Malicious Network Traffic Analysis

Similar documents

CYBERTRON NETWORK SOLUTIONS

Certified Ethical Hacker Exam Version Comparison. Version Comparison

IxLoad-Attack: Network Security Testing

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

CS5008: Internet Computing

Vulnerability Assessment and Penetration Testing

Information Security. Training

Linux Network Security

Networking for Caribbean Development

Networking: EC Council Network Security Administrator NSA

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Covert Operations: Kill Chain Actions using Security Analytics

Learn Ethical Hacking, Become a Pentester

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Security Fundamentals

CEH Version8 Course Outline

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

A Very Incomplete Diagram of Network Attacks

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

A Critical Investigation of Botnet

Description: Objective: Attending students will learn:

Protecting Your Organisation from Targeted Cyber Intrusion

INFORMATION SECURITY TRAINING CATALOG (2015)

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Innovations in Network Security

Network Intrusion Analysis (Hands-on)

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Introduction to Network Security Lab 2 - NMap

Networks and Security Lab. Network Forensics

Network Attacks. Common Network Attacks and Exploits

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Penetration Testing with Kali Linux

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

NIP6300/6600 Next-Generation Intrusion Prevention System

Network/Internet Forensic and Intrusion Log Analysis

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

2016 TÜBİTAK BİLGEM Cyber Security Institute

IBM Protocol Analysis Module

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

INFORMATION SECURITY TRAINING CATALOG (2016)

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

FortiWeb 5.0, Web Application Firewall Course #251

Seminar Computer Security

Defending Against Data Beaches: Internal Controls for Cybersecurity

Course Title: Penetration Testing: Security Analysis

RSA Security Analytics

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Jort Kollerie SonicWALL

Detailed Description about course module wise:

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Looking for Trouble: ICMP and IP Statistics to Watch

Advanced Persistent Threats

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Comprehensive Advanced Threat Defense

Current Threat Scenario and Recent Attack Trends

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Advancements in Botnet Attacks and Malware Distribution

General Network Security

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Web App Security Audit Services

CS 356 Lecture 16 Denial of Service. Spring 2013

INFORMATION SECURITY TRAINING

Build Your Own Security Lab

Application Security Testing

EC Council Certified Ethical Hacker V8

HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Ethical Hacking Course Layout

FORBIDDEN - Ethical Hacking Workshop Duration

CompTIA Security+ (Exam SY0-410)

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Practical Steps To Securing Process Control Networks

McAfee Certified Assessment Specialist Network

Application Security Best Practices. Wally LEE Principal Consultant

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Locking down a Hitachi ID Suite server

AT&T Real-Time Network Security Overview

2010 Carnegie Mellon University. Malware and Malicious Traffic

Detecting peer-to-peer botnets

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

SECURING APACHE : DOS & DDOS ATTACKS - II

Rational AppScan & Ounce Products

Transcription:

Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the number is increasing rapidly. You can't defend against these lethal network attacks if you don't know about them or if you've never seen what it looks like at the packet level. This course teaches you how to analyze, detect and understand all the network based attacks that we could find being used today in modern network warfare. From layer two attacks against network devices through complex botnets and specific application vulnerabilities this class will fulfill your desire to see what these attacks look like. We even show you how to detect attacks using Flow Analysis if you don't have network packets to analyze or you only have statistical information at your disposal. We'll use the popular protocol analyzer Wireshark and session analysis tool Netwitness alongside custom tools developed by ANRC networking experts to show you how to detect these network attacks and be prepared to handle them. Attending students will learn: Strategic, Tactical, and Operational Analysis Situational Awareness Current Networking Trends in Malware IDS / IPS evasion techniques Flow Analysis to help identify malicious behavior Coordinated Attacks Botnets Browser Attacks (Javascript, Obfuscation) Drive-By-Downloads OSI Layer 2,3,4,5,6,7 Attacks Social Engineering and Phishing Attacks Tunneling and Advanced Tunneling Who should attend: Threat operation analysts seeking to have a better understanding of network based malware and attacks Incident responders who need to quickly address a system security breach Forensic investigators who need to identify malicious network attacks Individuals who want to learn what malicious network activity looks like and how to identify it

Prerequisites: Knowledge of IPv4 networking protocols is required Skills and experience with Wireshark display filtering is required Knowledge of RSA Netwitness is recommended Attending students should have a thorough understanding of Microsoft Windows Python scripting abilities would be beneficial Comptia s Network+ and Security+ certifications would be beneficial but not required Courses That Follow Malicious Network Traffic Analysis: Advanced Network Traffic Analysis Basic Malware Analysis Operating Systems Intrusion Analysis Course Details: 5 Days M-F 70% Labs, 30% Lecture using real-world network attack captures Laptops are provided during the class Students receive USB Flash drives of all attack captures and student labs

Day 1 Agenda Analyzing Reconnaissance What Constitutes Malicious Traffic? Malicious traffic generators Recent trends in Malware Networking Malvertising Drive-By-Downloads Social Network propagation Scareware Trusted site utilization Organized crime Social engineering / phishing Network Attack Lifecycle Reconnaissance Phase Attack Phase Proliferation Phase OSI Layer Attacks User Layer Attacks Application Layer Attacks Presentation Layer Attacks Session Layer Attacks Transport Layer Attacks Network Layer Attacks Data Link Layer Attacks Physical Layer Attacks Targeted Attack vs. Large Scale Attack Network Intrusion Analysis Process Strategic Analysis Tactical Analysis Operational Analysis ANRC Network Intrusion Analysis Process Analytical Tools of the Trade IDS / IPS Technologies Flow Analysis Tools Network Flows Overview Protocol Analysis Tools Logs Other information sources Beginning Phase of Attacks Recon Types of Recon Social Engineering Visual Observation Search Engines Website Mining Network Tools Port Scanning Banner Grabbing Web Application Fuzzing NMAP Port Scans Host discovery TCP Ping Sweep TCP Connect Scan XMAS Tree Scan SYN Stealth Scan UDP Scan O/S Discovery Scans Afternoon Labs

Day 2 Agenda OSI Layer Attack Types Vulnerability Discovery Phase Vulnerability Analysis Tools Vulnerability Analysis Detection User Layer Attacks Phishing Spear Phishing Whaling Social Engineering Emails User Layer Analyst Takeaways Application Layer Attacks Input Validation Attacks SQL Injection Brute Force Attacks Browser Attacks Drive-by-downloads XSS Flash, Active X, Javascript IE and Firefox Exploits Application Layer Analyst Takeaways Presentation Layer Attacks SMB MS08-067 study ASN Attack study Presentation Layer Analyst Takeaways Session Layer Attacks Man-in-the-middle (MITM) Arp Poisoning / Spoofing Session Layer Analyst Takeaways Transport Layer Attacks TCP Sequence Prediction TCP Redirection Denial of Service Attacks Tunneling Transport Layer Analyst Takeaways Network Layer Attacks ICMP Redirects DHCP Poisoning / Spoofing Network Layer Analysis Takeaways Data Link Layer Attacks ARP Poisoning ARP Poisoning One Way Physical Layer Attacks Theft Power Outages Loss of Environmental Control Unauthorized data connections Physical Network Taps Physical Network Redirection

Day 3 Agenda Botnets Botnet History and Evolution Botnets 2003 to the present AgoBot Operation b49 Botnet Architectures and Design Command and Control Structures Central Peer-to-peer Hybrid Lifecycle Stages Initial Infection Secondary Infection Malicious Activity Maintenance and Upgrade Malicious Uses Port Scanning Exploitation DNS Proxy (Fast Flux Service Networks) Web Services Spam Services Botnet Communications Botnet Recruitment Communication protocols IRC, P2P, HTTP/HTTPS Twitter ICMP DNS / DDNS Bot Evasion and Concealment Identification Challenges Fast Flux Service Network Double Flux Services Analysis Techniques Baselining Network Activity Situational Awareness Ingress and Egress SMTP and HTTP FFSN Activity Flow Analysis Black Energy Walkthrough Zeus Walkthrough

Day 4 Agenda Advanced Communication Methods Covert Communication Methods Data Exfiltration Command and Control Methods Tunneling Encryption Both Tunneling and Encryption Network Layer Tunneling IPv6 Tunneling Incomplete support for IPv6 IPv6 auto-configuration Malware that enables IPv6 ICMP Tunneling Analyst Takeaways Transport Layer Tunneling TCP / UDP Tunneling Analyst Takeaways Application Layer Tunneling HTTP Tunneling DNS Tunneling DNSCat Analyst Takeaways Traffic Cloaking Using websites to conceal malicious activities Limited attribution Social Networking and Encryption benefits Cloud Computing Data Centers

Course Labs Day 1 Netflow Analysis Tools Lab Wireshark Exercise Part 1 Wireshark Exercise Part 2 Lab 01 - Identify the Reconnaissance #1 Lab 02 - Identify the Reconnaissance #2 Lab 03 - Identify the Reconnaissance #3 Lab 04 - Identify the Reconnaissance #4 Lab 05 - Identify the Reconnaissance #5 Lab 06 - Identify the Reconnaissance #6 Lab 07 - Identify the Reconnaissance #7 Day 2 Lab 08 - Identify the OSI Layer Intrusion #1 Lab 09 - Identify the OSI Layer Intrusion #2 Lab 10 - Identify the OSI Layer Intrusion #3 Lab 11 - Identify the OSI Layer Intrusion #4 Lab 12 - Identify the OSI Layer Intrusion #5 Lab 13 - Identify the OSI Layer Intrusion #6 Lab 14 - Identify the OSI Layer Intrusion #7 Lab 15 - Identify the OSI Layer Intrusion #8 Lab 16 - Identify the OSI Layer Intrusion #9 Day 3 Lab 17 - Identify the Botnet #1 Lab 18 - Identify the Botnet #2 Lab 19 - Identify the Botnet #3 Day 4 Lab 20 - Find and decrypt the covert channel Day 5 Student Practical Demonstration: Using the tools, skills, and methodologies taught in Days 1 through 4 of the class students will uncover a multi-part network intrusion. In the intrusion capture file there will be at least 3 Application Layer attacks, 2 Advanced Communications Methods, and a hacker toolkit to discover. Students will have to prepare a report detailing the attack from start to finish as well as document what things the hacker did as well as what information was leaked if any.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information