OR I know what you downloaded last night! By: GTKlondike.

Slides:

Advertisements

Similar presentations

Section 3.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Advertisements

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Section 1.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE TECHNICAL FUNDAMENTALS.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

We’ve got what it takes to take what you got! NETWORK FORENSICS.

Section 2.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

What is FORENSICS? Why do we need Network Forensics?

Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Cisco 1 - Networking Basics Perrine. J Page 19/17/2015 Chapter 9 What transport layer protocol does TFTP use? 1.TCP 2.IP 3.UDP 4.CFTP.

Computer Networks and Internet Technology The story of success lecturer Aleksandar Dimitrijević.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Network Protocol Testing www. Rockfortnetworks.com www. Rockfortnetworks.com Rockfortnetworks

Windows 7 Firewall.

Networking Colin Alworth May 26, Quick Review IP address: four octets Broadcast addresses –IP addresses use all 1’s for the host bits, and whatever.

What is a “Network Intrusion Detection System (NIDS)"?

Securing Wired Local Area Networks(LANs)

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Dealing with Malware By: Brandon Payne Image source: TechTips.com.

Data Communications and Networks

INTRODUCTION TO NETWORKS 8/2/2015 SSIG SOUTHERN METHODIST UNIVERSITY.

TCP/IP MODEL   Short overview for OSI model;  What is TCP/IP model?;  How is divided;  The TCP/IP structure;  The Application Layer;  The Transport.

Sniffer, tcpdump, Ethereal, ntop

Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

@packetjay Fun and games until someone uses IPv6 or TCP.

1 Interview Questions - What is the difference between TCP and UDP? - What is Nagle's Algorithm? - Describe the TCP handshaking process. - What is Slow.

Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and.

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

Ethereal/WireShark Tutorial Yen-Cheng Chen IM, NCNU April, 2006.

Assumption You’re not a “networking guy” and you don’t want to be Networking infrastructure is configured properly – Packets go where they’re told to go.

TCP/IP Protocol Suite ©Richard L. Goldman September 25, 2002.

WIRESHARK Lab#3. Computer Network Monitoring  Port Scanning  Keystroke Monitoring  Packet sniffers  takes advantage of “friendly” nature of net. 

Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.

February 2016 Meeting. Web Defacement and Spear Phishing.

COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark.

Traffic Analysis– Traffic Forensic Example

CompTIA Security+ Study Guide (SY0-401)

Solving Real-World Problems with Wireshark

Instructor Materials Chapter 8: Network Troubleshooting

Rick Graziani Cabrillo College

Determining Topology from a Capture File

Lab 2: Packet Capture & Traffic Analysis with Wireshark

資料通訊與網路教授: 吳照輝助教: 鄺福全.

CompTIA Security+ Study Guide (SY0-401)

Wireshark CSC8510 David Sivieri.

Dumps PDF Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Exam

Traffic Analysis– Traffic Forensic Example

What you need to learn to start learning infosec

TCP Protocol Analysis Access UMKC Home Page.

TCP Protocol Analysis Access UMKC Home Page.

By Seferash B Asfa Wossen Strayer University 3rd December 2003

Module 4: Packet analysis

EVAPI - Enumeration Auburn Hacking club

Presentation transcript:

OR I know what you downloaded last night! By: GTKlondike

Oh hey, that guy…

I Am… Hacker/independent security researcher/subspace half- ninja Several years of experience in network infrastructure and security consulting as well as systems administration (Routing, Switching, Firewalls, Servers) Passionate about networking I’m friendly, just come up and say hi Contact Info: Zombie-Blog: gtknetrunner.blogspot.com

What should you know already? Assumed basic knowledge of: Protocol analyzers (Wireshark/TCPdump) OSI and TCP/IP model Major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.)

Tools I Will Be Using Wireshark Network Miner Hex editor Scalpel File Signature Database

What Is File Carving? It’s a word search on steroids!

Pcap Analysis Methodology 1. Pattern Matching – Identify and filter packets of interest by matching specific values or protocol meta-data 2. List Conversations – List all conversation streams within the filtered packet capture 3. Export - Isolate and export specific conversation streams of interest 4. Draw Conclusions – Extract files or data from streams and compile data

Yeah…. Security Onion: /opt/samples/fake_av.pcap

Additional Information (Pcap Files)

Further Reading Network-Based File Carving Practical Packet Analysis: Using Wireshark to Solve Real- World Network Problems By: Chris Sanders Network Forensics: Tracking Hackers Through Cyberspace By: Sherri Davidoff, Jonathan Ham Guide to Integrating Forensic Techniques into Incident Response 86.pdf File Signatures