×
Phoenix TS

Basic Network Analysis 102

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Course Overview

Our 5-day, instructor-led course is designed for cyber security professionals. It will cover:
• Conducting Protocol Analysis
• Wireshark Filtering
• Protocol Analysis
• Analyzing Basic Attacks
• Advanced Attack Analysis
• Incident Response
• Process Analysis
• Live Memory Analysis
• Malware
• Leveraging Analysis Results with Tools

Prerequisites: Before taking this course, it is recommended that you complete Basic Network Analysis 101.

Schedule

Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.

Course Outline

Conducting Protocol Analysis

  • Examining the data at the packet level
  • Control flags of TCP
  • Identifying the characteristics of network connections
  • Using protocol analyzers

 LAB: Protocol Analysis 

Wireshark filtering

  • Complex protocol filters
  • Customization
  • VOIP conversations
  • Endpoint monitoring
  • Statistics  

LAB: Building Filters 

Protocol Analysis One

  • Extracting data from sessions
  • Command line Wireshark
  • PCAP file analysis
  • Merging capture files
  • Dissecting PCAP files
  • Saving capture files and extracting packets 

LAB: Protocol Analysis One 

Protocol Analysis Two

  • Low level protocol analysis
  • Header components
  • Byte offsets
  • tcpdump
  • dsniff
  • ettercap and bettercap
  • credential extraction
  • etherape

 LAB: Protocol Analysis Two 

Protocol Analysis Three

  • Crafting packets
  • Obfuscating headers
  • Customizing captures
  • Recording network traffic
  • Replaying capture files for training purposes
  • Processing capture files with Intrusion Detection Systems 

LAB: Protocol Analysis Three 

Analyzing Basic Attacks

  • Identify suspicious packets
  • Exploring discovery methods
  • ARP
  • Sweeps
  • Open ports
  • Services
  • Enumeration
  • Types of scans
  • Vulnerability analysis methods
  • Exploitation tools
  • Manual versus tool based 

LAB: Analyzing Basic Attacks 

Protocol Analysis Tools

  • Sniffers
  • Snort
  • Network miner
  • Microsoft message analyzer 

LAB: Protocol Analysis Tools 

Advanced Attack Analysis

  • Components of advanced attacks
  • Protocol encapsulation
  • Methods of tunneling
  • Classifying the tunnel techniques
  • Detecting encryption
  • Extracting data from encrypted sessions 

LAB: Advanced Attack Analysis 

Incident Response

  • Security Policy and its role in incident response
  • Introduction and overview of computer forensics and incident response
  • Planning for incident response: Developing a plan of action
  • Incident response life cycle explained
  • Analyzing volatile data
  • Analyzing non-volatile data 

LAB: Incident Response Workshop 

Basic Process Analysis

  • Network connections
  • Ports
  • Processes
  • Memory of processes
  • Open files and handles
  • System memory
  • Process image 

LAB: Basic Process Analysis 

Advanced Process Analysis

  • String extraction
  • System architecture
  • Memory management
  • Cache management
  • Dumps analysis
  • Process antecedence
  • Process privileges
  • Rings of the process
  • Windows rootkits 

LAB: Advanced Process Analysis 

Live Memory Analysis

  • Process priority
  • Path to the process
  • Process ID
  • Process Description
  • Process tokens
  • Process DLLs and system calls
  • In RAM analysis
  • Imaging RAM 

LAB: Live Memory Analysis

Malware Introduction

Designing a malware analysis lab

  • Malware triage
  • Basic dynamic analysis
  • In depth analysis and reverse engineering introduction
  • Cyber threat intelligence
  • Software compilation and program execution
  • File type verification
  • Embedded files

LAB: Malware Introduction 

Malware Analysis 101

  • Malware Triage
  • Basics of dynamic analysis
  • Techniques of reverse engineering
  • Disassembly tactics
  • Methods of anti-reversing
  • VM detection
  • Debugging

 LAB: Malware Analysis 101 

Leveraging Analysis Results with tools

  • Putting it all together
  • SIEM
  • Distributed Snort
  • Splunk
  • OSSIM
  • Security Onion 

LAB: Analysis Tools 

 

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!

Name(Required)