Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20

Tactical Wireshark

A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence

Paperback Engels 2023 9781484292907
Verwachte levertijd ongeveer 9 werkdagen

Samenvatting

Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.
Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.

What You Will Learn

-Use Wireshark to identify intrusions into a network
-Exercise methods to uncover network data even when it is in encrypted form
-Analyze malware Command and Control (C2) communications and identify IOCs
-Extract data in a forensically sound manner to support investigations
-Leverage capture file statistics to reconstruct network events

Who This Book Is ForNetwork analysts, Wireshark analysts, and digital forensic analysts.

Specificaties

ISBN13:9781484292907
Taal:Engels
Bindwijze:paperback
Uitgever:Apress
Verschijningsdatum:13-4-2023
Hoofdrubriek:IT-management / ICT
ISSN:

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Inhoudsopgave

Chapter 1: Customization of the Wireshark Interface Chapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis

No of pages - 18

Sub -Topics
1. Identifying columns to delete from the default displays
2. Adding the source and destination ports for easy traffic analysis
3. Specialty column customization for malware analysis
Intrusions Chapter 2: Capturing Network Traffic Chapter Goal: Setup a network capture in Wireshark

No of pages: - 24

Sub - Topics
1. Prerequisites for capturing live network data
2. Working with Network Interfaces
3. Exploring the network capture options
4. Filtering While Capturing
Chapter 3: Interpreting Network Protocols Chapter Goal: A deep understanding of the network protocols at the packet level

No of pages : 30

Sub - Topics:
1. Investigating IP, the workhorse of the network
2. Analyzing ICMP and UDP
3. Dissection of TCP traffic
4. Reassembly of packets
5. Interpreting Name Resolution
Chapter 4: Analysis of Network Attacks Chapter Goal: Understand the hacking mindset and leverage that to identify attacks

No of pages: 30

Sub - Topics:
1. Introducing a Hacking Methodology
2. Examination of reconnaissance network traffic artifacts
3. Leveraging the statistical properties of the capture file
4. Identifying SMB based attacks
5. Uncovering HTTP/HTTPS based attack traffic
Chapter 5: Effective Network Traffic Filtering Chapter Goal: Use of the complex filtering capability of Wireshark to extract attack data



No of pages: 35

Sub - Topics:
1. Identifying filter components
2. Investigating the conversations
3. Extracting the packet data
4. Building Filter Expressions
5. Decrypting HTTPS Traffic
Chapter 6: Advanced Features of Wireshark Chapter Goal: A fundamental review and understanding of the advanced features of Wireshark



No of pages: 35

Sub – Topics:
1. Working with cryptographic information in a packet
2. Exploring the protocol dissectors of Wireshark
3. Viewing logged anomalies in Wireshark
4. Capturing traffic from remote computers
5. Command line tool tshark
6. Creating Firewall ACL rules
Chapter 7: Scripting and interacting with Wireshark Chapter Goal: Using scripts to extract and isolate data of interest from network capture files

No of pages: 30

Sub – Topics:
1. Lua scripting
2. Interaction with Pandas
3. Leveraging PyShark
Malware Chapter 8: Basic Malware Traffic Analysis Chapter Goal: Develop an understanding of the different stages of a malware infection



No of pages: 36

Sub – Topics:
1. Customization of the interface for malware analysis
2. Extracting the files
3. Recognizing URL/Domains of an infected site
4. Determining the connections as part of the infected machine
5. Scavenging the infected machine meta data
6. Exporting the data objects
Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic Chapter Goal: Identify the encoding or obfuscated method in network traffic



No of pages: 40

Sub – Topics:
1. Investigation of njRAT
2. Analysis of Wanna Cry
3. Exploring Cryptolocker
4. Dissecting TRITON
5. Examining Trickbot
6. Understanding exploit kits
Chapter 10: Dynamic Malware Network Activities Chapter Goal: Review and understand malware network activity as it happens



No of pages: 40

Sub – Topics:
1. Setting up network and service simulation
2. Monitoring malware communications and connections at run time and beyond
3. Detecting network evasion attempts
4. Investigating Cobalt Strike Beacons
5. Exploring C2 backdoor methods
6. Identifying Domain Generation Algorithms
Forensics Chapter 10: Extractions of Forensics Data with Wireshark Chapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence



No of pages: 30

Sub – Topics:
1. Interception of telephony data
2. Discovering DOS/DDoS
3. Analysis of HTTP/HTTPS Tunneling over DNS
4. Carving files from network data
Chapter 11: Network Traffic Forensics

Chapter Goal: An understanding of extraction of potential forensics data



No of pages: 30

Sub – Topics:
1. Isolation of conversations
2. Detection of Spoofing, port scanning and SSH attacks
3. Reconstruction of timeline network attack data
4. Extracting compromise data
Chapter 12: Conclusion Chapter Goal: Review and summary of covered content



No of pages: 10

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Tactical Wireshark