- This event has passed.
Deep Packet Analysis with Wireshark and Tshark
September 20, 2017 @ 6:30 pm
In this meetup we will use Wireshark to decrypt HTTPS streams, reconstruct audio streams and analyze sophisticated attacks. We will also use tshark to analyze pcap file and extract field to process with command line tools.
Please make sure tat you have wireshark and tshark installed.
The Security Operations Center (SOC) is the focal point for safeguarding against cyber-related incidents, monitoring security, and protecting assets of the enterprise network and endpoints. Threat Hunters are responsible for enterprise situational awareness and continuous surveillance, including monitoring traffic, blocking unwanted traffic to and from the Internet, and detecting any type of attack. Point solution security technologies are the starting point for hardening the network against possible intrusion attempts.
This meetup series will provide professionals with greater industry acceptance as a threat hunter, incident handler, risk administrator, SOC analyst, forensic investigator, etc.
• Log Analysis Toolset: cut, awk, grep ,ngrep , less, head, more, sed, tshark
• Log Analysis and Python
• Log Forensics
• Web Application Log Analysis: Apache & IIS Log Forensics
• Kernel Audit Log and Windows Event Logs
• Network Forensics and Packet Analysis
• In-depth Wireshark and tshark
• Real time packet sniffing, analytics and filtering
• DoS/DDoS tracing and identification
• Session reconstruction and reverse capturing
• Windows Forensics
• Linux Forensics
• In-depth Exploit forensics
• Data Leakage Investigation and Threat Intelligence
• DNS / DHCP Log Analysis
• A laptop with 100GB free space, 8GB RAM VMware or VirtualBox installed. SSD disk is strongly advised.
• Make sure you have a good linux distro (Debian, Ubuntu, Kali Linux, etc.) installed on your host or VMware/Virtualbox platform. We will use the linux box for analysis. You can use your Windows or Mac OS as well if you know what you are doing. You can download Kali Linux (my favorite) at https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
• Don’t forget to download course materials from http://bit.do/ThreatHunting
Feel free to post your comments & questions to the message board and feel free to answer any question if you know the answer 😉
Let the next free training session begin…