Tactical Wireshark
A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
Paperback Engels 2023 9781484292907Samenvatting
Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.
Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.
What You Will Learn
-Use Wireshark to identify intrusions into a network
-Exercise methods to uncover network data even when it is in encrypted form
-Analyze malware Command and Control (C2) communications and identify IOCs
-Extract data in a forensically sound manner to support investigations
-Leverage capture file statistics to reconstruct network events
Who This Book Is ForNetwork analysts, Wireshark analysts, and digital forensic analysts.
Specificaties
Lezersrecensies
Inhoudsopgave
No of pages - 18
Sub -Topics
1. Identifying columns to delete from the default displays
2. Adding the source and destination ports for easy traffic analysis
3. Specialty column customization for malware analysis
Intrusions Chapter 2: Capturing Network Traffic Chapter Goal: Setup a network capture in Wireshark
No of pages: - 24
Sub - Topics
1. Prerequisites for capturing live network data
2. Working with Network Interfaces
3. Exploring the network capture options
4. Filtering While Capturing
Chapter 3: Interpreting Network Protocols Chapter Goal: A deep understanding of the network protocols at the packet level
No of pages : 30
Sub - Topics:
1. Investigating IP, the workhorse of the network
2. Analyzing ICMP and UDP
3. Dissection of TCP traffic
4. Reassembly of packets
5. Interpreting Name Resolution
Chapter 4: Analysis of Network Attacks Chapter Goal: Understand the hacking mindset and leverage that to identify attacks
No of pages: 30
Sub - Topics:
1. Introducing a Hacking Methodology
2. Examination of reconnaissance network traffic artifacts
3. Leveraging the statistical properties of the capture file
4. Identifying SMB based attacks
5. Uncovering HTTP/HTTPS based attack traffic
Chapter 5: Effective Network Traffic Filtering Chapter Goal: Use of the complex filtering capability of Wireshark to extract attack data
No of pages: 35
Sub - Topics:
1. Identifying filter components
2. Investigating the conversations
3. Extracting the packet data
4. Building Filter Expressions
5. Decrypting HTTPS Traffic
Chapter 6: Advanced Features of Wireshark Chapter Goal: A fundamental review and understanding of the advanced features of Wireshark
No of pages: 35
Sub – Topics:
1. Working with cryptographic information in a packet
2. Exploring the protocol dissectors of Wireshark
3. Viewing logged anomalies in Wireshark
4. Capturing traffic from remote computers
5. Command line tool tshark
6. Creating Firewall ACL rules
Chapter 7: Scripting and interacting with Wireshark Chapter Goal: Using scripts to extract and isolate data of interest from network capture files
No of pages: 30
Sub – Topics:
1. Lua scripting
2. Interaction with Pandas
3. Leveraging PyShark
Malware Chapter 8: Basic Malware Traffic Analysis Chapter Goal: Develop an understanding of the different stages of a malware infection
No of pages: 36
Sub – Topics:
1. Customization of the interface for malware analysis
2. Extracting the files
3. Recognizing URL/Domains of an infected site
4. Determining the connections as part of the infected machine
5. Scavenging the infected machine meta data
6. Exporting the data objects
Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic Chapter Goal: Identify the encoding or obfuscated method in network traffic
No of pages: 40
Sub – Topics:
1. Investigation of njRAT
2. Analysis of Wanna Cry
3. Exploring Cryptolocker
4. Dissecting TRITON
5. Examining Trickbot
6. Understanding exploit kits
Chapter 10: Dynamic Malware Network Activities Chapter Goal: Review and understand malware network activity as it happens
No of pages: 40
Sub – Topics:
1. Setting up network and service simulation
2. Monitoring malware communications and connections at run time and beyond
3. Detecting network evasion attempts
4. Investigating Cobalt Strike Beacons
5. Exploring C2 backdoor methods
6. Identifying Domain Generation Algorithms
Forensics Chapter 10: Extractions of Forensics Data with Wireshark Chapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence
No of pages: 30
Sub – Topics:
1. Interception of telephony data
2. Discovering DOS/DDoS
3. Analysis of HTTP/HTTPS Tunneling over DNS
4. Carving files from network data
Chapter 11: Network Traffic Forensics
Chapter Goal: An understanding of extraction of potential forensics data
No of pages: 30
Sub – Topics:
1. Isolation of conversations
2. Detection of Spoofing, port scanning and SSH attacks
3. Reconstruction of timeline network attack data
4. Extracting compromise data
Chapter 12: Conclusion Chapter Goal: Review and summary of covered content
No of pages: 10
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan