Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis

سرفصل های دوره

Cyber attacks can take different forms and be performed by threat groups with different goals and methods. In this course, you will learn how signature and session analysis can be used to detect those attacks with network data.

1 - Course Overview

1. Course Overview

2 - Preparing for Signature and Session Analysis

1. Introduction to Signature and Session Analysis

2. Prerequisites and Resources

3. Globomantics Threats and Network

4. Demo - Environments and Importing Packet Captures

5. Comparing Signature and Session Analysis

3 - Performing Signature Analysis with Snort

1. Getting Started with Session Analysis

2. Demo - Sample Session Analysis Signatures

3. Demo - Investigating Port Scans and File Downloads

4. Demo - TheHive Project and Investigation Next Steps

4 - Understanding Suspicious DNS and HTTP(S) Traffic with Bro

1. Introduction to Command and Control

2. Demo 1a - Kibana Bro Dashboards - DNS

3. Demo 1b - Kibana Bro Dashboards - HTTP

4. Demo 1c - Kibana Bro Dashboards - SSL

5. Demo 2 - DNS Metadata

6. Demo 3a - HTTP(S) Traffic

7. Demo 3b - Exploring Certificates

8. Demo 4 - Entering Details in The Hive Project

9. Summarizing DNS and HTTPS Session Analysis

5 - Analyzing Encrypted Sessions

1. Options for Analyzing Encrypted Traffic

2. Demo - Analyzing TLS Metadata to Detect Malware with JA3

6- Reconstructing the Attack and Improving Defenses

1. Piecing It Together

2. Demo - Reviewing Evidence and Evaluating Threats

3. Summary and Defensive Controls

7 - Wrapping Up

1. Next Steps

2. Methods and Threat Groups

3. Your Toolkit

4. Course Summary

Exercise Files

set-detecting-malicious-traffic-signature-session-analysis.zip

189,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight