|
|
|||
|
||||
OverviewFull Product DetailsAuthor: Kevin CardwellPublisher: APress Imprint: APress Edition: 1st ed. Weight: 0.905kg ISBN: 9781484292907ISBN 10: 1484292901 Pages: 462 Publication Date: 13 April 2023 Audience: Professional and scholarly , Professional & Vocational Format: Paperback Publisher's Status: Active Availability: Manufactured on demand We will order this item for you from a manufactured on demand supplier. Table of ContentsChapter 1: Customization of the Wireshark Interface Chapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis No of pages - 18 Sub -Topics 1. Identifying columns to delete from the default displays 2. Adding the source and destination ports for easy traffic analysis 3. Specialty column customization for malware analysis Intrusions Chapter 2: Capturing Network Traffic Chapter Goal: Setup a network capture in Wireshark No of pages: - 24 Sub - Topics 1. Prerequisites for capturing live network data 2. Working with Network Interfaces 3. Exploring the network capture options 4. Filtering While Capturing Chapter 3: Interpreting Network Protocols Chapter Goal: A deep understanding of the network protocols at the packet level No of pages : 30 Sub - Topics: 1. Investigating IP, the workhorse of the network 2. Analyzing ICMP and UDP 3. Dissection of TCP traffic 4. Reassembly of packets 5. Interpreting Name Resolution Chapter 4: Analysis of Network Attacks Chapter Goal: Understand the hacking mindset and leverage that to identify attacks No of pages: 30 Sub - Topics: 1. Introducing a Hacking Methodology 2. Examination of reconnaissance network traffic artifacts 3. Leveraging the statistical properties of the capture file 4. Identifying SMB based attacks 5. Uncovering HTTP/HTTPS based attack traffic Chapter 5: Effective Network Traffic Filtering Chapter Goal: Use of the complex filtering capability of Wireshark to extract attack data No of pages: 35 Sub - Topics: 1. Identifying filter components 2. Investigating the conversations 3. Extracting the packet data 4. Building Filter Expressions 5. Decrypting HTTPS Traffic Chapter 6: Advanced Features of Wireshark Chapter Goal: A fundamental review and understanding of the advanced features of Wireshark No of pages: 35 Sub – Topics: 1. Working with cryptographic information in a packet 2. Exploring the protocol dissectors of Wireshark 3. Viewing logged anomalies in Wireshark 4. Capturing traffic from remote computers 5. Command line tool tshark 6. Creating Firewall ACL rules Chapter 7: Scripting and interacting with Wireshark Chapter Goal: Using scripts to extract and isolate data of interest from network capture files No of pages: 30 Sub – Topics: 1. Lua scripting 2. Interaction with Pandas 3. Leveraging PyShark Malware Chapter 8: Basic Malware Traffic Analysis Chapter Goal: Develop an understanding of the different stages of a malware infection No of pages: 36 Sub – Topics: 1. Customization of the interface for malware analysis 2. Extracting the files 3. Recognizing URL/Domains of an infected site 4. Determining the connections as part of the infected machine 5. Scavenging the infected machine meta data 6. Exporting the data objects Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic Chapter Goal: Identify the encoding or obfuscated method in network traffic No of pages: 40 Sub – Topics: 1. Investigation of njRAT 2. Analysis of Wanna Cry 3. Exploring Cryptolocker 4. Dissecting TRITON 5. Examining Trickbot 6. Understanding exploit kits Chapter 10: Dynamic Malware Network Activities Chapter Goal: Review and understand malware network activity as it happens No of pages: 40 Sub – Topics: 1. Setting up network and service simulation 2. Monitoring malware communications and connections at run time and beyond 3. Detecting network evasion attempts 4. Investigating Cobalt Strike Beacons 5. Exploring C2 backdoor methods 6. Identifying Domain Generation Algorithms Forensics Chapter 10: Extractions of Forensics Data with Wireshark Chapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence No of pages: 30 Sub – Topics: 1. Interception of telephony data 2. Discovering DOS/DDoS 3. Analysis of HTTP/HTTPS Tunneling over DNS 4. Carving files from network data Chapter 11: Network Traffic Forensics Chapter Goal: An understanding of extraction of potential forensics data No of pages: 30 Sub – Topics: 1. Isolation of conversations 2. Detection of Spoofing, port scanning and SSH attacks 3. Reconstruction of timeline network attack data 4. Extracting compromise data Chapter 12: Conclusion Chapter Goal: Review and summary of covered content No of pages: 10ReviewsAuthor InformationKevin Cardwell is an Instructor, Curriculum Developer, Technical Editor and Author of Computer Forensics, and Hacking courses. He is the author of the EC Council Certified Penetration Testing Professional, Ethical Hacking Core Skills, Advanced Penetration Testing and ICS/SCADA Security courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is the author of Defense and Deception: Confuse and Frustrate the Hackers, Building Virtual Pentesting Labs for Advanced Penetration Testing 1st and 2nd edition, and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and an MS in Software Engineering from the Southern Methodist University (SMU) in Texas. Tab Content 6Author Website:Countries AvailableAll regions |