Basic Network Analysis 102

Conducting Protocol Analysis

• Examining the data at the packet level
• Control flags of TCP
• Identifying the characteristics of network connections
• Using protocol analyzers

 LAB: Protocol Analysis 

Wireshark filtering

• Complex protocol filters
• Customization
• VOIP conversations
• Endpoint monitoring
• Statistics  

LAB: Building Filters 

Protocol Analysis One

• Extracting data from sessions
• Command line Wireshark
• PCAP file analysis
• Merging capture files
• Dissecting PCAP files
• Saving capture files and extracting packets 

LAB: Protocol Analysis One 

Protocol Analysis Two

• Low level protocol analysis
• Header components
• Byte offsets
• tcpdump
• dsniff
• ettercap and bettercap
• credential extraction
• etherape

 LAB: Protocol Analysis Two 

Protocol Analysis Three

• Crafting packets
• Obfuscating headers
• Customizing captures
• Recording network traffic
• Replaying capture files for training purposes
• Processing capture files with Intrusion Detection Systems 

LAB: Protocol Analysis Three 

Analyzing Basic Attacks

• Identify suspicious packets
• Exploring discovery methods
• ARP
• Sweeps
• Open ports
• Services
• Enumeration
• Types of scans
• Vulnerability analysis methods
• Exploitation tools
• Manual versus tool based 

LAB: Analyzing Basic Attacks 

Protocol Analysis Tools

• Sniffers
• Snort
• Network miner
• Microsoft message analyzer 

LAB: Protocol Analysis Tools 

Advanced Attack Analysis

• Components of advanced attacks
• Protocol encapsulation
• Methods of tunneling
• Classifying the tunnel techniques
• Detecting encryption
• Extracting data from encrypted sessions 

LAB: Advanced Attack Analysis 

Incident Response

• Security Policy and its role in incident response
• Introduction and overview of computer forensics and incident response
• Planning for incident response: Developing a plan of action
• Incident response life cycle explained
• Analyzing volatile data
• Analyzing non-volatile data 

LAB: Incident Response Workshop 

Basic Process Analysis

• Network connections
• Ports
• Processes
• Memory of processes
• Open files and handles
• System memory
• Process image 

LAB: Basic Process Analysis 

Advanced Process Analysis

• String extraction
• System architecture
• Memory management
• Cache management
• Dumps analysis
• Process antecedence
• Process privileges
• Rings of the process
• Windows rootkits 

LAB: Advanced Process Analysis 

Live Memory Analysis

• Process priority
• Path to the process
• Process ID
• Process Description
• Process tokens
• Process DLLs and system calls
• In RAM analysis
• Imaging RAM 

LAB: Live Memory Analysis

Malware Introduction

Designing a malware analysis lab

• Malware triage
• Basic dynamic analysis
• In depth analysis and reverse engineering introduction
• Cyber threat intelligence
• Software compilation and program execution
• File type verification
• Embedded files

LAB: Malware Introduction 

Malware Analysis 101

• Malware Triage
• Basics of dynamic analysis
• Techniques of reverse engineering
• Disassembly tactics
• Methods of anti-reversing
• VM detection
• Debugging

 LAB: Malware Analysis 101 

Leveraging Analysis Results with tools

• Putting it all together
• SIEM
• Distributed Snort
• Splunk
• OSSIM
• Security Onion 

LAB: Analysis Tools