Wireshark 3 – Network Forensics Analysis of Instrusions and Exploits

This course is designed for Networking, Government and Security personnel that need to develop a set of packet investigation techniques through study of the Next Generation Networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.

Format: 5 days Classroom Instruction
Start/End Times: 0830-1630
Recommended Class Size: 5-12
Audience: Intermediate
More information: www.scos.training
Recommended Course Prerequisites: Completion of Wireshark 1 and Wireshark 2 or equivalent networking knowledge and experience using Wireshark.

Description:

Network Forensics Analysis encompasses the skills of not only capturing suspicious data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate techniques focusing on the use of vendor-neutral, OpenSource Tools to provide insight into the following areas:

  • Forensics Analysis fundamentals and data-mining
  • Open-Source Network Forensics Tools
  • Network security principles including encryption technologies and defensive configurations of network infrastructure devices
  • Security threat recognition for a variety of network attack and exploit scenarios including network reconnaissance techniques, intrusion and exploit methodologies, Bot-Net threat recognition as well as common user protocol vulnerabilities including many IP related Protocols such as IPv4/v6 / TCP, DNS/DNSSec, ARP, ICMPv4/v6, and an introduction to Voice / Video over IP and Wireless Networking technologies
  • Specialized Network Forensics Analysis techniques including suspicious data traffic reconstruction and viewing

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

 

Course Details:

I. Introduction to Network Forensic Analysis

  • Overview and history of Network Forensics Analysis
  • Answering the key incident response questions
  • Sample Six step Network Forensics Analysis Methodology

II. Recap – Collecting the Data and Statistical Forensics Analysis

  • Data Collection
    • Configuring Wireshark 2.0
      • New features to enhance capture – USBPcap / Androiddump
      • Using capture filters to capture specific suspect traffic
    • Stealth / Silent Collection of Data – Tips & Techniques
    • WiFi Device Analysis using AirPcap Control Panel
      • New Wireless Toolbar and WiFi features – WEP / WPA / WPA2 Decryption
      • Bluetooth capture features
    • Location – How Network Infrastructure Devices Affect Network Analysis
      • Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU

III. Forensics Analysis of Encryption Protocols

  • Secure Socket Layer (SSL / Transport Layer Security (TLSv1-3)
  • Wired Equivalency Protocol (WEP)
  • WiFi Protected Access (WPA / WPA2)
  • VPN and Tunneling Protocols
  • Security Vulnerabilities & Exploits

IV. Introduction to Forensics Analysis of Multimedia Protocols – Voice, Video, T.38 and T.120 over IP

  • Introduction -Overview & Terminology
    • Multimedia Protocols and Standards
    • Hardware
  • Analyzer Placement & Configuration
    • Where to collect the Data
    • Wireshark Multimedia Specific Menus
  • Overview of Multimedia Protocols
    • H.323
    • SIP
    • MGCP / SCCP
    • Voice & Video Codec(s)
  • 38 Fax over IP
  • T.120 Conference over IP
  • Multimedia Reassembly and Playback
  • Multimedia Vulnerabilities & Exploits

V. Introduction to Forensics Analysis of Wireless (WiFi) Traffic

  • Introduction – Overview & Terminology
    • WiFi Protocols and Standards
      • 802.11a / b/ g/ n/ ac
    • Hardware – Antennas & Access Points
  • Analyzer Placement & Configuration
    • Where to collect the Data
    • Wireshark WiFi Specific Menus
  • RF Physics, Propagation & Mathematics
  • WiFi Communication – Service Sets
    • BSSID
    • ESSID
    • IBSS / Adhoc
  • WiFi MAC Layer
    • Finding a Service Set
    • Connecting to a Service Set
    • Authentication / Association
    • Moving Between Service Sets
    • Disconnection from Service Sets
  • SoHo / Internet of Things (IoT) Technologies
    • 802.15 Bluetooth
    • 802.16 WiMAX
    • Home RF
    • ZigBee
    • Infrared
    • Zwave
    • RFID
  • WiFi Exploitation – Security Vulnerabilities & Exploits
    • Rouge Devices
    • Man-in-the-Middle
    • Malware / Ransomware
    • Denial of Service (DoS / DDoS) Attacks
    • Bots / Botnets

VI. I’ve Been Hacked – Network Forensics Analysis – Intrusions, Exploits, Etc.

  • Overview & Terminology
  • Identifying Target Networks Vulnerabilities
    • Scanning & Reconnaissance
    • Tools & Techniques
    • Identifying Scanning Tools
  • You Can Trust Me – Social Engineering
  • Exploiting the Target – Layer 2 (Physical & DLC Layers) Exploits
    • Driver & Device Exploits
    • Man-in-the-Middle
    • MAC / ARP Floods
  • Exploiting the Target – Layer 3 (Network Layer) Exploits
    • IPv4 Header and Option Exploits
    • IPv6 Tunnel Exploits
    • ICMPv4/v6 Exploits
    • IPX SAP Exploits
  • Exploiting the Target – Layer 4 (Transport Layer) Exploits
    • Exploiting TCP
      • Header & Options
      • Resets
      • Flags
    • Exploiting SCTP
    • Firewall & Intrusion Detection System (IDS) Exploits
  • Exploiting the Target – Layer 5-7 (Application) Exploits
    • Drive-by-Downloads
    • Ransomware, Crimeware and Malware – Worms & Virus’s
    • Fake Login’s & Password Hijacks
    • Overflow’s
    • Internet Exploits
  • Attacks
    • Bots, Botnets, Bot Herders
    • Denial of Service (DoS / DDoS)
  • Detecting, Analyzing and Reconstructing Suspicions Activates
    • Baselines & Sample Libraries
    • Color Rules
    • Filtering & Pattern recognition

VII. Where do we go from Here?

  • Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
  • Wireshark 1 – TCP/IP Network Analysis
  • Wireshark 2 – Advanced Network and Security Analysis
  • Wireshark 3 – Network Forensics Analysis
  • Wireshark 4 – Mobile Device Forensics Analysis
  • Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
  • Wireshark 6 – VoIP Advanced Network Analysis
  • Wireshark 7 – WiFi Advanced Network Analysis
  • Wireshark 8 – SCADA and ICS Advanced Network Analysis