{"product_id":"tactical-wireshark-9781484292907","title":"Tactical Wireshark","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eTake a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.\u003c\/p\u003e\u003cp\u003eNext, you''ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial click through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.\u003c\/p\u003e\u003cp\u003eIn the final part of the book, you''ll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a foren\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eChapter 1:  Customization of the Wireshark Interface \u003c\/p\u003e\u003cp\u003e\u003cb\u003eChapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages - 18\u003c\/b\u003e         \u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub -Topics\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.      Identifying columns to delete from the default displays\u003c\/p\u003e  \u003cp\u003e2.      Adding the source and destination ports for easy traffic analysis\u003c\/p\u003e  \u003cp\u003e3.      Specialty column customization for malware analysis\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Intrusions Chapter 2:  Capturing Network Traffic \u003cp\u003e\u003cb\u003eChapter Goal: Setup a network capture in Wireshark\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: - 24\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub - Topics\u003c\/b\u003e   \u003c\/p\u003e  \u003cp\u003e1.      Prerequisites for capturing live network data \u003c\/p\u003e  \u003cp\u003e2.       Working with Network Interfaces\u003c\/p\u003e  \u003cp\u003e3.      Exploring the network capture options\u003c\/p\u003e  \u003cp\u003e4.      Filtering While Capturing \u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 3: Interpreting Network Protocols \u003cp\u003e\u003cb\u003eChapter Goal: A deep understanding of the network protocols at the packet level\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e : 30\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub - Topics:\u003c\/b\u003e   \u003c\/p\u003e  \u003cp\u003e1.      Investigating IP, the workhorse of the network\u003c\/p\u003e  2.      Analyzing ICMP and UDP\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e3.      Dissection of TCP traffic\u003c\/p\u003e  \u003cp\u003e4.      Reassembly of packets\u003c\/p\u003e  \u003cp\u003e5.      Interpreting Name Resolution\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 4: Analysis of Network Attacks \u003cp\u003e\u003cb\u003eChapter Goal: Understand the hacking mindset and leverage that to identify attacks\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub - Topics: \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1. Introducing a Hacking Methodology\u003c\/p\u003e  \u003cp\u003e2. Examination of reconnaissance network traffic artifacts\u003c\/p\u003e  \u003cp\u003e3. Leveraging the statistical properties of the capture file\u003c\/p\u003e  \u003cp\u003e4. Identifying SMB based attacks\u003c\/p\u003e  \u003cp\u003e5. Uncovering HTTP\/HTTPS based attack traffic\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 5: Effective Network Traffic Filtering  \u003cp\u003e\u003cb\u003eChapter Goal: Use of the complex filtering capability of Wireshark to extract attack data\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 35\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub - Topics: \u003c\/b\u003e\u003c\/p\u003e  1.      Identifying filter components\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e2.      Investigating the conversations\u003c\/p\u003e  3.      Extracting the packet data\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e4.      Building Filter Expressions\u003c\/p\u003e  5.      Decrypting HTTPS Traffic\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e    Chapter 6: Advanced Features of Wireshark  \u003cp\u003e\u003cb\u003eChapter Goal: A fundamental review and understanding of the advanced features of Wireshark\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 35\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics: \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.      Working with cryptographic information in a packet\u003c\/p\u003e  \u003cp\u003e2.      Exploring the protocol dissectors of Wireshark\u003c\/p\u003e  3.      Viewing logged anomalies in Wireshark\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e4.      Capturing traffic from remote computers\u003c\/p\u003e  5.      Command line tool tshark\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e6.      Creating Firewall ACL rules\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 7: Scripting and interacting with Wireshark  \u003cp\u003e\u003cb\u003eChapter Goal: Using scripts to extract and isolate data of interest from network capture files\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.       Lua scripting\u003c\/p\u003e  \u003cp\u003e2.       Interaction with Pandas\u003c\/p\u003e  \u003cp\u003e3.      Leveraging PyShark\u003c\/p\u003e  Malware Chapter 8: Basic Malware Traffic Analysis \u003cp\u003e\u003cb\u003eChapter Goal: Develop an understanding of the different stages of a malware infection\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 36\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.       Customization of the interface for malware analysis\u003c\/p\u003e  2.       Extracting the files\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e3.       Recognizing URL\/Domains of an infected site\u003c\/p\u003e  \u003cp\u003e4.       Determining the connections as part of the infected machine\u003c\/p\u003e  \u003cp\u003e5.       Scavenging the infected machine meta data\u003c\/p\u003e  \u003cp\u003e6.       Exporting the data objects\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic \u003cp\u003e\u003cb\u003eChapter Goal: Identify the encoding or obfuscated method in network traffic\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 40\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.       Investigation of njRAT\u003c\/p\u003e  \u003cp\u003e2.       Analysis of Wanna Cry\u003c\/p\u003e  \u003cp\u003e3.       Exploring Cryptolocker\u003c\/p\u003e  \u003cp\u003e4.       Dissecting TRITON\u003c\/p\u003e  5.       Examining Trickbot\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e6.       Understanding exploit kits\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 10: Dynamic Malware Network Activities \u003cp\u003e\u003cb\u003eChapter Goal: Review and understand malware network activity as it happens\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 40\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics: \u003c\/b\u003e\u003c\/p\u003e  1.       Setting up network and service simulation\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e2.       Monitoring malware communications and connections at run time and beyond\u003c\/p\u003e  \u003cp\u003e3.       Detecting network evasion attempts\u003c\/p\u003e  \u003cp\u003e4.       Investigating Cobalt Strike Beacons\u003c\/p\u003e  \u003cp\u003e5.       Exploring C2 backdoor methods\u003c\/p\u003e  6.       Identifying Domain Generation Algorithms\u003cp\u003e\u003c\/p\u003e    Forensics Chapter 10: Extractions of Forensics Data with Wireshark  \u003cp\u003e\u003cb\u003eChapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.       Interception of telephony data\u003c\/p\u003e  \u003cp\u003e2.       Discovering DOS\/DDoS\u003c\/p\u003e  \u003cp\u003e3.       Analysis of HTTP\/HTTPS Tunneling over DNS\u003c\/p\u003e  4.       Carving files from network data\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  \u003cp\u003eChapter 11: \u003cb\u003eNetwork Traffic Forensics\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eChapter Goal: An understanding of extraction of potential forensics data\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e1.       Isolation of conversations\u003c\/p\u003e  \u003cp\u003e2.       Detection of Spoofing, port scanning and SSH attacks\u003c\/p\u003e  \u003cp\u003e3.       Reconstruction of timeline network attack data\u003c\/p\u003e  4.       Extracting compromise data\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Chapter 12: Conclusion \u003cp\u003e\u003cb\u003eChapter Goal: Review and summary of covered content\u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 10\u003c\/p\u003e  \u003cp\u003e\u003cbr\u003e\u003c\/p\u003e","brand":"APress","offers":[{"title":"Default Title","offer_id":48739669213527,"sku":"9781484292907","price":46.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781484292907.jpg?v=1720052860","url":"https:\/\/bookcurl.com\/products\/tactical-wireshark-9781484292907","provider":"Book Curl","version":"1.0","type":"link"}