
In this course John Strand introduces you to core networking fundamentals that are needed to understand packet capture and decoding using tcpdump and Wireshark, and understand packet crafting and analysis with Scapy.
Course Length: 16 Hours
Includes a Certificate of Completion
Next scheduled date:
Notify me when available
Description
In this course John Strand introduces you to core networking fundamentals that are needed to understand packet capture and decoding using tcpdump and Wireshark, and understand packet crafting and analysis with Scapy.
The course also covers Firewall log reviews, and explores the tools Zeek and RITA. You will explore connection times, beacons and even develop a Signal-to-Noise Ratio and then dive into Egress Capture, User Agent Strings and explore long tail anaysis. You’ll wrap up with unique and effective strategies to keep up with all the logging needed for effective Network Threat Hunting.
What You’ll Learn
-
Hands-on deep packet and protocol inspection using capture and analysis tools such as tcpdump, Wireshark, and Zeek.
-
Learn to identify suspicious behaviors such as long connections, beacons, denylisted communication, and other network anomalies.
-
Develop strong log analysis skills across firewall logs, Windows Event Logs, Active Directory logs, PowerShell logs, and Sysmon.
-
Gain experience using open-source threat hunting tools such as RITA, Security Onion, Zeek, Sysmon, and Velociraptor.
-
System Requirements
- A system with a browser and solid internet connection
FAQ
-
Those who need deeper network-based detection and hunting skills.
-
Analysts who want to move from reactive response to proactive threat hunting.
-
Admins who understand networking basics and want to detect malicious behavior across their environment.
-
Anyone responsible for building detections, tuning SIEM/IDS/IPS, or analyzing logs.
-
Learners who want hands-on packet analysis, logging, and threat detection experience.
After taking this course, students will:
-
Understand core network fundamentals, including IP/TCP/UDP headers, top ports, and the TCP handshake, to support effective threat hunting.
-
Learn to capture and analyze traffic using tools like tcpdump, Wireshark, and Zeek for deep packet and protocol inspection.
-
Identify suspicious behaviors such as long connections, beacons, denylisted communication, and other network anomalies.
-
Develop strong log analysis skills across firewall logs, Windows Event Logs, Active Directory logs, PowerShell logs, and Sysmon.
-
Use powerful open-source tools such as RITA, Security Onion, Zeek, Sysmon, and Velociraptor to perform practical, cost-effective threat hunting.
-
Strengthen email threat detection by recognizing spoofing, malicious URLs, dangerous attachment types, BEC scams, and other phishing tactics.
Intermediate
About the Instructor
John Strand
"Managing Intern for all things Black Hills Information Security"Bio
John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
Register for Upcoming
Intro to Network Threat Hunting in the Age of AI
On-Demand John Strand
Attention: This is not a phish!
Antisyphon Training accounts have moved to learning.antisyphontraining.com. Training purchases will now be directed to that site. You can trust us.
Related products
-
Multiple InstructorsLiveOD16 Hrs
Enterprise Security for All
View Course -
Giovanni CofréLiveOD16 Hrs
Professionally Evil ICS & OT Fundamentals
View Course This product has multiple variants. The options may be chosen on the product page -
Hal PomeranzLiveOD32 Hrs
Linux Forensics
View Course -
Joff ThyerLiveOD16 Hrs
Introduction to Python
View Course

