Testlab

Network traffic analysis tools

Wireshark

Introduction
- What?
- Why?
- How?
Nmap scans
- Questions
ARP poisoning & on-path
- Questions
Identifying hosts
- Questions
Tunneling traffic
Clear-text protocol analysis
Encrypted protocol analysis
- Decrypting HTTPS Traffic
- Questions
Hunt clear-text credentials
- Questions
Firewall rules
- Questions

Snort

Introduction
- What?
- Why?
- How?
Writing IDS rules
- HTTP
- FTP
- Images
  - PNG
  - GIF
- Torrent metafiles
- Resources
MS17-010
Log4j
Brute force
Reverse shell

Zeek

Introduction
- What?
- Why?
- How?
Network security monitoring
- Network monitoring
- Network security monitoring
Signatures
- Questions
  - HTTP
  - FTP
Scripts
Scripts and signatures
- Questions
Frameworks
- Questions
- Resources
Packages
- Questions
- Resources
Anomalous DNS
- Questions
Phishing
- Questions
Log4J
- Questions

Brim

Introduction
- What?
- Why?
- How?
Use cases
Malware C2 detection
- Questions
Crypto mining
- Questions

Root-me challenges

Introduction
- What?
- Why?
- How?
FTP authentication
TELNET authentication
ETHERNET frame
Twitter authentication
Bluetooth Unknown file
CISCO password
- Resources
DNS zone transfer
IP Time To Live
LDAP null bind
- Resources
POP-APOP
- Resources
SIP - authentication
ETHERNET patched transmission
Global system traffic for mobile communication
- Resources
SSL HTTP exchange
- Resources

Network traffic analysis (NTA)

NTA
Blue Team
Improbability Blog
About the UU
Register


THM Room: Brim

Introduction

What?

Threat hunting with Brim.

Why?

Log investigation, pcap analysis and threat hunting.

How?

Use cases
Malware C2 detection
Crypto mining

Previous Next

Unseen University, 2023, with a forest garden fostered by /ut7.