Network Forensics and Incident Response with Troy Wojewoda
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes a certificate of completion
- 12 months access to Cyber Range
This course covers incident handling fundamentals, attacker methodologies, network protocol abuse detection, hands-on network packet analysis, Zeek scripting, flow data analysis, and real-world attack scenarios.
Incident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts.
From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.
Who Should Take This Course
- Incident Responders
- SOC Analysts
- Digital Forensic Investigators
- Network Threat Hunters
- Information Technology/Security enthusiasts wanting to expand their knowledge on network traffic analysis
Audience Skill Level
- Familiarity with the OSI and TCP/IP models
- General understanding of common network protocols found in enterprise environments (DNS, HTTP, SMTP, etc.)
- 1-2 years of experience in network/security operations, incident response, or threat hunting
Student Requirements
The following prerequisites are recommended for students to successfully complete all of the hands-on exercises (labs):
- Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Ubuntu
- Students should be comfortable opening network packet capture files with tools like Tcpdump, Wireshark/Tshark
- Students should be comfortable installing and running virtual machines on their computer
- Although programming experience is not a requirement, students should be comfortable editing and running scripts such as Bash and Python
What Each Student Should Bring
- A laptop (see “System Requirements” for details)
Students will need to have all of the following resources to participate in all of the hands-on exercises (labs):
- High-speed Internet sufficient for participating in a video conference/webinar
- A computer with a minimum of 8GB RAM, 100GB of free disk space
- System must be able to run an Ubuntu 20.04 LTS 64-bit VM with the following minimum specs: 4GB RAM, 60GB disk space, 2 virtual processors
- VMWare Workstation/Player 16.x OR VMWare Fusion 12.x
There are no scheduled live dates for this course at this time. Private training may be available.
On Demand Training
-
Train at your own pace with no set course schedule
-
Access to all course resources, including slides and VMs
-
Subject Matter Expert support through Discord
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge