Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-800-268-7737 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

Focal Point - Malicious Network Traffic Analysis

New – Gain the skills needed to perform critical, real-time analysis in a production environment.

GK# 100218

Course Overview

TOP

There are a tremendous number of network-based attacks occurring every day, and that number is increasing rapidly. To defend against these attacks, they must be understood at the packet level. This course teaches you how to analyze, detect, and understand the network-based attacks that have become pervasive on today’s Internet.

By learning to identify statistical patterns and isolate events of interest, students will gain the skills needed to perform critical, real-time analysis in a production environment. Malicious Network Traffic Analysis employs several traffic analysis tools including Wireshark, Network Miner and RSA’s NetWitness Investigator alongside custom tools and scripts developed by our networking experts to train students how to detect and analyze these network attacks.

Student Practical:
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class students will uncover a multi-part network intrusion. In the intrusion capture files there will be multiple application-layer attacks, multiple advanced communications methods, and a hacker toolkit to discover. Students will have to prepare a report detailing the attack from start to finish as well as document what things the hacker did as well as what information was leaked if any.

 

Learn more about this topic. View the recorded webinar From Analyst to Threat Hunter.

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

Class is Full
This session is full. Please select a different session.

What You'll Learn

TOP

In this class you will come away with the following knowledge:

  • Identify and analyze attacks across the various layers of the network stack
  • Identify signs of reconnaissance being conducted against a network and recommend mitigation steps to limit the data provided to attackers
  • Perform flow analysis to uncover anomalous and malicious activity at a statistical level
  • Detect and investigate tunneling, botnet command & control traffic, and other forms of covert communications being utilized in a network
  • Accurately correlate multiple stages of malicious activity in order to build a complete picture of the scope and impact of a coordinated network intrusion

Course Outline:

Analyzing Reconnaissance

  • What Constitutes Malicious Traffic?
  • Malvertising
  • Drive-By-Downloads
  • Social Network propagation 
  • Scareware
  • Trusted site utilization
  • Organized crime
  • Social engineering / phishing
  • Network Attack Lifecycle
  • OSI Layer Attacks
  • Targeted Attack vs. Large Scale Attack
  • Network Intrusion Analysis Process
  • Process
  • Analytical Tools of the Trade
  • Beginning Phase of Attacks 
  • Social Engineering
  • Visual Observation
  • Search Engines
  • Website Mining
  • Network Tools
  • Port Scanning
  • Banner Grabbing
  • Web Application Fuzzing
  • NMAP Port Scans

OSI Layer Attack Types

  • Vulnerability Discovery Phase
  • User Layer Attacks 
  • Application Layer Attacks
  • Drive-by-downloads
  • XSS
  • Flash, Active X, JavaScript
  • Browser Exploits
  • Application Layer Analyst Takeaways
  • Presentation Layer Attacks
  • Takeaways
  • Session Layer Attacks
  • Transport Layer Attacks
  • Network Layer Attacks
  • Data Link Layer Attacks
  • Physical Layer Attacks

Botnets

  • Botnet History and Evolution
  • Botnet Architectures and Design
  • Central
  • Peer-to-peer
  • Hybrid
  • Initial Infection
  • Secondary Infection
  • Malicious Activity
  • Maintenance and Upgrade
  • Malicious Uses
  • Botnet Communications
  • IRC, P2P, HTTP/HTTPS
  • Twitter
  • ICMP
  • DNS / DDNS
  • Bot Evasion and Concealment
  • Identification Challenges
  • Fast Flux Service Network
  • Double Flux Services
  • Analysis Techniques
  • Black Energy Walkthrough
  • Zeus Walkthrough

Advanced Communication Methods

  • Covert Communication Methods
  • Tunneling
  • Encryption
  • Both Tunneling and Encryption
  • Network Layer Tunneling – IPv6 Tunneling
  • Incomplete support for IPv6
  • IPv6 auto-configuration
  • Malware that enables IPv6
  • Transport Layer Tunneling
  • Application Layer Tunneling
  • Traffic Cloaking

Labs:

  • Wireshark Exercise Part 1
  • Wireshark Exercise Part 2
  • Metadata Analysis
  • Reconnaissance #1
  • Hard NOC Life
  • Reconnaissance #2
  • Reconnaissance #3
  • Big Bad Recon Scan
  • Global Consulting Intrusion #1
  • Global Consulting Intrusion #2
  • Holophone Intrusion #1
  • Holophone Intrusion #2
  • Multi-Stage #1
  • Holophone Intrusion #3
  • Holophone Intrusion #4
  • Advanced Persistent Threat
  • Global Consulting Intrusion #3
  • Data Mining
  • Johnson Trucking
  • Final Scenario

Prerequisites

TOP

Who Should Attend

TOP
  • Threat operation analysts seeking a better understanding of network-based malware and attacks
  • Incident responders who need to quickly address a system security breach
  • Forensic investigators who need to identify malicious network attacks
  • Individuals who want to learn what malicious network activity looks like and how to identify it

Follow-On Courses

TOP
Course Delivery

This course is available in the following formats:

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 5 day

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 5 day

Request this course in a different delivery format.
Enroll