Network Forensics for Incident Response
This is a two-day training. It takes place online on March 15 to 16, 2021.
A hands-on network forensics training that allows you to deep dive into analyzing captured full content network traffic in PCAP files. The training data is a completely new and unique data set captured during 30 days on an internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices.
We will analyze traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!
Each attendee will be provided with a free personal single user license of NetworkMiner Professional and CapLoader. These licenses will be valid for six months from the first training day.
Day 1 : Theory and Practice using Open Source Tools
Investigating spear phishing email with malware attachment
Using JA3 to analyze TLS/SSL encrypted traffic
Leveraging passive DNS to track C2 domains
Decoding C2 traffic from a RAT
Analyzing decrypted HTTPS traffic from a transparent TLS inspection proxy
Tracking lateral movement on the internal network
Investigation of botnet infection (TrickBot)
Analyzing exfiltration by an APT style attacker
Day 2 : Advanced Network Forensics using Netresec Tools
Analysis of a Man-on-the-Side (MOTS) attack similar to NSA’s QUANTUMINSERT and HackingTeam’s “Network Injection”.
Analyzing exploitation of insecure web server, web shell deployment and lateral movement into the corporate network.
Investigating a spear phishing attack with credential theft
Live TLS decryption lab
Who should attend this training
The training is built for blue teams, incident responders and SOC analysts, but can also be relevant for law enforcement investigators.
Confident using Linux command line tools. Basic knowledge if TCP/IP communications.
A PC running a 64-bit Windows OS (can be a Virtual Machine), 16GB RAM, 100GB free hard drive space and VirtualBox installed.