Course Name: Practical Packet Analysis

Trainer Name(s): Chris Sanders (@ChrisSanders88)

Course Description: It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated into several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands-on visual experience capturing, dissecting, and making sense of packets.
Practical Packet Analysis takes a fundamental approach by exploring the concepts you need to know without all the fluff that is normally associated with learning about network protocols. Everything you’ll learn is something you can directly apply to the job you have or the job you want. The ability to understand packets is a critical skill for network engineers, system administrators, security analysts, forensic investigators, and programmers alike. This class will help you build those skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises.
The Practical Packet Analysis course is perfect for beginners to intermediate analysts, but seasoned pros will probably learn a few useful techniques too. Whether you’ve never capture packets before or you have and you struggle to manipulate them to effectively achieve your goals, this course will help you get over the hump.
Topics Covered in Class:
• How networking works at the packet level.
• How to interpret packet data at a fundamental level in hexadecimal or binary.
• Basic and advanced analysis features of Wireshark.
• How to analyze packets on the command line with tshark and tcpdump.
• Reducing capture files with Berkeley packet filters and Wireshark display filters.
• Techniques for capturing packets to make sure you’re collecting the right data.
• How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
• How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
• Normal and abnormal stimulus and response patterns for common protocols.
• Troubleshooting connectivity issues at the packet level.
• Techniques for carving files from packet streams.
• Understanding network latency and how to locate the source.
• How common network attacks are seen by an intrusion detection systems.
• Techniques for investigating security alerts using packet data.
• How malware communicates on the network.


Course Name: Security Onion Basic Course 4-Day

Trainer Name(s): Security Onion (@SecurityOnion)

Course Description: Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, NetworkMiner, Elastic Stack, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Topics Covered in Class:
  • Network Security Monitoring (NSM) methodology
  • Security Onion Installation
  • Configuration
    • Setup Phase 1 – Network configuration
    • Setup Phase 2 – Service configuration
    • Evaluation Mode vs Production Mode
    • Verifying services
  • Analyzing Alerts
    • Replaying traffic
    • 3 primary interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting between interfaces
    • Pivoting to full packet capture
  • Hunting – Using Kibana to slice and dice logs
  • Bro
    • Introduction
    • Bro Programming Language
    • Bro-IDS
    • Bro Logs
    • Bro Scripts
    • ShellShock Detector Module
    • Bro Intel Framework
  • Production Deployment
    • Advanced Setup
    • Master vs sensor
    • Node types – Master, Forward, Heavy, Storage
    • Command line setup with sosetup.conf
    • Architectural recommendations
    • Sensor placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to disable rules
    • BPFs to filter traffic
    • Spinning up additional Snort/Suricata/Bro workers to handle higher traffic loads
  • Case Studies
    • 1-2 Case Studies on Day 1
    • 1-2 Case Studies on Day 2
    • 2-4 Case Studies on Day 3
    • 3-4 Case Studies on Day 4
  • Wrap-up/Q&A


Course Name: Practical Web Application Penetration Testing – PWAPT

Trainer Name(s): Tim Tomes (@lanmaster53)

Course Description: PWAPT provides comprehensive training on the latest open source tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best tools currently available for the specific steps of the methodology, including Burp Suite Pro, and taught how to integrate these tools with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end, an oversight in most web application penetration testing courses. The end result is an individual with the confidence and skill set to conduct consultative web application penetration testing engagements.
The majority of the course will be spent performing an instructor led, hands-on web application penetration test against a target application built specifically for this class using a modern technology stack (Python Flask and React) and including real vulnerabilities as encountered in the wild. No old-school vanilla PHP stuff here folks. Students won’t be given overly simplistic steps to execute independently. Rather, at each stage of the test, the instructor will present the goals that each testing task is to accomplish and perform the penetration test in front of the class while students do it on their own machine. Primary emphasis of these instructor led exercises will be placed on how to integrate the tools with manual testing procedures to improve the overall work flow. This experience will help students gain the confidence and knowledge necessary to perform web application penetration tests as an application security professional.
PWAPT is a PortSwigger preferred Burp Suite Training course. PWAPT students will learn basic and advanced usage techniques for Burp Suite Pro, as well as discover obscure functionality hidden within the vast capabilities of the tool. Students will also receive a ~2 week trial license for Burp Suite Pro to use during and after the course.
For additional insight into the origin, mission, and benefits of PWAPT, listen to my interview with Timothy De Block for the Exploring Information Security podcast on the topic of “What is Practical Web Application Penetration Testing?”
Topics Covered in Class:
  • Methodology
  • Reconnaissance
  • Mapping
  • Content Discovery
  • Vulnerability Discovery
  • Exploitation
  • Web Services
  • Advanced Burp Usage