Log analysis - Detecting Web Attacks.

Focused View

Krapesh Bhatt

4:47:11

109 View

1. Introduction

1. Introduction.mp4

07:45

2. Course Structure.mp4

04:53

2. Module 1 - Introduction to log analysis

1.1 Module1.pdf

1. Introduction to Log Analysis.mp4

10:51

2. Typical use cases of Log Analysis.mp4

03:21

3. General web application architecture.mp4

03:46

4. HTTP Status codes & module outro.mp4

05:16

5. Module 1 Quiz.html

3. Module 2 - Introduction to Web Servers & their logging formats

1.1 Module2.pdf

1. Introduction to web servers.mp4

04:07

2. The Apache web server.mp4

13:13

3. Practical - Apache web server on Ubuntu server.mp4

04:26

4. Practical - Apache web server on Fedora server.mp4

02:22

5. The Nginx web server.mp4

05:25

6. Practical - Nginx web server on Ubuntu server.mp4

01:33

7. Practical - Nginx web server on Fedora server.mp4

01:11

8. Microsoft IIS web server.mp4

04:48

9. Practical - Microsoft IIS web server.mp4

00:54

10. SSH & FTP services logging & Module Outro.mp4

04:50

11. Module 2 Quiz.html

4. Module 3 - Setting up test environment & generating test logs

1.1 Attacker logs.zip

1.2 benign logs.zip

1.3 Download Virtualbox Hypervisor.html

1.4 Module3.pdf

1. Module Introduction.mp4

02:12

2.1 Metasploitable VM download link.html

2. Metasploitable Vulnerable machine setup.mp4

03:21

3.1 Kali linux VM download link.html

3. Importing Kali Linux VM in Virtualbox.mp4

02:24

4. Virtualbox - Bridged mode.mp4

02:00

5. Virtualbox - Host Only mode.mp4

03:29

6. Virtualbox - NAT mode.mp4

03:49

7. Virtualbox - NAT Network mode.mp4

03:18

8.1 Putty Download.html

8. Generating test traffic for SSH server.mp4

02:33

9.1 Download FileZilla.html

9. Generating test traffic for FTP server.mp4

02:42

10. Generating benign HTTP web traffic logs.mp4

05:03

11. Introduction to generation of malicious traffic.mp4

01:00

12. Generating traffic using nitko & nmap scanners.mp4

03:26

13. Generating traffic using OWASP ZAP, sqlmap & Commix.mp4

05:54

14. Generating form bruteforce & LFI attack traffic.mp4

03:36

15. Generating file upload vulnerabilities traffic.mp4

01:59

16. Bruteforce SSH & FTP services.mp4

02:30

17. Module Recap & End.mp4

02:25

5. Module 4 - Analyzing Logs

1.1 Module 4.pdf

1. Module Introduction.mp4

02:20

2. Theoretical concepts of log analysis - 1.mp4

05:36

3. Theoretical concepts of log analysis - 2.mp4

02:21

4. General architecture and tools of the trade.mp4

06:31

5. Log analysis in a text editor.mp4

09:38

6.1 Installation of Ubuntu server in virtualbox.html

6.2 Ubuntu server download link.html

6. Demo - Installation of Ubuntu server on Virtualbox.mp4

04:44

7.1 GoAccess Installation Download link.html

7.2 Run GoAccess.html

7. Installation of GoAccess tool on Ubuntu server.mp4

04:22

8.1 Copying files from linux to windows - How-to.html

8.2 PSCP tool download for windows.html

8. Importing logs to Ubuntu server & loading in GoAccess.mp4

02:59

9. Viewing logs in GoAccess and result discussion.mp4

08:24

10. Linking cloud-based tools with Ubuntu server.mp4

05:35

11. Setting up analysis filter for cloud-based log analysis tool.mp4

06:06

12. Setting up Log analysis tool on local system.mp4

04:16

13. Tool demonstration - 1.mp4

12:02

14. Tool demonstration - 2.mp4

08:51

15. Assignment Task.mp4

02:17

16. Module Recap & End.mp4

05:19

17. Module 4 Quiz.html

6. Module 5 - Best Logging Practices

1.1 Module 5.pdf

1. Module Introduction.mp4

01:37

2. Threat agents to logging.mp4

05:37

3. Insufficient logging attributes.mp4

02:39

4. Benefits of security logging.mp4

02:47

5. Logging Best practices - Introduction.mp4

03:19

6. Logging Best practices - 1.mp4

06:52

7. Logging Best practices - 2.mp4

08:08

8. Logging Best practices - 3.mp4

07:47

9. Logging Best practices - 4.mp4

05:24

10. Logging Best practices - 5.mp4

02:13

11. Logging Best practices - 6.mp4

02:18

12. Logging Best practices - 7.mp4

08:37

13. Logging Best practices - 8.mp4

02:20

14. Logging Best practices - 9.mp4

02:14

15. Module 5 Quiz.html

16. Module & Course End.mp4

03:36

Description

Learn web server log analysis and identify malicious traffic.

What You'll Learn?

Basics of web server, FTP, SSH logs and their common logging formats
Read and understand the log entries
Visualize and differentiate between normal and attack traffic
Identify common attacks like SQLi, XSS, Command Injection, LFI/RFI, Bruteforce, file uploads, etc.
Identify the possible source of the attack
Pin point a possible vulnerability in web application that forms an entry point for attack.
Common tools & techniques used for detecting attacks - Manual & automated

Who is this for?

Cyber Security professionals who want to learn to detect attacks from logs.

Network administrators wanting to develop basic skills for log analysis.

Application Developers - wanting to quickly detect security issues that might be occuring.

Students wanting to enhance their knowledge in log analysis.

What You Need to Know?

Basics of linux command line.

Installing & operating Virtualbox or similar virtualization platforms.

More details

Description
Some Important Questions.
Are you curious on how an attack pattern looks when a web application is under a malicious attack?
Are you interested in knowing the basics of attack detection and what tools and techniques are used when we want to detect an attack on a web application or an authentication service like SSH or FTP?
Do you want to develop a basic skillset on reading and deciphering the interesting information in logs & add value to your existing skills?
You could be an application developer, a network administrator, a security professional who would like to gain the skills to detect and pinpoint attacks by malicious actors and protect your web applications.

About the course
This course is designed with a sole purpose to educate learners about the immense value the web server and authentication logs or logs in general store and how the information in these logs can be helpful to detect any ongoing attack that your webserver or authentication service might be under. Or an attack that already have taken place.
This course explains the basics of web servers and how the logging is done on the web servers default logging locations. We also explain about the structure of logs & default logging locations for the widely used web servers - Apache, Nginx & Microsoft IIS. Authentication servers like SSH & FTP as these too often come under bruteforce attack.

Course teaching methodology
We focus on both theoretical & practical aspects of log analysis. So we work in both the ways - as an attacker who would try to attack the application / SSH / FTP services & a defender, who will analyse the logs using multiple tools and visualise how the logs of an application under attack can look like.
We setup a test environment with a victim machine and an attacker machine and generate both normal and malicious traffic and then use the generated logs to investigate the common attack pattern and learn the typicality of an attack and educate ourselves on how the attacks look in the logs and appreciate how logs store valuable information which is often overlooked.
This will ensure that learners will get hands-on experience on the concept of log analysis and utilise this basic skillset in their day-to-day security or administrative tasks & activities.
We also discuss about the best practices from multiple standard sources that can be implemented to ensure that the logging is done at an optimum level and stay vigilant.

By the end of the course, you will gain a foundational understanding on:
Grasp the basics of logging concepts, its importance and standard log formats & log storage location for web servers like Apache, Nginx & Microsoft IIS. Authentication services like SSH & FTP.
Identify the Malicious traffic that gets logged and ascertain if the application / service is under active attack or has been attacked and learn about the potential point of attack.
Gain a broad insight on best logging practices as per the OWASP guidelines and develop an understanding on ways in which you can implement a robust logging for your IT assets.
Gain an overall thought process for analysing any of the logs of system and troubleshoot and pinpoint an issue.
Who this course is for:
Cyber Security professionals who want to learn to detect attacks from logs.
Network administrators wanting to develop basic skills for log analysis.
Application Developers - wanting to quickly detect security issues that might be occuring.
Students wanting to enhance their knowledge in log analysis.

User Reviews

Rating

average 0

Total votes0

Focused display

Hello Everyone, I am a cyber security consultant & trainer, running my consulting firm - Evolution Info Secure. I have 8+ years of experience in Network & web application security, Incident response & training and served my clients from the Government, private & banking sectors and conducted vulnerability assessments and penetration testing for web applications and networks, incident & log analysis for various web applications and databases and helped clients to detect attacks on their web applications, networks as well as aided in detecting frauds and application abuse.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.