While preparing the content for this book, I stumbled upon a few of the excellent Capture the Flag (CTF) challenges, which demonstrate mind-boggling exercises. One of them is the one we are going to discuss next. We covered an exercise on the ICMP shell in the previous chapters, and ICMP tunneling works on the same principle, which is to pass TCP-related data through a series of ICMP requests. Similarly, DNS and SSH tunneling also work; they encapsulate normal TCP traffic within them and pass the common security practices. DNS and SSH tunneling are fairly popular for bypassing captive portal restrictions on airports, cafes, and so on. However, certain malware also makes use of DNS to perform command and control of the compromised machines. Let's see an example that demonstrates strange DNS requests and look at what can we do with them...
Hands-On Network Forensics
By :
Hands-On Network Forensics
By:
Overview of this book
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.
Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.
By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Table of Contents (16 chapters)
Preface
Introducing Network Forensics
Technical Concepts and Acquiring Evidence
Section 2: The Key Concepts
Deep Packet Inspection
Statistical Flow Analysis
Combatting Tunneling and Encryption
Section 3: Conducting Network Forensics
Investigating Good, Known, and Ugly Malware
Investigating C2 Servers
Investigating and Analyzing Logs
WLAN Forensics
Automated Evidence Aggregation and Analysis
Other Books You May Enjoy
Customer Reviews