Description
Threat Hunting with Wireshark for SecOps Course. The field of cybersecurity has grown tremendously in the last few years. With each new breach, we realize how important analytics skills have become for detecting, containing, and protecting networks. Wireshark is one of the most important tools in the toolbox for detecting threats, identifying unusual behavior, and analyzing malware behavior. You just need to know how to use it. In this course, we will dive deep into traffic flows to learn how Wireshark can be used to analyze the different steps in the cyber kill chain. This is a hands-on lab course with lots of practical skills where you can learn:
- Create a security profile
- Filter to detect unusual traffic patterns
- Analysis of scanning activity
- Malware analysis
- How to recognize data mining
- Find traffic from unusual sources with GeoIP
- Analysis of a brute force attack
- Learn how to analyze network traffic, an important skill for all cybersecurity professionals
- Don’t wait for alerts from your IDS/IPS systems to look for threats in network traffic
- Capture, analyze and isolate suspicious traffic and signs of compromise with Wireshark
What you will learn in the Threat Hunting with Wireshark for SecOps course
- Where can you look for threats on the Internet?
- How NMAP scans and other reactivation tools work
- How attackers move laterally and exploit network vulnerabilities
- Quickly analyze network traffic to identify NMAP scanning activities.
- Analyze malware behavior and identify signs of compromise
- Isolating traffic patterns across all phases of the MITRE ATT&CK framework and cyber kill chain
This course is suitable for people who
- This course is intended for network engineers or SOC analysts who are responsible for analyzing traffic using Wireshark.
- Beginners will learn how to familiarize themselves with the Wireshark interface and what attacks look like in packets.
- Advanced/sophisticated analysts will use new tips to quickly identify and isolate suspicious traffic.
Threat Hunting with Wireshark for SecOps Course Specifications
- Editor: Oreilly
- Teacher: Chris Greer
- Training level: beginner to advanced
- Training duration: 8 hours
Course headings
Prerequisites for Threat Hunting with Wireshark for the SecOps course
- Familiarity with networking concepts: routing, switching, firewalls, and the basics of how packets flow through a network. It is not necessary to have CCNA experience, but would be a good starting point.
Course structure
- Download Wireshark from wireshark.org
Recommended preparation
- Join us: TCP/IP Deep Dive with Wireshark for NetOps and SecOps by Chris Greer
- Read: Wireshark Basics: A Network Engineer’s Guide to Analyzing Network Traffic by Vinit Jain
Recommended follow-up
- Read: CCNA 200-301 Official Cert Guide Library by Wendell Odom
- Watch: CCNA 200-301 by Kevin Wallace
- Check out: CompTIA Security+ SY0-601 by Sari Green
Course pictures
Sample video of the course
installation Guide
After extracting, you can watch it with your favorite player.
Subtitles: None
Quality: 720p
Download link
free download software
Size
3.2GB