VTEC Training
Course Code: 19024
MALICIOUS NETWORK TRAFFIC ANALYSIS TRAINING - COURSE
VTEC Training
Portland,
ME
Class Dates:
5/10/2021
6/7/2021
7/19/2021
Length:
5 Days
Cost:
$2495.00
Class Time:
Technology:
Security
Delivery:
Instructor-Led Training, Virtual Instructor-Led Training
Overview
- Course Overview
- This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics.
What you’ll learn:
Using tools like Wireshark for network analysis
Extracting data from a network capture file
Identifying common threats, such as DDoS attacks and data exfiltration
Methods for collecting and analyzing network data - Audience
- Network administrators
System administrators
Incident analysts
Incident responders
Anyone interested in learning about network traffic analysis
Prerequisites
- Before taking this course, students should have:
Knowledge of IPv4 networking protocols is required
Skills and experience with Wireshark display filtering is required
Knowledge of RSA Netwitness is recommended
Attending students should have a thorough understanding of Microsoft Windows
Python scripting abilities would be beneficial
CompTIA’s Network+ and Security+ certifications would be beneficial but not required
Course Details
- After completing this Malicious Network Traffic Analysis Training course, attendees will be able to:
- Strategic, tactical, and operational analysis
- Situational awareness
- Current networking trends in malware
- IDS/IPS evasion techniques
- Flow analysis to help identify malicious behavior
- Coordinated attacks
- Botnets
- Browser attacks
- Drive-by-downloads
- OSI Layer 2,3,4,5,6, and 7 attacks
- Social engineering and phishing attacks
- Tunneling
- DAY 1: What Constitutes Malicious Traffic?
- Malicious Traffic Generators
- Recent Trends in Malware Networking
- DAY 1: Network Attack Lifecycle
- Reconnaissance Phase
- Attack Phase
- Proliferation Phase
- OSI Layer Attacks
- Targeted Attack vs. Large Scale Attack
- DAY 1: Network Intrusion Analysis Process
- Strategic
- Tactical
- Operational
- ANRC
- DAY 1: Analytical Tools of the Trade
- IDS/IPS Technologies
- Flow Analysis Tools
- Protocol Analysis Tools
- Logs
- DAY 1: Beginning Phase of Attacks - Recon
- Types of Recon
- DAY 1: NMAP Port Scans
- Host discover
- TCP Ping Sweep
- TCP Connect Scan
- XMS Tress Scan
- SYN Stealth Scan
- UDP Scan
- O/S Discovery Scan
- DAY 2: Vulnerability Discovery Phase
- Vulnerability Analysis Tools
- Vulnerability Analysis Detection
- DAY 2: User Layer Attacks
- Phishing
- Speak Phishing
- Whaling
- Social Engineering Emails
- DAY 2: Application Layer Attacks
- Input Validation Attacks
- SQL Injection
- Brute Force Attacks
- Browser Attacks
- IE and Firefox Exploits
- Application Layer Analyst Takeaways
- DAY 2: Presentation Layer Attacks
- SMB MS08-067 Study
- ASN Attack Study
- DAY 2: Session Layer Attacks
- Man-in-the-Middle (MITM)
- ARP Poisoning/Spoofing
- Session Layer Analyst Takeaways
- DAY 2: Transport Layer Attacks
- TCP Sequence Prediction
- TCP Redirection
- Denial of Service Attacks
- Tunneling
- Transport Layer Analyst Takeaways
- DAY 2: Network Layer Attacks
- ICMP Redirects
- DHCP Poisoning/Spoofing
- Network Layer Analysis Takeaways
- DAY 2: Data Link Layer Attacks
- ARP Poisoning
- ARP Poisoning One Way
- DAY 2: Physical Layer Attacks
- Theft
- Power Outages
- Los off Environmental Control
- Unauthorized Data Connections
- Physical Network Taps
- Physical Network Redirection
- DAY 3: Botnet History and Evolution
- Botnets 2003 to the present
- AgoBot
- Operation b49
- DAY 3: Botnet Architectures and Design
- Command and Control Structures
- Lifecycle Stages
- DAY 3: Malicious Uses
- Port Scanning
- Exploitation
- DNS Proxy (Fast Flux Service Networks)
- Web Services
- Spam Services
- DAY 3: Botnet Communications
- Botnet Recruitment
- Communication Protocols
- Bot Evasion and Concealment
- Identification Challenges
- Fast Flux Service Network
- Double Flux Services
- DAY 3: Analysis Techniques
- Baselining Network Activity
- Situational Awareness
- Ingress and Egress SMTP and HTTP
- FFSN Activity
- Flow Analysis
- Black Energy Walkthrough
- Zeus Walkthrough
- DAY 4: Covert Communication Methods
- Data Exfiltration
- Command and Control
- Methods: Tunneling and Encryption
- DAY 4: Network Layer Tunneling
- IPv6 Tunneling
- ICMP Tunneling
- Analyst Takeaways
- Transport Layer Tunneling
- TCP/UDP Tunneling
- Analyst Takeaways
- DAY 4: Application Layer Tunneling
- HTTP Tunneling
- DNS Tunneling
- DNSCat
- Analyst Takeaways
- Traffic Cloaking
- Using Websites to Conceal Malicious Activities
- Limited Attribution
- Social Networking and Encryption Benefits
- Cloud Computing Data Centers
- DAY 5: Student Practical Demonstration
- Using the tools, skills, and methodologies taught in days one through four of the class you will uncover a multi-part network intrusion.
- In the intrusion capture files there will be at least three application Layer attacks, two advanced communications methods, and a hacker toolkit to discover
- You will have to prepare a report detailing the attack from start to finish as well as document what things the hacker did as well as what information was leaked if any.
- LABS: Wireshark Exercise Part 1 & 2, Metadata Analysis
- LABS: " Reconnaissance #1, & #2, & #3. Hard NOC Life
- LABS: Big Bad Recon Scan, Global Consulting Intrusion #1 & #2, & #3
- Holophone Intrusion #1, & #2, & #3, & #4
- Multi-Stage #1
- Advanced Persistent Threat
- Data Mining,
- Johnson Trucking
- Final Scenario