This course is designed for Networking, Law Enforcement, Government and Security personnel that need to develop a set of packet investigation techniques through study of the critical networking Protocols, Penetration Testing and Exploits using Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.

*Note: This class will require prolonged access and utilization of a functional networking laboratory environment and associated equipment and two more students and one cadre in the classroom for remote access operation and tasking as well as public Real-World testing as proof-of-concept.

Format: 10 days Classroom Instruction

Start/End Times: 0830-1630

Recommended Class Size: 5-10

Audience: Advanced

Recommended Course Prerequisites:

It is recommended that attendees to this course have significant experience and knowledge of wireless networking terms and Network Analysis. It is further recommended that they complete: ‘Wireshark 2 – Next Generation Protocols & Advanced Network Analysis Using Wireshark (LE)’ Attendees will be required to bring their own laptop. Information for downloading the required software will be provided at time of enrollment.

Course Description:

Law Enforcement and Government personnel are frequently encountering situations that require advanced wired network penetration to facilitate data collection. This course will provide the student with a set of advanced investigate techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark, BRO, Metasploit, NMAP and Nessus to provide insight into the following areas:

  • Selecting and deploying the proper tools to collect the required evidence
  • Specialized configuration, operation and advanced traffic capture tips
  • Recognition, analysis and exploitation techniques for a many of the key networking protocols, and networking infrastructure devices
  • Specialized Analysis techniques including data traffic reconstruction and viewing techniques
  • Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents

Course Details:

I. Introduction to Wireless Environments

  • Logistics
  • Wired / Ethernet Networking Fundamentals

II. Collecting the Data – Data Capture

  • Passive Data Collection
    • Configuring Wireshark
      • Enhanced features to support extended capture – USBPcap / Androiddump
      • Using capture filters to capture specific suspect traffic
    • Stealth / Silent Collection of Data – Tips & Techniques
    • Location – How Network Infrastructure Devices Affect Network Analysis
      • Hubs, Switches, Taps, Routers, Firewalls and CSU / DSU
    • What’s Normal vs. Abnormal – The Role of Baseline Files
      • Building a Baseline Library – Where Do I go to Find Samples?
  • Identifying the Target
    • Passive Methodology
      • Utilizing traffic captures to focus on target identification and remote activation
      • Passive Fingerprinting
    • Active Methodologies
      • Reconnaissance Scanning
      • Social Engineering
  • Diagraming Conversations – A Picture is worth 1024 Words

III. Wired Exploitation Fundamentals

  • Analyzing and Exploiting the 3 Different Network Communication Architectures
    • Client / Server vs. Peer-to-Peer vs. Terminal Host
  • Exploiting the Target – Layer 2 (Physical & DLC Layers) Exploits
    • Driver & Device Exploits
    • Man-in-the-Middle – Hardware vs. Software techniques
    • Key Loggers – Hardware vs. Software
    • MAC / ARP Floods
  • Exploiting the Target – Layer 3 (Network Layer) Exploits
    • IPv4 Header and Option Exploits
    • IPv6 Tunnel Exploits
    • ICMPv4/v6 Exploits
    • IPX SAP Exploits
  • Exploiting the Target – Layer 4 (Transport Layer) Exploits
    • Exploiting TCP
      • Header & Options
      • Resets
      • Flags
    • Exploiting SCTP
    • Firewall & Intrusion Detection System (IDS) Exploits
  • Exploiting the Target – Layer 5-7 (Application) Exploits
    • Drive-by-Downloads
    • Ransomware, Crimeware and Malware – Worms & Virus’s
    • Fake Login’s & Password Hijacks
    • Overflow’s
    • Internet Exploits
  • Advanced Wired Network Penetration and Compromise Techniques
    • Rouge Devices
    • Denial of Service (DoS / DDoS) Attacks
    • Unattended devices
    • Advanced means of compromise
  • Putting it all Together – Practical Exercises
    • Laboratory Work
      • Preparing Scripts and files
      • Configuring devices
      • Executing controlled tests
    • Real-World Testing and Evaluation
      • Preparing Scripts and files
      • Configuring devices
      • Real-World execution and evaluation