Malicious Network Traffic Analysis

Malicious Network Traffic Analysis Course Description

Duration: 5.00 days (40 hours)

Price: $3,495.00

There are a tremendous amount of network-based attacks to be aware of on the internet today and the number is increasing rapidly. You can’t defend against these lethal network attacks if you don’t know about them or if you’ve never seen what it looks like at the packet level. This course teaches you how to analyze, detect and understand all the network-based attacks that we could find being used today in modern network warfare.

From Layer 2 attacks against network devices through complex botnets and specific application vulnerabilities, this class will fulfill your desire to see what these attacks look like. We even show you how to detect attacks using Flow Analysis if you don’t have network packets to analyze or you only have statistical information at your disposal. We’ll use the popular protocol analyzer Wireshark and session analysis tool Netwitness alongside custom tools developed by ANRC networking experts to show you how to detect these network attacks and be prepared to handle them.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this Malicious Network Traffic Analysis Course

  • » Threat operation analysts seeking to have a better understanding of network based malware and attacks
  • » Incident responders who need to quickly address a system security breach
  • » Forensic investigators who need to identify malicious network attacks
  • » Individuals who want to learn what malicious network activity looks like and how to identify it

Back to Top

Course Prerequisites for Malicious Network Traffic Analysis

  • » Knowledge of IPv4 networking protocols is required
  • » Skills and experience with Wireshark display filtering is required
  • » Attending students should have a thorough understanding of Microsoft Windows
  • » Python scripting abilities would be beneficial
  • » Comptia's Network+ and Security+ certifications would be beneficial but not required

Back to Top

Malicious Network Traffic Analysis Course Objectives

  • » Strategic, Tactical, and Operational Analysis
  • » Situational Awareness
  • » Current Networking Trends in Malware
  • » IDS / IPS evasion techniques
  • » Flow Analysis to help identify malicious behavior
  • » Coordinated Attacks
  • » Botnets
  • » Browser Attacks (Javascript, Obfuscation)
  • » Drive-By-Downloads
  • » OSI Layer 2,3,4,5,6,7 Attacks
  • » Social Engineering and Phishing Attacks
  • » Tunneling and Advanced Tunneling

Back to Top

Malicious Network Traffic Analysis Course Outline

      1. Analyzing Reconnaissance
        1. What Constitutes Malicious Traffic?
          1. Malicious traffic generators
          2. Recent trends in Malware Networking
        2. Malvertising
        3. Drive-By-Downloads
        4. Social Network propagation
        5. Scareware
        6. Trusted site utilization
        7. Organized crime
        8. Social engineering / phishing
        9. Network Attack Lifecycle
          1. Reconnaissance Phase
          2. Attack Phase
          3. Proliferation Phase
        10. OSI Layerv Attacks
          1. User Layer Attacks
          2. Application Layer Attacks
          3. Presentation Layer Attacks
          4. Session Layer Attacks
          5. Transport Layer Attacks
          6. Network Layer Attacks
          7. Data Link Layer Attacks
          8. Physical Layer Attacks
        11. Targeted Attack vs. Large Scale Attack
        12. Network Intrusion Analysis Process
          1. Strategic Analysis
          2. Tactical Analysis
          3. Operational Analysis
          4. ANRC Network Intrusion Analysis Process
        13. Analytical Tools of the Trade
          1. IDS / IPS Technologies
          2. Flow Analysis Tools
          3. Network Flows Overview
          4. Protocol Analysis Tools
          5. Logs
          6. Other information sources
        14. Beginning Phase of Attacks
          1. Recon
          2. Types of Recon
        15. Social Engineering
        16. Visual Observation
        17. Search Engines
        18. Website Mining
        19. Network Tools
        20. Port Scanning
        21. Banner Grabbing
        22. Web Application Fuzzing
        23. NMAP Port Scans
        24. Host discovery
          1. TCP Ping Sweep
          2. TCP Connect Scan
          3. XMAS Tree Scan
          4. SYN Stealth Scan
          5. UDP Scan
          6. O/S Discovery Scans
        25. Lab: Netflow Analysis Tools Lab
        26. Wireshark Exercise Part 1
        27. Wireshark Exercise Part 2
        28. Identify the Reconnaissance #1
        29. Identify the Reconnaissance #2
        30. Identify the Reconnaissance #3
        31. Identify the Reconnaissance #4
        32. Identify the Reconnaissance #5
        33. Identify the Reconnaissance #6
        34. Identify the Reconnaissance #7
      2. OSI Layer Attach Types
        1. Vulnerability Discovery Phase
          1. Vulnerability Analysis Tools
          2. Vulnerability Analysis Detection
        2. User Layer Attacks
          1. Phishing
          2. Spear Phishing
          3. Whaling
          4. Social Engineering Emails
          5. User Layer Analyst Takeaways
        3. Application Layer Attacks
          1. Input Validation Attacks
          2. SQL Injection
          3. Brute Force Attacks
          4. Browser Attacks
        4. Drive-by-downloads
        5. XSS
        6. Flash, Active X, Javascript
          1. IE and Firefox Exploits
          2. Application Layer Analyst Takeaways
        7. Presentation Layer Attacks
          1. SMB MS08-067 study
          2. ASN Attack study
          3. Presentation Layer Analyst Takeaways
        8. Session Layer Attacks
          1. Man-in-the-middle (MITM)
          2. Arp Poisoning / Spoofing
          3. Session Layer Analyst Takeaways
        9. Transport Layer Attacks
          1. TCP Sequence Prediction
          2. TCP Redirection
          3. Denial of Service Attacks
          4. Tunneling
          5. Transport Layer Analyst Takeaways
        10. Network Layer Attacks
          1. ICMP Redirects
          2. DHCP Poisoning / Spoofing
          3. Network Layer Analysis Takeaways
        11. Data Link Layer Attacks
          1. ARP Poisoning
          2. ARP Poisoning One Way
        12. Physical Layer Attacks
          1. Theft
          2. Power Outages
          3. Loss of Environmental Control
          4. Unauthorized data connections
          5. Physical Network Taps
          6. Physical Network Redirection
        13. Lab: Identify the OSI Layer Intrusion #1
        14. Identify the OSI Layer Intrusion #2
        15. Identify the OSI Layer Intrusion #3
        16. Identify the OSI Layer Intrusion #4
        17. Identify the OSI Layer Intrusion #5
        18. Identify the OSI Layer Intrusion #6
        19. Identify the OSI Layer Intrusion #7
        20. Identify the OSI Layer Intrusion #8
        21. Identify the OSI Layer Intrusion #9
      3. Botnets
        1. Botnet History and Evolution
          1. Botnets 2003 to the present
          2. AgoBot
          3. Operation b49
        2. Botnet Architectures and Design
          1. Command and Control Structures
        3. Central
        4. Peer-to-peer
        5. Hybrid
          1. Lifecycle Stages
        6. Initial Infection
        7. Secondary Infection
        8. Malicious Activity
        9. Maintenance and Upgrade
        10. Malicious Uses
          1. Port Scanning
          2. Exploitation
          3. DNS Proxy (Fast Flux Service Networks)
          4. Web Services
          5. Spam Services
        11. Botnet Communications
          1. Botnet Recruitment
          2. Communication protocols
        12. IRC, P2P, HTTP/HTTPS
        13. Twitter
        14. ICMP
        15. DNS / DDNS
        16. Bot Evasion and Concealment
        17. Identification Challenges
        18. Fast Flux Service Network
        19. Double Flux Services
        20. Analysis Techniques
          1. Baselining Network Activity
          2. Situational Awareness
          3. Ingress and Egress SMTP and HTTP
          4. FFSN Activity
          5. Flow Analysis
        21. Black Energy Walkthrough
        22. Zeus Walkthrough
        23. Lab: Identify the Botnet #1
        24. Identify the Botnet #2
        25. Identify the Botnet #3
      4. Advanced Communication Methods
        1. Covert Communication Methods
          1. Data Exfiltration
          2. Command and Control
          3. Methods
        2. Tunneling
        3. Encryption
        4. Both Tunneling and Encryption
        5. Network Layer Tunneling – IPv6 Tunneling
        6. Incomplete support for IPv6
        7. IPv6 auto-configuration
        8. Malware that enables IPv6
          1. ICMP Tunneling
          2. Analyst Takeaways
        9. Transport Layer Tunneling
          1. TCP / UDP Tunneling
          2. Analyst Takeaways
        10. Application Layer Tunneling
          1. HTTP Tunneling
          2. DNS Tunneling
          3. DNSCat
          4. Analyst Takeaways
        11. Traffic Cloaking
          1. Using websites to conceal malicious activities
          2. Limited attribution
          3. Social Networking and Encryption benefits
          4. Cloud Computing Data Centers
        12. Lab: Find and decrypt the covert channel
      5. Student Practical Demonstration

Back to Top

Do you have the right background for Malicious Network Traffic Analysis?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Carmille A.
- Highly-skilled in graphics and web software including Adobe CS3, CS4 & CS5 Photoshop, Dreamweaver, Illustrator, InDesign, Captivate, Acrobat and Quark; - Expert in Microsoft Office, including Excel, Word and PowerPoint. Licensed Application Instructor and Microsoft Certified Trainer since 2000. - Over 20 years of experience as Creative Director for multinational corporations such as McCann Erickson, Lintas, and Publicis. Bio: Carmille has been a Licensed Application Instructor and Microsoft Certified Trainer for years. She specializes in web development, business productivity and digital media applications such as SharePoint, Quark and the Adobe Creative Suite as well as numerous programming languages including XML, XHMTL, HTML and CSS. Carmille is passionate about educating and has a unique talent for making complex design and development principals seem "easy" to students from all levels of expertise. She currently teaches Adobe Graphic and Web Designer, Microsoft Office Specialist, SharePoint End User and the acclaimed Website Development Professional courses at NetCom Learning. Her 20+ years of experience as Creative Director for multinational corporations bring a special and innovative approach to her classes at NetCom Learning.
Charles W.
- Expert in Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access as well as Adobe Graphic and Web Designer (InDesign, Acrobat, Photoshop, Illustrator, Dreamweaver and Flash Catalyst)
- Holds an A.A.S in Graphic Design as well as various Awards and Affiliations, including MCT, MCP, MCAS, and Office 2007 Master.
- Senior Lead Trainer for over 10 years.

Bio:

Charles is a Technical Trainer & Instructional Designer for over 10 years. He is a Microsoft Certified Trainer and dedicates himself to Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access. He is also an Adobe specialist and holds a degree in Graphic Design.

Charles is well known for his high evaluation scores, achieving 8.75 out of 9 on a regular basis, teaching in one-on-one, instructor-led, and web-based environments; one of the reasons for his high evaluation is his expertise in increasing personnel performance by developing and implementing programs constructed from the job task analysis process. Charles currently teaches Adobe Graphic and Web Designer, and Microsoft Office Specialist courses at NetCom Learning.
Donna H.
- High-skilled trainer and speaker. Delivered presentations in Dubai, Tokyo, London, New York, and China.
- ITIL V3 Expert, teaching ITIL courses since 2005. More than 99% of her students have passed their ITIL Certification exams.
- Process Improvement Expert with more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Bio:

Donna is an expert in project management and Process Improvement. Her amazing presentation skills have taken her around the world, giving arrangements in Dubai, Tokyo, London, New York and China to name a few. "The Donna", as she is known in the industry, has more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Donna holds ITIL V3 Expert Certification and offers training and consulting services through NetCom Learning on Process Improvement framework as well as the ITIL practitioner level suite of Lifecycle and Capability Stream certification courses. She began presenting ITIL classes in 2005, and 99% of her students have passed their ITIL Certification exams. Along with ITIL courses, she promotes best practices in the support center industry, focusing on customer service skills training, individual and support center certification, training and consulting, and process infrastructure improvement.
Ginger M.
- Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University.
- Over 9 years of experience as a Master Certified Trainer. Expert in MS Dynamics GP Financials, Installation, HR/Payroll, Project Accounting, Inventory and Integration Manager.
- Project Manager to various MS Dynamics Great Plains implementations.

Bio:

Ginger holds a Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University. Her career started as an Auditor for Deloitte & Touch and over the years she developed her passion for Microsoft Dynamics, implementing Dynamics GP and Project Cost in the Professional Services, Commercial Real Estate and Medical Facilities vertical markets.

Ginger's experience with Microsoft Dynamics is unparalleled. As a Certified Master Dynamics trainer, she stays abreast of the latest Dynamics modules and shares experience with a very hands-on training technique at NetCom Learning.
Hisham S.
- Masters Degree in Computer Science and several academic projects published over the years.
- Over 20 years of experience as a professor in local and foreign universities, and as a trainer focusing on Web Development.
- In-depth knowledge of programming, including MySQL, PHP, and AJAX.

Bio:

Hisham holds a Masters Degree in Computer Science, in addition to having more than 20 years of experience as a professor and a trainer. His proven expertise, including a position as a Professor of the Department of Computer Science at Minia University Egypt, and a Professor of the Department of Computer Science at City University of New York, in MySQL, PHP, and AJAX is beyond comparison.

As a NetCom Learning instructor, Hisham stays up to date with the latest news in Advanced Website Development. He shares his knowledge and experience in a very focused and clear way, which students find very enticing.
J Tom K.
- Software Developer and sought-after Microsoft Certified Trainer (MCT) with over 30 years of hands-on experience.
- Expert in Microsoft technologies: .NET Framework, C#, VB .NET, ASP .NET, XML Web Services, ADO .NET, SQL Server, SharePoint Portal Server, Content Management Server, Commerce Server, BizTalk, MSMQ, COM+, COM Migration to .NET and PocketPC development.
- Extremely knowledgeable and rated as excellent by NetCom Learning students.


Bio:

Tom Kinser is an accomplished Software Developer and sought-after Microsoft Certified Trainer (MCT). Tom is also an expert in successfully designing software, managing and training programmers for over 30 years.

Tom specializes in helping businesses, enterprises, and government agencies apply current technologies to solve their unique business problems. He accomplishes this via hands-on training in cutting-edge programming and database design techniques. Tom consistently delivers successful training engagements in both classroom and live-online settings and is rated as excellent by NetCom Learning students.
Joseph D.
- Highly-skilled Autodesk Certified Instructor; working with Autodesk Softwares since 1993.
- Expert in AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.
- Authored course materials for numerous Autodesk courses.

Bio:

Joseph is an Autodesk Certified Instructor specializing in developing and teaching Autodesk courses, with a working knowledge of such products as AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.

In addition to teaching and developing courses for the past 10 years, Joseph has authored course materials for many AutoDesk courses. He is also well versed in Inventor 8 and 9.

Joseph demonstrates a straightforward, down-to-earth teaching style in order to reach students at widely differing levels of expertise. His extensive product knowledge and exuberant teaching style makes Joseph a consistently highly rated instructor at NetCom Learning.
Michael G.
- Over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer.
- An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, as well as select Microsoft, Novell, CompTIA, Sun and CWNP courses.
- High-skilled and acclaimed instructor. Has trained over 900 students at Netcom Learning.

Bio:

Michael has over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer. An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, Michael also teaches select Microsoft, Novell, CompTIA, Sun and CWNP courses.

Michael's dedication and passion for teaching is unmatched. He has trained over 900 students at Netcom Learning since 2006 and his evaluation scores average 8.7 out of 9.
Paul B.
- Microsoft Office Specialist with over 14 years of training experience.
- Expert in the IT industry, working in the IT field since 1986.
- Highly rated instructor with an all-time average evaluation score of 8.7 out of 9.

Bio:

Paul is Subject Matter Expert specializing in the Microsoft Office Suite and SharePoint end-user technologies with more than 25 years of practical experience in the IT industry. He is also a Microsoft Certified Trainer (MCT) with over 14 years of training experience.

A sought-after instructor and eternal favorite among students, his instructor feedback scores are among the industry's highest at 8.7 out of 9.0. As a trainer, his knowledge and passion for the subject matter as well as his personable nature, excellent communications skills and sense of humor are implicit in every class. NetCom Learning is proud to have Paul on our roster of IT geniuses.
Ramesh P.
Ramesh holds a Masters Degree in Computer Science with specialization in Information Security and is pursuing his Doctoral degree in IT from the University of South Australia (UniSA). He is a one of a kind trainer - he has been working in the IT field since 1995 and is an expert in C#, VB.NET, ASP.NET, Java/J2EE, PL/SQL, VB, ASP, and XML technologies. Ramesh also has extensive experience developing and implementing BizTalk and SharePoint in large corporations, as well as more than 10 years experience working with Oracle and SQL server/Sybase databases. With more than 19 certifications, Ramesh is an IT guru and trainer with worldwide experience, which includes presentations and trainings across US, Asia, and Middle East. He is a full time instructor at NetCom Learning and we couldn't be happier in having him as one of our Subject Matter Experts.
Richard L.
- Over 20 years experience in the IT industry.
- CEH and Microsoft training for many government agencies, including the United States Department of Homeland Security, and the Federal Bureau of Investigation.
- CEH and Microsoft training for Fortune corporations such as Merrill Lynch and ADP.

Bio:

Richard is a premier Microsoft Certified Trainer and Certified EC-Council Instructor. He has over 20 years of experience as a network administrator, security consultant, vulnerability assessor, and penetration tester for assorted Fortune companies.

Richard??s knowledge on the development and implementation of policies and procedures concerning the security of network data is unsurpassed. He has conducted successful CEH and Microsoft training classes for many government agencies including the United States Department of Homeland Security, the Department of Justice and the Federal Bureau of Investigation, as well as Fortune enterprises such as Merrill Lynch and ADP.
Sam P.
- Team leader for the first undergraduate team to win the Duke Startup Challenge.
- Over 15 years of experience in the IT industry.
- NetCom Learning Instructor of the Year 2011.

Bio:

Sam Polsky has spent his entire career in entrepreneurial pursuits, including such fields as biotechnology, software development, data management, and business process management. He began in entrepreneurship as team leader for the first undergraduate team to win the Duke Startup Challenge, a business development competition geared towards Duke Universitys various graduate schools.

Sam Polsky has since co-founded a consulting firm where he has been involved in software architecture, development and implementation. On top of that, Sam has been delivering acclaimed solutions in software architecture, development and implementation for over 15 years. He is a much-admired Subject Matter Expert and Trainer at NetCom Learning and was voted NetCom Learning Instructor of the Year 2011
Jose P.
Jose Marcial Portilla has a BS and MS in Mechanical Engineering from Santa Clara University. He has a great skill set in analyzing data, specifically using Python and a variety of modules and libraries. He hopes to use his experience in teaching and data science to help other people learn the power of the Python programming language and its ability to analyze data, as well as present the data in clear and beautiful visualizations. He is the creator of some of most popular Python Udemy courses including "Learning Python for Data Analysis and Visualization" and "The Complete Python Bootcamp". With almost 30,000 enrollments Jose has been able to teach Python and its Data Science libraries to thousands of students. Jose is also a published author, having recently written "NumPy Succintly" for Syncfusion's series of e-books.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

The instructor did a great job keeping us on track. We covered a lot of material.

- Tony P.

Course(s) Taken

» Data Analytics with R Language

Very impressed with the instructor. I would take a course from him again.

- Lenny M.

Course(s) Taken

» Docker Administration and Operations Combo

The classroom environment was very good. The instructor was excellent.

- Bob D.

Course(s) Taken

» Docker Administration and Operations Combo

  More testimonials »  

Back to Top

Ways to contact us

Back to Top