Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
Autor Kevin Cardwellen Limba Engleză Paperback – 13 apr 2023
Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.What You Will Learn
- Use Wireshark to identify intrusions into a network
- Exercise methods to uncover network data even when it is in encrypted form
- Analyze malware Command and Control (C2) communications and identify IOCs
- Extract data in a forensically sound manner to support investigations
- Leverage capture file statistics to reconstruct network events
Network analysts, Wireshark analysts, and digital forensic analysts.
Preț: 311.37 lei
Preț vechi: 389.21 lei
-20% Nou
Puncte Express: 467
Preț estimativ în valută:
59.60€ • 62.57$ • 49.23£
59.60€ • 62.57$ • 49.23£
Carte disponibilă
Livrare economică 09-23 ianuarie 25
Livrare express 25-31 decembrie pentru 108.64 lei
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781484292907
ISBN-10: 1484292901
Pagini: 462
Ilustrații: XV, 462 p. 490 illus., 250 illus. in color.
Dimensiuni: 178 x 254 x 31 mm
Greutate: 0.83 kg
Ediția:First Edition
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
ISBN-10: 1484292901
Pagini: 462
Ilustrații: XV, 462 p. 490 illus., 250 illus. in color.
Dimensiuni: 178 x 254 x 31 mm
Greutate: 0.83 kg
Ediția:First Edition
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
Cuprins
Chapter 01: Customization of the Wireshark Interface.- Chapter 02: Capturing Network Traffic.- Chapter 03: Interpreting Network Protocols.- Chapter 04: Analysis of Network Attacks.- Chapter 05: Effective Network Traffic Filtering .- Chapter 06: Advanced Features of Wireshark .- Chapter 07: Scripting and interacting with Wireshark .- Chapter 08: Basic Malware Traffic Analysis.- Chapter 09: Analyzing Encoding, Obfuscated and ICS Malware Traffic.- Chapter 10: Dynamic Malware Network Activities.- Chapter 11: Extractions of Forensic Data with Wireshark .- Chapter 12: Network Traffic Forensics.- Chapter 13: Conclusion.
Notă biografică
Kevin Cardwell is an Instructor, Curriculum Developer, Technical Editor and Author of Computer Forensics, and Hacking courses. He is the author of the EC Council Certified Penetration Testing Professional, Ethical Hacking Core Skills, Advanced Penetration Testing and ICS/SCADA Security courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is the author of Defense and Deception: Confuse and Frustrate the Hackers, Building Virtual Pentesting Labs for Advanced Penetration Testing 1st and 2nd edition, and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and an MS in Software Engineering from the Southern Methodist University (SMU) in Texas.
Textul de pe ultima copertă
Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.
Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.You will:
Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.You will:
- Use Wireshark to identify intrusions into a network
- Exercise methods to uncover network data even when it is in encrypted form
- Analyze malware Command and Control (C2) communications and identify IOCs
- Extract data in a forensically sound manner to support investigations
- Leverage capture file statistics to reconstruct network events
Caracteristici
Learn how to use Wireshark to identify a variety of different intrusions into a network Perform malware traffic analysis of the latest types of malware Investigate command and control communication malware uses to include proxies and “ghost” nodes