Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis

Focused View

Guillaume Ross

1:59:03

74 View

1 - Course Overview

1. Course Overview.mp4

01:36

2 - Preparing for Signature and Session Analysis

1. Introduction to Signature and Session Analysis.mp4

00:54

2. Prerequisites and Resources.mp4

02:05

3. Globomantics Threats and Network.mp4

02:10

4. Demo - Environments and Importing Packet Captures.mp4

05:53

5. Comparing Signature and Session Analysis.mp4

02:20

3 - Performing Signature Analysis with Snort

1. Getting Started with Session Analysis.mp4

04:25

2. Demo - Sample Session Analysis Signatures.mp4

13:03

3. Demo - Investigating Port Scans and File Downloads.mp4

14:16

4. Demo - TheHive Project and Investigation Next Steps.mp4

03:45

4 - Understanding Suspicious DNS and HTTP(S) Traffic with Bro

1. Introduction to Command and Control.mp4

02:16

2. Demo 1a - Kibana Bro Dashboards - DNS.mp4

05:30

3. Demo 1b - Kibana Bro Dashboards - HTTP.mp4

01:47

4. Demo 1c - Kibana Bro Dashboards - SSL.mp4

03:21

5. Demo 2 - DNS Metadata.mp4

05:26

6. Demo 3a - HTTP(S) Traffic.mp4

08:30

7. Demo 3b - Exploring Certificates.mp4

04:52

8. Demo 4 - Entering Details in The Hive Project.mp4

05:56

9. Summarizing DNS and HTTPS Session Analysis.mp4

02:02

5 - Analyzing Encrypted Sessions

1. Options for Analyzing Encrypted Traffic.mp4

04:41

2. Demo - Analyzing TLS Metadata to Detect Malware with JA3.mp4

06:39

6- Reconstructing the Attack and Improving Defenses

1. Piecing It Together.mp4

02:33

2. Demo - Reviewing Evidence and Evaluating Threats.mp4

04:12

3. Summary and Defensive Controls.mp4

02:03

7 - Wrapping Up

1. Next Steps.mp4

01:19

2. Methods and Threat Groups.mp4

01:48

3. Your Toolkit.mp4

02:45

4. Course Summary.mp4

02:56

Exercise Files

set-detecting-malicious-traffic-signature-session-analysis.zip

Description

Cyber attacks can take different forms and be performed by threat groups with different goals and methods. In this course, you will learn how signature and session analysis can be used to detect those attacks with network data.

What You'll Learn?

Cyber attacks evolve constantly, and detecting them requires the use of different techniques, some of which are more useful for specific scenarios than others. In this course, Security Event Triage: Detecting Malicious Traffic With Signature and Session Analysis, you will gain the ability to detect those attacks by leveraging signature and session analysis. First, you will learn how to detect attacks with common, detectable characteristics using signature analysis with tools like Snort. Next, you will discover how session analysis, with tools like Zeek and Kibana, can allow you to detect attacks by spotting suspicious behavior, in a way that is much harder to evade than simple signatures. Finally, you will explore how to detect suspicious patterns even in encrypted traffic, without the need to decrypt it. When you are finished with this course, you will have the skills and knowledge of signature and session analysis needed to detect attacks using network data.

This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Computer Forensics

Guillaume Ross

Instructor's Courses

Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.