Wireshark: Malware and Forensics

Wireshark: Malware and Forensics

Wireshark: Malware and Forensics

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 52m | 301 MB

Security devices on a network scoop up traffic and then analyze the field values to allow or deny specific traffic. As smart as the devices are, there are times when some threats slip through the cracks. Wireshark is a free protocol analysis tool that is used to baseline a network, actively monitor changes, identify common attack signatures, build firewall rules, detect issues, and quickly remove threats from the network. This course covers how to use Wireshark for deep packet analysis, capturing, and forensics. Learn how to keep your networks secure against malware and cyberattacks by implementing solutions that detect and handle unusual traffic.

Topics include:

  • Trends in cyberattacks
  • Preventing system compromise
  • Analyzing packets
  • Using Wireshark
  • Creating firewall rules
  • Baselining a network
  • Using capture filters
  • Using a ring buffer
  • Handling OSI layer attacks
  • Identifying attack signatures
  • Using VirusTotal
  • Handling unwanted TOR activity
Table of Contents

Introduction
Welcome
What you should know

Deep Packet Analysis
Create firewall rules
Cyberattacks and trends
Malware and compromised systems
Packet analysis overview
Tap into your network
Tshark
Wireshark overview

Capture Overview
Baseline your network
Capture filters
Challenge – HTTP packets
Coloring rules
Display filters
Save, export, and print
Solution – HTTP packets
Statistics
Using a ring buffer

Unusual Traffic
Attack signatures
Challenge – Analyze
Indications of compromise
OSI layer attacks
Ports related to malicious activity
Solution – Analyze
Using VirusTotal

Case Studies
Challenge – Packets and filters
Fast flux DNS
Solution – Packets and filters
Trojan in the house
Unwanted TOR activity

Conclusion
Next steps

Download