Capturing packets is easy, but making sense of them isn’t. This course will teach you the fundamentals of packet analysis. You’ll learn all about common protocols, how to troubleshoot network issues, and how to investigate security incidents at the packet level. It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Syllabus

  • How networking works at the packet level.
  • How to interpret packet data at a fundamental level in hexadecimal or binary.
  • Basic and advanced analysis features of Wireshark.
  • How to analyze packets on the command line with tshark and tcpdump.
  • Reducing capture files with Berkeley packet filters and Wireshark display filters.
  • Techniques for capturing packets to make sure you’re collecting the right data.
  • How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
  • How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
  • Normal and abnormal stimulus and response patterns for common protocols.
  • Troubleshooting connectivity issues at the packet level.
  • Techniques for carving files from packet streams.
  • Understanding network latency and how to locate the source.
  • How common network attacks are seen by an intrusion detection systems.
  • Techniques for investigating security alerts using packet data.
  • How malware communicates on the network.

Applied Network Defense | Practical Packet Analysis

ادامه مطلب

Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots — security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft. Intrusion Detection Honeypots teaches you how to: – Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.

syllabus

  • Leverage honey services that mimic HTTP, SSH, and RDP.
  • Hide honey tokens amongst legitimate documents, files, and folders.
  • Entice attackers to use fake credentials that give them away.
  • Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception.
  • Monitor honeypots for interaction and investigate the logs they generate.

Chris Sanders | Intrusion Detection Honeypots: Detection through Deception

ادامه مطلب

Building Intrusion Detection Honeypots will teach you how to build, deploy, and monitor honeypots designed to catch intruders on your network. You’ll use free and open source tools to work through over a dozen different honeypot techniques, starting from the initial concept and working to your first alert. Building Intrusion Detection Honeypots is the seminal course on strategic honeypot deployment for network defenders who want to leverage deception to find attackers on their network and slow them down.

syllabus

  • What makes an intrusion detection honeypot different from research honeypots.
  • How to leverage the four characteristics of honeypots for the defender’s benefit: deception, interactivity, discoverability, and monitoring.
  • How to think deceptively with an overview of deception from a psychological perspective.
  • How to use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
  • Tools and techniques for building service honeypots for commonly attacked services like HTTP, SSH, and RDP.
  • How to hide honey tokens amongst legitimate documents, files, and folder.
  • To entice attackers to use fake credentials that give them away.
  • Techniques for embedding honey credentials in services and memory so that attackers will find and attempt to use them.
  • How to build deception-based defenses against common attacks like Kerberoasting and LLMNR spoofing.
  • Monitoring strategies for capturing honeypot interaction and investigating the logs they generate.

Applied Network Defense | Building Intrusion Detection Honeypots

ادامه مطلب

Detection Engineering with Sigma will teach you how to write and tune Sigma rules to find evil in logs using real-world examples that take you through the detection engineering process. We’ll dissect real Sigma detection rules focused on finding a variety of malicious activity in diverse log sources. Once you have a good handle on these components, you’ll start writing and tuning your own rules in a series of case studies. In some case studies, I’ll describe a detection gap and you’ll write a rule on your own before I show you how I tackled the problem myself. In other scenarios, you’ll write or modify a rule on your own and submit it to me for feedback. In this course, you are never alone! I will be with you 100% of the way to help you understand the structure of Sigma rules, how to get from idea to finished rule, and best practices for writing resilient rules.

Syllabus

  • The detection engineering process from initial detection gap identification to deploying your rule.
  • The structure of Sigma rules, including the difference between lists and maps, how condition expressions work, and all the essential metadata that’ll be useful for investigating alerts it generates.
  • How to use the SOC Prime Sigma UI plugin for Kibana to develop rules with a graphical editor.
  • Sigmac usage to convert rules to popular investigation and detection tool formats like Splunk, ELK, and others.
  • How to write resilient rules that find more evil, stand the test of time, and cause headaches for adversaries.
  • How to write your own detection rules using familiar log sources like Windows Events, Zeek Logs, Sysmon Logs, AWS CloudTrail logs, and more.
  • Guidelines and best practices for developing Sigma rules you can share with third parties, including the public Sigma rule repository.
  • The principles of detection as code with a tutorial on managing your custom ruleset with Git.
  • Tips and tricks for using Sigma and its tools on the command line.
  • How to leverage popular Sigma integrations like Security Onion Playbook.

Applied Network Defense | Detection Engineering with Sigma

ادامه مطلب
Splunk is a data analysis platform that allows security practitioners to centralize data, search through it, correlate events, and create security analytics and dashboards. It’s also the most popular commercial SIEM used by security teams to perform investigations and threat hunting. Splunk for Security Analysts will teach you how to use Splunk to onboard data, extract meaningful fields, and search through it using real security data to conduct security research and investigations. This course goes beyond the documentation to provide a diverse set of real-world security data that you’ll use to gain confidence with Splunk’s extensive capabilities.

syllabus

The Splunk Data Pipeline
Data Onboarding
Finding and Exploring Data
Enrichment and Advanced Filtering
Sharing, Scheduling, and Alerting
Visualization and Dashboards
ادامه مطلب

Learn to use YARA to detect malware, triage compromised systems, and perform threat intelligence research. Detecting malicious elements within files is a core security skill for incident responders, SOC analysts, threat intelligence analysts, malware analysts, and detection engineers alike. There are different ways to accomplish that goal, but none are more flexible or widely used as YARA. YARA is a pattern-matching tool used to help identify and classify malware in a variety of scenarios. By writing YARA rules, security practitioners can detect whether malware exists within a group of files, triage a potentially compromised host, or identify common elements between samples to bolster threat intelligence.

Syllabus

YARA Fundamentals
YARA Rule Syntax
Detection Research Methodology
Ruleset Management
Adversary Tradecraft
ادامه مطلب