BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
This 5-day instructor-led course offers a hands-on continuation of PCAP analysis, designed for cybersecurity professionals, network administrators, and IT security analysts who have completed the first course. Participants will explore the foundations of intrusion analysis, including network traffic analysis on Windows and Linux, low-level protocol analysis, and mastering tcpdump. Through practical lab exercises, students will investigate email conversations, apply DNS traffic analysis, and understand advanced PCAP manipulation techniques. By the end of this immersive training, participants will be proficient in advanced network traffic analysis and prepared to tackle sophisticated cybersecurity challenges. At the completion of this course, participants will be able to:
- Perform intrusion analysis of network traffic on Windows and Linux systems.
- Conduct low-level protocol analysis.
- Master the use of tcpdump for packet capture and analysis.
- Investigate and analyze email conversations for security threats.
- Apply DNS traffic analysis techniques.
- Understand and manipulate PCAP files using advanced techniques.
- Detect and analyze sophisticated cyber threats.
Schedule
Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.
Course Outline
Module 1: Mastering tshark
- Introduction to tshark
- Overview and advanced usage of tshark
- Lab #1-1: Data Capture with tshark
- Practical exercise on capturing data using tshark
- Lab #1-2: Redirecting Traffic with tshark
- Practical exercise on redirecting traffic using tshark
Module 2: Malware Traffic Analysis Process
- Understanding Malware Traffic Analysis
- Stages and techniques for analyzing malware traffic
- Lab #2-1: Stage One Malware Process
- Practical exercise on analyzing the initial stage of malware
- Lab #2-2: Stage Two Malware Process
- Practical exercise on analyzing the subsequent stage of malware
Module 3: APT Characteristics and Analysis
- Characteristics of Advanced Persistent Threats (APTs)
- Identifying and understanding APT characteristics
- Lab #3-1: Command and Control Analysis
- Practical exercise on analyzing command and control traffic
- Lab #3-2: APT Artifacts
- Practical exercise on identifying APT artifacts
Module 4: Detecting Tunneling
- Introduction to Tunneling Concepts
- Basics and significance of tunneling in network traffic
- Lab #4-1: Tunneling Concepts
- Practical exercise on detecting basic tunneling methods
- Lab #4-2: Advanced Tunneling Concepts
- Practical exercise on detecting advanced tunneling techniques
Module 5: Web Shells 101
- Fundamentals of Web Shells
- Understanding web shells and their impact
- Lab #5-1: Web Shell Fundamental Analysis
- Practical exercise on analyzing fundamental web shell techniques
Module 6: Remote Access Trojans and Web Shell Artifacts
- Understanding Remote Access Trojans and Web Shell Artifacts
- Identifying and analyzing RATs and web shell artifacts
- Lab #6-1: Remote Access Trojan and Web Shell Artifacts
- Practical exercise on analyzing RATs and web shell artifacts
- Lab #6-2: NjRat Traffic Analysis
- Practical exercise on analyzing NjRat traffic
- Lab #6-3: China Chopper PCAP Analysis
- Practical exercise on analyzing China Chopper traffic
Module 7: Decoding and Decrypting PCAP Files
- Decoding PCAP Files
- Techniques for decoding PCAP files
- Lab #7-1: Decoding PCAP Files
- Practical exercise on decoding PCAP files
- Decrypting PCAPs
- Methods for decrypting encrypted PCAP files
- Lab #7-2: Decrypting PCAPs
- Practical exercise on decrypting PCAP files
- BPF PCAP Packet Filtering
- Using Berkeley Packet Filter for advanced packet filtering
- Lab #7-3: BPF PCAP Packet Filtering
- Practical exercise on BPF packet filtering
Module 8: Static Analysis of Web Shells and Malware
- Static Analysis Techniques
- Understanding static analysis for web shells and malware
- Lab #8-1: Web Shell Analysis
- Practical exercise on static analysis of web shells
Module 9: Appendix: Writing Your Own Web Shell
- Web Shell Coding Basics
- Introduction to writing custom web shells
- Lab #9-1: Web Shell Coding
- Practical exercise on writing and analyzing custom web shells
Conclusion
- Review and summary of key concepts
- Final assessment and practical exam
- Q&A and further resources for continued learning
Prerequisites
Participants should have:
- Completed the Level 1 and Level 2 PCAP analysis courses or possess a solid understanding of basic PCAP analysis and TCP/IP concepts.
- Familiarity with network protocols and packet-level communications.
- Prior exposure to cybersecurity principles and practices.
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
