Focal Point - Network Forensics and Investigation II
Building on the skills developed in the Network Forensics and Investigation course, students will learn how to use advanced features in tools such as Elastic, Wireshark, Zeek and Suricata, how to apply threat intelligence to enrich analysis and direct response actions, and how to identify and investigate more complex or hard-to-detect intrusions. This course covers malicious actions from across the attacker lifecycle, from initial reconnaissance and access through to activities such as data exfiltration and command-and-control traffic attributed to botnets or APTs.
WHAT YOU'LL LEARN
- Identify and analyze events at all stages of the attack lifecycle
- Apply threat intelligence feeds to focus monitoring, investigation, and hunt activities
- Detect and investigate tunneling, botnet command and control traffic, and other forms of covert communications being employed in a network
- Use fingerprinting techniques to detect the use of encrypted traffic flows by malware or an active intruder
Accurately correlate and reconstruct multiple stages of malicious activity in order to build a complete picture of the scope and impact of complex network intrusions
WHO SHOULD ATTEND?
- Threat operation analysts seeking a better understanding of network-based malware and attacks
- Incident responders who need to quickly address a system security breach
- Forensic investigators who need to identify malicious network attacks
- Individuals who want to learn what malicious network activity looks like and how to identify it
PREREQUISITES
- Successful completion of the Network Forensics and Investigation I course is highly recommended
- Thorough knowledge of TCP/IP networking is required
- Skills and experience with Wireshark display filtering is required
- CompTIA’s Network+ and Security+ certifications would be beneficial, but are not required
- Focal Point - Network Forensics and Investigation
- TCP/IP Networking
COURSE OUTLINE
1. Analyzing Reconnaissance
- What Constitutes Malicious Traffic?
- Malvertising
- Drive-By-Downloads
- Social Network propagation
- Scareware
- Trusted site utilization
- Organized crime
- Social engineering / phishing
- Network Attack Lifecycle
- OSI Layer Attacks
- Targeted Attack vs. Large Scale Attack
- Network Intrusion Analysis Process
- Process
- Analytical Tools of the Trade
- Beginning Phase of Attacks
- Social Engineering
- Visual Observation
- Search Engines
- Website Mining
- Network Tools
- Port Scanning
- Banner Grabbing
- Web Application Fuzzing
- NMAP Port Scans
2. OSI Layer Attack Types
- Vulnerability Discovery Phase
- User Layer Attacks
- Application Layer Attacks
- Drive-by-downloads
- XSS
- Flash, Active X, JavaScript
- Browser Exploits
- Application Layer Analyst Takeaways
- Presentation Layer Attacks
- Takeaways
- Session Layer Attacks
- Transport Layer Attacks
- Network Layer Attacks
- Data Link Layer Attacks
- Physical Layer Attacks
3. Botnets
- Botnet History and Evolution
- Botnet Architectures and Design
- Central
- Peer-to-peer
- Hybrid
- Initial Infection
- Secondary Infection
- Malicious Activity
- Maintenance and Upgrade
- Malicious Uses
- Botnet Communications
- IRC, P2P, HTTP/HTTPS
- ICMP
- DNS / DDNS
- Bot Evasion and Concealment
- Identification Challenges
- Fast Flux Service Network
- Double Flux Services
- Analysis Techniques
- Black Energy Walkthrough
- Zeus Walkthrough
4. Advanced Communication Methods
- Covert Communication Methods
- Tunneling
- Encryption
- Both Tunneling and Encryption
- Network Layer Tunneling – IPv6 Tunneling
- Incomplete support for IPv6
- IPv6 auto-configuration
- Malware that enables IPv6
- Transport Layer Tunneling
- Application Layer Tunneling
- Traffic Cloaking
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date