It will cover:
• Conducting Protocol Analysis
• Wireshark Filtering
• Protocol Analysis
• Analyzing Basic Attacks
• Advanced Attack Analysis
• Incident Response
• Process Analysis
• Live Memory Analysis
• Malware
• Leveraging Analysis Results with Tools

Prerequisites: Before taking this course, it is recommended that you complete Basic Network Analysis 101.

Schedule

Basic Network Analysis 102

date
location
price
11/08/21 - 11/12/21 (5 days)

8:30AM - 4:30PM EST

Columbia, MD
Open
$3,750
11/08/21 - 11/12/21 (5 days)

8:30AM - 4:30PM EST

Online
Open
$3,750

Course Outline

Conducting Protocol Analysis

  • Examining the data at the packet level
  • Control flags of TCP
  • Identifying the characteristics of network connections
  • Using protocol analyzers

 LAB: Protocol Analysis 

Wireshark filtering

  • Complex protocol filters
  • Customization
  • VOIP conversations
  • Endpoint monitoring
  • Statistics  

LAB: Building Filters 

Protocol Analysis One

  • Extracting data from sessions
  • Command line Wireshark
  • PCAP file analysis
  • Merging capture files
  • Dissecting PCAP files
  • Saving capture files and extracting packets 

LAB: Protocol Analysis One 

Protocol Analysis Two

  • Low level protocol analysis
  • Header components
  • Byte offsets
  • tcpdump
  • dsniff
  • ettercap and bettercap
  • credential extraction
  • etherape

 LAB: Protocol Analysis Two 

Protocol Analysis Three

  • Crafting packets
  • Obfuscating headers
  • Customizing captures
  • Recording network traffic
  • Replaying capture files for training purposes
  • Processing capture files with Intrusion Detection Systems 

LAB: Protocol Analysis Three 

Analyzing Basic Attacks

  • Identify suspicious packets
  • Exploring discovery methods
  • ARP
  • Sweeps
  • Open ports
  • Services
  • Enumeration
  • Types of scans
  • Vulnerability analysis methods
  • Exploitation tools
  • Manual versus tool based 

LAB: Analyzing Basic Attacks 

Protocol Analysis Tools

  • Sniffers
  • Snort
  • Network miner
  • Microsoft message analyzer 

LAB: Protocol Analysis Tools 

Advanced Attack Analysis

  • Components of advanced attacks
  • Protocol encapsulation
  • Methods of tunneling
  • Classifying the tunnel techniques
  • Detecting encryption
  • Extracting data from encrypted sessions 

LAB: Advanced Attack Analysis 

Incident Response

  • Security Policy and its role in incident response
  • Introduction and overview of computer forensics and incident response
  • Planning for incident response: Developing a plan of action
  • Incident response life cycle explained
  • Analyzing volatile data
  • Analyzing non-volatile data 

LAB: Incident Response Workshop 

Basic Process Analysis

  • Network connections
  • Ports
  • Processes
  • Memory of processes
  • Open files and handles
  • System memory
  • Process image 

LAB: Basic Process Analysis 

Advanced Process Analysis

  • String extraction
  • System architecture
  • Memory management
  • Cache management
  • Dumps analysis
  • Process antecedence
  • Process privileges
  • Rings of the process
  • Windows rootkits 

LAB: Advanced Process Analysis 

Live Memory Analysis

  • Process priority
  • Path to the process
  • Process ID
  • Process Description
  • Process tokens
  • Process DLLs and system calls
  • In RAM analysis
  • Imaging RAM 

LAB: Live Memory Analysis

Malware Introduction

Designing a malware analysis lab

  • Malware triage
  • Basic dynamic analysis
  • In depth analysis and reverse engineering introduction
  • Cyber threat intelligence
  • Software compilation and program execution
  • File type verification
  • Embedded files

LAB: Malware Introduction 

Malware Analysis 101

  • Malware Triage
  • Basics of dynamic analysis
  • Techniques of reverse engineering
  • Disassembly tactics
  • Methods of anti-reversing
  • VM detection
  • Debugging

 LAB: Malware Analysis 101 

Leveraging Analysis Results with tools

  • Putting it all together
  • SIEM
  • Distributed Snort
  • Splunk
  • OSSIM
  • Security Onion 

LAB: Analysis Tools 

 

Subscribe now

Get new class alerts, promotions, and blog posts