uCertify

SEC 440: Network Forensics

(WU-SEC440.AW1)
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Foundations of Network Forensics and Protocols and Deep Packet Analysis

  • Introduction
  • Types of network forensics
  • Setting up the environment for analysis
  • Case study: Suspicious Web Server
  • Introduction to Protocols and Deep Packet Analysis
  • The OSI model
  • The TCP/IP model
  • The Packet structure
  • Case study: Curious case of protocol misuse
  • Deep Packet Inspection
  • Case study: Investigating Distributed Denial of service attacks
2

Flow Analysis versus Packet Analysis and Conducting Log Analysis

  • Introduction
  • Statistical Flow analysis
  • Flow Record and FRP Systems
  • Uniflow and BitFlow
  • Types of Sensor deployment
  • Flow analysis
  • Introduction to Conducting Log Analysis
  • Investigating Remote Login attempts on SSH
  • Investigating Web Server Attacks with Splunk
  • Investigating Proxy Logs
3

Wireless Forensics and TLS Decryption and Visibility

  • Introduction
  • Basics of Radio Frequency Monitoring
  • The 802.11 standard
  • Evidence types in wireless local area networking
  • Other wireless attacks and their analysis
  • Introduction to TLS Decryption and Visibility
  • Techniques to decrypt SSL/TLS communication
  • Examining SSL/TLS traffic using proxy
4

Demystifying Covert Channels and Analyzing Exploit Kits

  • Introduction
  • Identifying covert communication using proxies
  • Using MitmProxy to decrypt Dropbox traffic
  • Using Dropbox API to gather attack details
  • Uncovering the attack pattern
  • Uncovering DNS misuse
  • DNS Exfiltration
  • Understanding SmokeLoader and GuLoader
  • Suricata
  • Network forensics with Security Onion
  • Extracting malicious payload
  • Using Fakenet-Ng to simulate a network
5

Automating Network Forensics and Backtracking Malware

  • Introduction
  • Parsing the Syslog format
  • IP reputation analysis
  • Writing dissectors for protocols in Lua
  • Introduction to Backtracking Malware
  • Investigating Cobalt Strike Encrypted traffic
  • Investigating TeamViewer and AnyDesk
6

Investigating Ransomware Attacks and Investigating Command and Control Systems

  • Introduction
  • Case Study: BlackCat Ransomware
  • Case Study: Clop Ransomware Group
  • Case Study: REVIL ransomware at a Bank
  • Investigating Command and Control Systems
  • Falco for Kubernetes Network Policy Violations
  • Network Traffic Monitoring in Cloud Environments
  • Investigating Meterpreter Stageless Reverse Shell
7

Investigating Attacks on Email Servers and Investigating Web Server Attacks

  • Introduction
  • Analysis of ProxyLogon attack
  • Investigating Email authentication logs
  • Introduction to Investigating Web Server Attacks
  • Web Server attack analysis

1

Foundations of Network Forensics and Protocols and Deep Packet Analysis

  • Capturing Network Packets Using TCPDump
  • Performing Network Analysis Using Wireshark
  • Using tshark to Filter Data from a PCAP File
2

Flow Analysis versus Packet Analysis and Conducting Log Analysis

  • Capturing and Analyzing Network Traffic Using TCPDump and Zeek
  • Generating IPFIX from PCAP
  • Analyzing SiLK Flow Records
  • Investigating SSH Logs
3

Wireless Forensics and TLS Decryption and Visibility

  • Analyzing JA3 Fingerprints in TLS Traffic Using Wireshark
  • Capturing Browser Requests Using mitmproxy
4

Demystifying Covert Channels and Analyzing Exploit Kits

  • Resolving IP Addresses for Network Analysis
  • Investigating DNS Misuse
  • Capturing and Detecting ICMP Traffic Using Suricata
5

Automating Network Forensics and Backtracking Malware

  • Performing IP Reputation Analysis
  • Monitoring a TeamViewer Session
  • Investigating AnyDesk Sessions
6

Investigating Ransomware Attacks and Investigating Command and Control Systems

  • Setting Up AWS VPC Flow Logs with CloudWatch Integration
  • Creating an AWS EKS Cluster
7

Investigating Attacks on Email Servers and Investigating Web Server Attacks

  • Investigating the ProxyLogon Attack

Related Courses

All Courses