Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.

Prerequisites

Detailed knowledge of networking protocols, including TCP/IP, DNS, and HTTP. Familiarity with Wireshark and the Unix/Linux command line.

The CYRIN Packet Capture Analysis and Manipulation exercise is recommended before starting this exercise.

Expected Duration

3 hours, self-paced. Pause and continue at any time.
3 CPEs awarded on successful completion.

Availability

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises and Instructional Labs
  • Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
  • Attack, Defense, and System Administration Exercises Package
  • Cyber Defense Analyst 2
  • Vulnerability Assessment Analyst 2
  • Cyber Defense Forensics Analyst 2
  • Law Enforcement/Counterintelligence Forensics Analyst 2
  • Cyber Defense Incident Responder
  • Cyber Defense Infrastructure Support Specialist 2
  • Exploitation Analysis 2 NICE Specialty Area Package
  • Cyber Operations NICE Specialty Area Package
  • Digital Forensics NICE Specialty Area Package
  • Incident Response Package
Live Exercise