Class Details

Basic Network Analysis 102 Price: $3,750

Training promotions may be available, contact a training consultant at 240-667-7507 for more information!

In this course the students will learn how to use a variety of tools to assist them in their analysis. The concepts of low-level protocol analysis will be explored so the students can understand the network traffic at the binary level. The methods of live memory analysis will be explored in preparation of understanding the fundamentals of malware analysis. The students will be introduced to the procedures of incident response and methods of incident escalation. The class will conclude with 3 subsequent battle problems that flex the skills of both courses.

Price Match Guarantee Phoenix TS

Basic Network Analysis 102 Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

Conducting Protocol Analysis

  • Examining the data at the packet level
  • Control flags of TCP
  • Identifying the characteristics of network connections
  • Using protocol analyzers

 LAB: Protocol Analysis 

Wireshark filtering

  • Complex protocol filters
  • Customization
  • VOIP conversations
  • Endpoint monitoring
  • Statistics  

LAB: Building Filters 

Protocol Analysis One

  • Extracting data from sessions
  • Command line Wireshark
  • PCAP file analysis
  • Merging capture files
  • Dissecting PCAP files
  • Saving capture files and extracting packets 

LAB: Protocol Analysis One 

Protocol Analysis Two

  • Low level protocol analysis
  • Header components
  • Byte offsets
  • tcpdump
  • dsniff
  • ettercap and bettercap
  • credential extraction
  • etherape

 LAB: Protocol Analysis Two 

Protocol Analysis Three

  • Crafting packets
  • Obfuscating headers
  • Customizing captures
  • Recording network traffic
  • Replaying capture files for training purposes
  • Processing capture files with Intrusion Detection Systems 

LAB: Protocol Analysis Three 

Analyzing Basic Attacks

  • Identify suspicious packets
  • Exploring discovery methods
  • ARP
  • Sweeps
  • Open ports
  • Services
  • Enumeration
  • Types of scans
  • Vulnerability analysis methods
  • Exploitation tools
  • Manual versus tool based 

LAB: Analyzing Basic Attacks 

Protocol Analysis Tools

  • Sniffers
  • Snort
  • Network miner
  • Microsoft message analyzer 

LAB: Protocol Analysis Tools 

Advanced Attack Analysis

  • Components of advanced attacks
  • Protocol encapsulation
  • Methods of tunneling
  • Classifying the tunnel techniques
  • Detecting encryption
  • Extracting data from encrypted sessions 

LAB: Advanced Attack Analysis 

Incident Response

  • Security Policy and its role in incident response
  • Introduction and overview of computer forensics and incident response
  • Planning for incident response: Developing a plan of action
  • Incident response life cycle explained
  • Analyzing volatile data
  • Analyzing non-volatile data 

LAB: Incident Response Workshop 

Basic Process Analysis

  • Network connections
  • Ports
  • Processes
  • Memory of processes
  • Open files and handles
  • System memory
  • Process image 

LAB: Basic Process Analysis 

Advanced Process Analysis

  • String extraction
  • System architecture
  • Memory management
  • Cache management
  • Dumps analysis
  • Process antecedence
  • Process privileges
  • Rings of the process
  • Windows rootkits 

LAB: Advanced Process Analysis 

Live Memory Analysis

  • Process priority
  • Path to the process
  • Process ID
  • Process Description
  • Process tokens
  • Process DLLs and system calls
  • In RAM analysis
  • Imaging RAM 

LAB: Live Memory Analysis

Malware Introduction

Designing a malware analysis lab

  • Malware triage
  • Basic dynamic analysis
  • In depth analysis and reverse engineering introduction
  • Cyber threat intelligence
  • Software compilation and program execution
  • File type verification
  • Embedded files

LAB: Malware Introduction 

Malware Analysis 101

  • Malware Triage
  • Basics of dynamic analysis
  • Techniques of reverse engineering
  • Disassembly tactics
  • Methods of anti-reversing
  • VM detection
  • Debugging

 LAB: Malware Analysis 101 

Leveraging Analysis Results with tools

  • Putting it all together
  • SIEM
  • Distributed Snort
  • Splunk
  • OSSIM
  • Security Onion 

LAB: Analysis Tools 

Battle Problem One

  • Live and recorded scenarios to see how to analyze a sequence of events 

Battle Problem Two

  • More advanced attacks will be carried out and include obfuscation and tunneling techniques 

Battle Problem Three

 

Objectives

Basic Network Analysis 102 Course Objectives: 

  • Use a variety of tools to conduct network analysis
  • Understand network traffic at a binary level
  • Understand the fundamentals of malware
  • Understand incident response and incident escalation