The OSI Model and How it Can Be Broken

• The OSI Model as it is supposed to be used
• The nature of protocols
• Encapsulation and demultiplexing
• Layer 8 & 9, the Missing Layers, and EVIL

‍

Protocols Up and Down the Stack

• Layer 2 details and structures
• Addressing and correlation between L2 and L3
• Layer 3 addressing
• Layer 3 details and structures (IPv4 and IPv6)
• Layer 4 details and structures (TCP, UDP and ICMP)
• Numerical systems and conversions

‍

Packet Tools

• Wireshark / tshark and their Display Filters
• Using Wireshark to explore a typical sequence of packets
• tcpdump and the Berkeley Packet Filter (BPF) language
• Bitmasking with BPF

‍

Addressing and Resolution Protocols and How They Go Wrong

• Binary and Hex
• The dynamic Host configuration Protocol (DHCP) in the IPv4
• The Address Resolution Protocol (ARP) in IPv4
• The Neigbor Discovery Protocol (ARP) in IPv6
• The Domain Name System (DNS) in depth
• The link-Local Multicast Name Resolution (LLMR) Protocol
• The Web Proxy Auto-configuration Discovery (WPAD) Protocol

‍

Network Forensics Methodology

• The basics of Network Forensics Methodology
• The basics of Network Forensics Analysis

‍

Network Flow Record Analysis

• Understanding traffic analysis
• Network flow data and record analysis
• Understanding sensors and sensor replacement
• Network flow data formats
• Introduction to Argus, SiLK, and other tools
• Simple and complex flow analysis techniques
• Analysis of a flow diagram of successful brute force

‍

Network-based Intrusion Detection Systems (NIDS) and Other Tools

• NIDS and NIPS and their functionality
• Introduction to Snort In-Depth
• Introduction to Zeek In-Depth
• Other advanced network forensics and packet analysis tools
• Argus and detecting the pivot with network flow analysis
• Using Snort and Zeek to analyze malware-based lateral movement
• Analysis of browser exploitation via LLMR and WPAD

‍

‍