Network Security Analysis Using Wireshark, Snort, and SO

This video provides a quick introduction to the course. The following labs are 100% hands-on and highly technical. Please be prepared to install and configure the necessary software to follow along. This will help you receive the maximum benefit of taking this course. Here's an overview of the labs. Please note that labs 3 and 4 are broken down into two parts due to their length:

Lab 1: Installation/Configuration of Virtualbox and Security Onion

Lab 2: Analyzing Network Traffic - Malware Infection

Lab 3: Analyzing Network Traffic - Brute Force Attacks

Lab 4: Analyzing Network Traffic - Exploitation with Metasploit

Lab 5: Analyzing Network Traffic - Policy Violations

The written quizzes for this class are as follows:

Quiz 1: Lab 2 Questions

Quiz 2: Lab 3 Questions

Lab 1 will provide a step-by-step demonstration of how to set up a Security Onion virtual machine using VirtualBox as a software hypervisor. 

Lab 2 will cover the analysis of network traffic discovered from a real malware infection. Techniques that are covered will include PCAP analysis with Wireshark, IDS alert analysis with Snort, and the utilization of open source threat intelligence. This class includes a multiple choice quiz, and incident report write up to reinforce its concepts.

Lab 3 covers the analysis of brute force attacks, utilizing Wireshark, Snort, and Tcpdump. We will also be installing and configuring Kali Linux in order to simulate brute force attacks, and cover basic penetration testing tools (Hydra, Burpsuite, etc.). Due to the length of this lab, it is going to be broken down into two sections. This lab contains a quiz to reinforce its concepts.

P.S., it is notable to add that the SSH traffic observed within the PCAP could not yield the conclusion that a successful authentication was made. This was known due to the visibility, given the perspective of the attacker. Due to the encryption, this could not be confirmed with the network traffic alone.

Part two of lab 3.

Lab 4 will cover how to install Metasploitable, which is an intentionally vulnerable Linux OS. Industry standard penetration testing tools will be utilized within Kali Linux (Metasploit, Armitage, Nmap, etc.) to simulate active exploitation over the wire. This lab will be broken down into two sections due to its length. There will be no quiz for this lab since it is shown from the attacker's perspective.

Part 2 of lab 4.

Lab 5 focuses upon policy violations, utilizing a custom Snort rule to demonstrate a violation of policy pertaining to plain text file transfer. Additionally, we'll cover TOR traffic, which is not permitted by many organizations and would therefore be seen as a policy violation. Since we're the one's who will be generating the traffic in this lab, there will be no quiz.

This lecture will show you how and where to download and configure the latest version of Kali Linux, 2020, which is tailor made for my Udemy course Hands-on Penetration Testing Labs 4.0. It's also being made available for all other courses, as the newest version has some slight differences which may make an impact.

This video will cover how to set up a Windows 7 Enterprise 32-bit virtual machine that is intentionally vulnerable to the eternalblue exploit. VirtualBox will be used as a software hypervisor to set it up.

This video will cover the exploitation of Windows 7 with Kali Linux, using an Eternalblue Python standalone exploit. To follow along with this tutorial, you'll need Security Onion, Windows 7 Enterprise 32-bit, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.

This video will show you how to install and configure Ubuntu Server 12.04 to be vulnerable to Heartbleed. VirtualBox will be used as a software hypervisor for this process.

This video will cover the exploitation of Ubuntu Server 12.04 using a Heartbleed Metasploit auxiliary module. To follow along with this tutorial, you'll need Security Onion, Ubuntu Server 12.04, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.