What you'll learn

How to read a packet capture and confidently explain it to someone else
Wireshark (Basics and Expert Usage)
Suricata (command line)
Bro\Zeek (command line)
tcpdump
A deep understanding of Computer Networking
How to respond to advanced threat actor attacks at the packet layer

Course content

5 sections • 27 lectures • 3h 25m total length

TCP/IP vs OSI/Model4:10
It's hard to really make sense out of Wireshark data unless you have a firm understanding of Networking Basics. So instead of just throwing you into a tool and saying, "Here's how it works!" I wanted to give you a solid foundation about how computer networks work. In this quick lecture I kick things off by explaining the two networking models, TCP/IP and OSI Models. You'll learn how they differ, how TCP/IP won the day but why the OSI Model is still relevant for understanding PCAPs!
Application Layers6:32
So what's up with the Application Layer? Let's say you're using Chrome to view this video on your mobile phone. Is the Application Chrome or HTTPS? Try to guess and then test your answer against the knowledge you'll gain in this lecture! Let's go!
Transport Layer9:12
Yes! Now it's time to quickly get up to speed with the Transport layer (pun intended!.. up to speed.. transport...) lol okay anyway in this lecture you're going to learn all about the layer that makes Wireshark smile. After finishing this video lesson you'll have a pretty solid understanding of why we need the transport layer. We'll even dig into the Windows command line so I can show you some handy tricks understanding what happens at this layer.
Network Layer2:21
This is a super fast review of the Network Layer. Keeping things light and simple so that things don't get too overwhelming with the Data Link layer :)
Data Link + Physical Layers10:56
So in the last lecture we learned that IP addresses help us move packets end-to-end. But, if that's the case, what's the point of a MAC address? What would happen if we just left those off, couldn't the packet still get to where it needs to go? Ha! You're about to find out! This lecture is critical, probably one of the most important in the entire course so you definitely need to listen closely! I can't wait to see you inside buddy.
End-to-End Communication: Putting it Together (Part 1)5:49
Now I want to connect the dots to help you see the big picture: from clicking a button in your browser to viewing the results.. what happens in between with DNS? What happens across the various TCP/IP and OSI layers? You're about to find out! Let's jump in.
End-to-End Communication: Three Way Handshake3:32
The three way handshake. Yes, we all have heard of SYN, SYN/ACK, ACK but what exactly does that mean? In this quick lecture I'm going to lay out the purpose behind this secret computer handshake and break down exactly what it does and why we need it. This is a perfect lecture to take if you really want to wow your interviewer! :)
End-to-End Communication: Putting it Together (Part 2)3:59
Now it's time to wrap up the entire network communications process. I really wanted you to have a confident grasp of network communications before we busted open Wireshark. Why? Because anyone can use a tool and click through a GUI, but understanding the protocols and network behavior being displayed in the tool will truly set you apart and make you an invaluable asset to any organization! So let's go, we are just one lecture away from running our first Wireshark capture! Yes!
Wireshark: First Dive!7:52
Aww yeah! Yes! Yes! Yes! This is where stuff starts to get good. In this lecture we're going to install Wireshark, fire up our browser and then take a nosedive right into the packets. You're going to see the OSI and TCP/IP models at work right before your eyes! We're going to break down the three-way handshake inside the packets. You'll see the ACKs and SYNs and all that good stuff and I'll break down the sequence numbers in even more detail. You'll also see DNS queries and answers and oh man... there's so much goodness in this lecture... let me stop talking and give you a moment to jump in and taste how good this is! Let's GO!!

Wireshark Basics: Capture Filters7:37
Ok let's start with capture filters, explaining the differences between capture filters and display filters and showing you a few power user tricks for managing your data output. It's about to get REAL. Let's go!
Wireshark Basics: Protocol Dissectors5:28
When I first started learning about Wireshark I had no idea this thing called dissectors even existed! In this lecture we'll zero our focus on dissectors. You'll learn what they are, what they do and a little bit of caution you should keep in mind when using them! Let's start shall we?
Wireshark Basics: Navigation6:51
Now it's time to make you a bit more comfortable with the Shark! I'm going to show you how to pet him without getting bit! Let's go!
Wireshark Basics: Exporting Objects11:31
So you've got your capture going and now you want to see dump captured content... how do you do that? In this lecture I'm going to show you how to use Wireshark to Export Objects. And! As an added bonus I'm going to show you how to view objects in another tool called Network Miner! Let's do this!
Wireshark Advanced: Display Filter Hacks7:44
Now it's time for the good stuff. In this lecture we're going to import real malware into our Wireshark lab. To be more specifically, we're going to perform network forensics on the QakBot banking trojan which dropped a Cobalt Strike beacon payload on patient zero. Don't worry I'll explain EVERYTHING in this lecture. We'll start twisting and turn the data in Wireshark, building custom display filters, analyzing network conversations and more! It's going to be blast guys so let's jump right in!
Wireshark Advanced: Display Filter Hacks 2!13:18
What! What! More hacks coming at ya. In this lecture I'm going to show you a TON of practical display filter hacks for maximizing Wireshark productivity. By the end of this lecture you'll be slicing and dicing your way through packets like a packet connoisseur! Ninja stance ready... let's go!
Wireshark Advanced: Threat Hunting Profiles7:48
Oh man, this is the moment you've been waiting for: Profiles. In this lecture I'll explain what Wireshark profiles are and then I'll walk you through the step-by-step process of tuning and saving custom profiles for specific threat hunting use cases. It's going to be a ton of fun... oh and as an added bonus: we're going to investigate an incident against a Cobalt Strike malleable C2 beacon masquerading as legit Amazon traffic! If you don't know what that means, don't worry! It's about to make sense! Let's jump right in.
Wireshark Advanced: Threat Hunting Profiles 210:06
Level up baby! We are going to continue building out our threat hunting profile in Wireshark. I'm going to show you how to convert specific hunting related fields to columns (and even advanced tricks such as how to merge columns, you'll see WHY we want to do that in this lecture). You'll also learn advanced tactics for filtering your data. Yes, that's right more display filter hacks! I'll also show you a few handy profile secrets that will make your Wireshark experience a lot more pleasurable! Are you ready for this like I am? I hope so! Let's go!!
Wireshark Advanced: Threat Hunting Profiles 36:14
Now that we have our web hunting profile created let's create a DHCP hunting profile. Why? Well DHCP provides a lot of useful data for mapping source IP addresses to hostnames and Layer 2 MAC Addresses. So in this lecture we'll create and tune our DHCP threat hunting profile and then flip between both the Web and DHCP profiles to show you the speed and agility you can have with this advanced Wireshark tactic! This is a pretty short video lesson so consider it your chance to get a quick win!
Wireshark Advanced: GeoIP!!!11:57
Imagine if you could level up your PCAP analysis by seeing the country, city and ASN information related to a specific source or destination IP? Is there a way to do that? You could then filter out non-US countries or filter to show only traffic from a specific country and BAM! Your dataset would instantly update helping you quickly find evil in your PCAPs! You're about to discover the magic of GeoIP baby... and it's awesome. Let's do this!

Using Wireshark with Brim!5:24
Yes! Oh man... okay so now I'm going to show you how to take your Wireshark capabilities to stratospheric heights. Brim. Have you heard of this awesome tool? Wireshark is awesome but when you combine it with the awesomeness of Brim it becomes irresistible. Come inside this lecture and let me show you the beautiful marriage of Brim and Wireshark!
Installing Brim (and a slight concern!)5:08
So one of the things you'll notice when installing Brim is that.... well things are a little weird. But don't worry I'll walk you through the weirdness in this lecture and quickly get you into the user interface! Let's go!
Navigating the Brim UI3:55
So before we just jump right into Brim we need to orient ourselves a little bit! In this lecture I'll give you a super fast overview of the user interface so we can begin threat hunting in the next lecture! Yes!
Investigating Malware with Brim13:16
Yup - here it is! We are going deep sea diving into the packets and are about to go swimming with sharks and Brim! In this lecture I'm going to show you how to pivot to PCAPs, extract Indicators of Compromise, filter results, run threat hunting queries, run statistics on the dataset to quickly find anomalies and more! This is by far my favorite lecture in the course up until this point! Let's not waste any more time baby!!
One more thing: PacketTotal.com4:13
Before we wrapped this section up and get into some Red Teaming fun, I wanted to show you one more tool you might find useful: PacketTotal. Let's take a quick look and then blast our lab box with some malware so we can study the packets!

Wireshark + Brim Incident: Investigating a Covenant C2 Breach!15:04
Now we are going to compromise our lab user with a spear phishing email, gain code execution with our Covenant C2 grunt payload and then establish a remote C2 channel with the victim (all while capturing the packets!). Then in the next lecture, we'll feed it into Brim and Wireshark to see what we can learn about the attack and determine the best detection and deterrent methods in case the threat actors strike again!
This is by far my favorite collection of lectures in the entire course because you're going to learn how attackers weaponize Word documents, construct a social engineering pretext and gain initial access into victim environments. And the best part!? Our endpoint is instrumented with Powershell logging and Sysmon! It's going to be amazing guys! Let's get started.
Wireshark + Brim Incident: Understanding the Covenant C2 Breach15:45
We're going to wrap our incident by showing you the advanced capabilities a threat actor has at his disposal with Covenant. You're going to see how threat actors can use Covenant listener profiles to masquerade their C2 channel as Amazon, Gmail and even MSNBC traffic. We even going to do some light static code analysis on the Github repository to find detection indicators! Then we're going to see the awe and wonder of Brim as it let's us quickly cut through the packets and extract evil. I can hardly wait to show you guys!!! Man, let me stop the gushing and just show it off to you all! LETS GO!

Requirements

None

Description

All New For Spring\Summer 2021!

This is the course I wish I had when I was learning about how computer networks work!

You're going to not only learn how to MASTER Wireshark but also gain a deep understanding of computer networks so you can troubleshoot common networking issues and rapidly respond to cybersecurity breaches when a computer gets hacked!

This is the perfect course for anyone who wants to gain true mastery over Wireshark, finally understand how networks work, how to diagnose common network related issues and respond to advanced threat actors who may be in your network. We'll cover some pretty advanced attacks hackers are using to breach organizations and I'll show you how you can use Wireshark, Brim, Suricata, Bro/Zeek and more to bolster your security and keep the bad guys out!

This is a hands on course. It also includes packet captures files you can load into Wireshark and immediately start learning. As always if you have any questions just hit me up on my email address and I’ll be sure to respond (or leave a comment and I’ll jump in and answer your questions!)

We will also be setting up everything in a private local lab so you have complete freedom to experiment and learn.

It's going to be a lot of fun! Let's go! Right! Now!

Yes!

Who this course is for:

Beginning to Intermediate SOC Analysts
Network Operations Center Analysts
Incident Responders
Threat Hunters
Red Teamers
Penetration Tester
Ethical Hackers

What you'll learn

Explore related topics

Course content

Networking Basics9 lectures • 54min

Mastering Wireshark10 lectures • 1hr 29min

Beyond Wireshark5 lectures • 32min

Red Teaming Fun2 lectures • 31min

BONUS SECTION: THANK YOU!!!1 lecture • 1min

Requirements

Description

Who this course is for: