Network Security Analysis Using Wireshark, Snort, and SO
4.5 (23 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
202 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Network Security Analysis Using Wireshark, Snort, and SO to your Wishlist.

Add to Wishlist

Network Security Analysis Using Wireshark, Snort, and SO

Learn real technical skills from a real cybersecurity professional with 100% hands-on labs.
4.5 (23 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
202 students enrolled
Created by Jesse Kurrus
Last updated 5/2017
English
Current price: $10 Original price: $20 Discount: 50% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 1.5 hours on-demand video
  • 4 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • How to install and configure Virtualbox
  • How to install and configure Security Onion on Virtualbox
  • How to install and configure Kali Linux on Virtualbox
  • How to install and configure Metasploitable on Virtualbox
  • How to install and configure Wireshark
  • How to interpret Snort rules and analyze underlying packet captures
  • How to use Wireshark and Tcpdump to analyze malicious network traffic
  • How to use penetration testing / ethical hacking tools (Metasploit, Armitage, Burpsuite, Hydra, Nmap, etc.)
View Curriculum
Requirements
  • Basic TCP/IP Knowledge
  • Basic information security knowledge
  • Basic knowledge about packet captures
  • Basic operating system knowledge (Windows, Linux)
  • Basics IDS knowledge
  • PC or Laptop
  • Virtualbox, Security Onion, Kali Linux, Metasploitable (Free and Open Source Operating Systems)
Description

***LIMITED TIME OFFER: 50% off with coupon code TENDOLLARS****

***LIMITED TIME OFFER: 50% off with coupon code TENDOLLARS****

The labs in this course are 100% hands-on and highly technical. Please be prepared to install and configure the necessary software to follow along. This will help you receive the maximum benefit of taking this course. The tools we will be using during this course are Wireshark, Tcpdump, Snort, Burpsuite, Nmap, Tcpreplay, Virtualbox and more. Operating Systems used will be Security Onion, Kali Linux, and Metasploitable. The operating systems and software utilized are all completely free, and can be run on one system using Virtualbox.

We're also going to cover network security analysis with Wireshark and Tcpdump, intrusion detection system analysis with Snort and Squert, and ethical hacking and penetration testing with various tools on Kali Linux. The industry standard tools and methodology utilized in this course will expose you to hands-on skills that are necessary as a network security analyst, and cybersecurity professional in general. The quizzes include written questions, and a mock incident response report based upon findings.

Here's an overview of the labs. Please note that labs 3 and 4 are broken down into two parts due to their length:

Lab 1: Installation/Configuration of Virtualbox and Security Onion

Lab 2: Analyzing Network Traffic - Malware Infection

Lab 3: Analyzing Network Traffic - Brute Force Attacks

Lab 4: Analyzing Network Traffic - Exploitation with Metasploit

Lab 5: Analyzing Network Traffic - Policy Violations

The written quizzes for this class are as follows (attached to Lab 2 and 3 as text documents):

Quiz 1: Lab 2 Questions

Quiz 2: Lab 3 Questions

Who is the target audience?
  • Network Security Analysts
  • Security Analysts
  • Cybersecurity Students
  • Information Systems Security Students
  • IT Professionals
  • Cybersecurity Professionals
Students Who Viewed This Course Also Viewed
Curriculum For This Course
9 Lectures
01:33:11
+
Getting started
9 Lectures 01:33:11

Quick introduction to Professor Kurrus

Preview 01:44

This video provides a quick introduction to the course. The following labs are 100% hands-on and highly technical. Please be prepared to install and configure the necessary software to follow along. This will help you receive the maximum benefit of taking this course. Here's an overview of the labs. Please note that labs 3 and 4 are broken down into two parts due to their length:

Lab 1: Installation/Configuration of Virtualbox and Security Onion

Lab 2: Analyzing Network Traffic - Malware Infection

Lab 3: Analyzing Network Traffic - Brute Force Attacks

Lab 4: Analyzing Network Traffic - Exploitation with Metasploit

Lab 5: Analyzing Network Traffic - Policy Violations


The written quizzes for this class are as follows:

Quiz 1: Lab 2 Questions

Quiz 2: Lab 3 Questions

Preview 00:43

This lab will provide step-by-step instructions on how to install and configure Virtualbox and Security Onion, which is the primary technology used for the remainder of this course.

Preview 10:24

** IMPORTANT **

In order to trigger Snort alerts, you must type the following command to replay the PCAP through your sniffing interface. This should be eth1 if you followed the tutorial.

sudo tcpreplay -t -i eth1 (full path of PCAP file)

Lab 2 will demonstrate the proper configuration of Wireshark for network analysis. Additionally, we will cover the analysis of network traffic discovered from a real malware infection. Techniques that are covered will include PCAP analysis with Wireshark, IDS alert analysis with Snort, and the utilization of open source threat intelligence. This class includes a multiple choice quiz, and incident report write up to reinforce its concepts.

Lab 2: Analyzing Network Traffic - Malware Infection
18:51

Lab 3 covers the analysis of brute force attacks, utilizing Wireshark, Snort, and Tcpdump. We will also be installing and configuring Kali Linux in order to simulate brute force attacks, and cover basic penetration testing tools (Hydra, Burpsuite, etc.). Due to the length of this lab, it is going to be broken down into two sections. This lab contains a quiz to reinforce its concepts.

P.S., it is notable to add that the SSH traffic observed within the PCAP could not yield the conclusion that a successful authentication was made. This was known due to the visibility, given the perspective of the attacker. Due to the encryption, this could not be confirmed with the network traffic alone.

Lab 3 pt. 1: Analyzing Network Traffic - Brute Force Attacks
17:23

Part two of lab 3.

Lab 3 pt. 2: Analyzing Network Traffic - Brute Force Attacks
08:11

Lab 4 will cover how to install Metasploitable, which is an intentionally vulnerable Linux OS. Industry standard penetration testing tools will be utilized within Kali Linux (Metasploit, Armitage, Nmap, etc.) to simulate active exploitation over the wire. This lab will be broken down into two sections due to its length. There will be no quiz for this lab since it is shown from the attacker's perspective.

Lab 4 pt. 1: Analyzing Network Traffic - Exploitation with Metasploit
15:09

Part 2 of lab 4.

Lab 4 pt. 2: Analyzing Network Traffic - Exploitation with Metasploit
09:03

Lab 5 focuses upon policy violations, utilizing a custom Snort rule to demonstrate a violation of policy pertaining to plain text file transfer. Additionally, we'll cover TOR traffic, which is not permitted by many organizations and would therefore be seen as a policy violation. Since we're the one's who will be generating the traffic in this lab, there will be no quiz.

Lab 5: Analyzing Network Traffic - Policy Violations
11:43
About the Instructor
Jesse Kurrus
4.2 Average rating
63 Reviews
399 Students
2 Courses
Senior SOC Analyst and Instructor at Udemy

Summary: Jesse Kurrus is a cybersecurity professional with strong network security analysis and intrusion detection experience. Jesse is skilled in utilizing commercial and proprietary Security Information and Event Management (SIEM) technology to create rules, filters, generate reports, and analyze correlations and events. Professional and academic strengths include supporting the design, implementation, and administration of enterprise computer architectures, cybersecurity, technical writing, and ethical hacking. Jesse is an active contributing member of a goal-oriented cybersecurity team, and is capable of thriving in fast-paced environments.

Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata), SIEM Technology (ArcSight and Splunk) PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics).

Current Degrees/Certifications:  M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8.