Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
- Length: 477 pages
- Edition: 1
- Language: English
- Publisher: Apress
- Publication Date: 2023-05-06
- ISBN-10: 1484292901
- ISBN-13: 9781484292907
- Sales Rank: #2075618 (See Top 100 Books)
Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.
Next, you’ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.
In the final part of the book, you’ll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.
After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.
What You Will Learn
- Use Wireshark to identify intrusions into a network
- Exercise methods to uncover network data even when it is in encrypted form
- Analyze malware Command and Control (C2) communications and identify IOCs
- Extract data in a forensically sound manner to support investigations
- Leverage capture file statistics to reconstruct network events
Who This Book Is ForNetwork analysts, Wireshark analysts, and digital forensic analysts.
Table of Contents About the Author About the Technical Reviewer Introduction Chapter 1: Customization of the Wireshark Interface Configuring Wireshark Column Customization Malware Summary Chapter 2: Capturing Network Traffic Capturing Network Traffic Prerequisites for Capturing Live Network Data Normal Mode Promiscuous Mode Wireless Working with Network Interfaces Exploring the Network Capture Options Filtering While Capturing Summary Untitled Chapter 3: Interpreting Network Protocols Investigating IP, the Workhorse of the Network Analyzing ICMP and UDP ICMP UDP Dissection of TCP Traffic Transport Layer Security (TLS) TLS Record Layer Reassembly of Packets Interpreting Name Resolution DNS Windows Name Resolution Summary Chapter 4: Analysis of Network Attacks Introducing a Hacking Methodology Planning Non-intrusive Target Search Intrusive Target Search Live Systems Ports Services Enumeration Identify Vulnerabilities Exploit Examination of Reconnaissance Network Traffic Artifacts Leveraging the Statistical Properties of the Capture File Identifying SMB-Based Attacks Uncovering HTTP/HTTPS-Based Attack Traffic XSS SQL Injection HTTPS Set the Environment Variable Configure Wireshark Summary Untitled Chapter 5: Effective Network Traffic Filtering Identifying Filter Components Investigating the Conversations Extracting the Packet Data Building Filter Expressions Decrypting HTTPS Traffic Kerberos Authentication Summary Chapter 6: Advanced Features of Wireshark Working with Cryptographic Information in a Packet Exploring the Protocol Dissectors of Wireshark Viewing Logged Anomalies in Wireshark Capturing Traffic from Remote Computers Command-Line Tool TShark Creating Firewall ACL Rules Summary Chapter 7: Scripting and Interacting with Wireshark Lua Scripting Interacting with Pandas Leveraging PyShark Summary Untitled Chapter 8: Basic Malware Traffic Analysis Customization of the Interface for Malware Analysis Extracting the Files Recognizing URL/Domains of an Infected Site Determining the Connections As Part of the Infected Machine Scavenging the Infected Machine Meta Data Exporting the Data Objects Summary Chapter 9: Analyzing Encoding, Obfuscated, and ICS Malware Traffic Encoding Investigation of NJRat Analysis of WannaCry Exploring CryptoLocker and CryptoWall Dissecting TRITON Examining Trickbot Understanding Exploit Kits Establish Contact Redirect Exploit Infect Summary Chapter 10: Dynamic Malware Network Activities Dynamic Analysis and the File System Setting Up Network and Service Simulation Monitoring Malware Communications and Connections at Runtime and Beyond Detecting Network Evasion Attempts Investigating Cobalt Strike Beacons Exploring C2 Backdoor Methods Identifying Domain Generation Algorithms Summary Chapter 11: Extractions of Forensics Data with Wireshark Interception of Telephony Data Discovering DOS/DDoS Analysis of HTTP/HTTPS Tunneling over DNS Carving Files from Network Data Summary Chapter 12: Network Traffic Forensics Chain of Custody Isolation of Conversations Detection of Spoofing, Port Scanning, and SSH Attacks Spoofing Port Scanning SSH Reconstruction of Timeline Network Attack Data Extracting Compromise Data Summary Chapter 13: Conclusion Intrusion Analysis Malware Analysis Forensics Summary Index
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/Apress
2. In the Find a repository… box, search the book title: Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.