Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.
Prerequisites
Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP. Familiarity with Wireshark and the Unix/Linux command line.
The Cogent Range Packet Capture Analysis and Manipulation exercise is recommended before starting this exercise.
Expected Duration
3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Law Enforcement/Counterintelligence Forensics Analyst 2
- Cyber Defense Forensics Analyst 2
- Cyber Defense Analyst 2
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 2
- Vulnerability Assessment Analyst 2
- Incident Response Package
- Attack, Defense, and System Administration Exercises Package
