دانلود کتاب Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence

فهرست مطالب :

Table of Contents
About the Author
About the Technical Reviewer
Introduction
Chapter 1: Customization of the Wireshark Interface
Configuring Wireshark
Column Customization
Malware
Summary
Chapter 2: Capturing Network Traffic
Capturing Network Traffic
Prerequisites for Capturing Live Network Data
Normal Mode
Promiscuous Mode
Wireless
Working with Network Interfaces
Exploring the Network Capture Options
Filtering While Capturing
Summary
Chapter 3: Interpreting Network Protocols
Investigating IP, the Workhorse of the Network
Analyzing ICMP and UDP
ICMP
UDP
Dissection of TCP Traffic
Transport Layer Security (TLS)
TLS Record Layer
Reassembly of Packets
Interpreting Name Resolution
DNS
Windows Name Resolution
Summary
Chapter 4: Analysis of Network Attacks
Introducing a Hacking Methodology
Planning
Non-intrusive Target Search
Intrusive Target Search
Live Systems
Ports
Services
Enumeration
Identify Vulnerabilities
Exploit
Examination of Reconnaissance Network Traffic Artifacts
Leveraging the Statistical Properties of the Capture File
Identifying SMB-Based Attacks
Uncovering HTTP/HTTPS-Based Attack Traffic
XSS
SQL Injection
HTTPS
Set the Environment Variable
Configure Wireshark
Summary
Chapter 5: Effective Network Traffic Filtering
Identifying Filter Components
Investigating the Conversations
Extracting the Packet Data
Building Filter Expressions
Decrypting HTTPS Traffic
Kerberos Authentication
Summary
Chapter 6: Advanced Features of Wireshark
Working with Cryptographic Information in a Packet
Exploring the Protocol Dissectors of Wireshark
Viewing Logged Anomalies in Wireshark
Capturing Traffic from Remote Computers
Command-Line Tool TShark
Creating Firewall ACL Rules
Summary
Chapter 7: Scripting and Interacting with Wireshark
Lua Scripting
Interacting with Pandas
Leveraging PyShark
Summary
Chapter 8: Basic Malware Traffic Analysis
Customization of the Interface for Malware Analysis
Extracting the Files
Recognizing URL/Domains of an Infected Site
Determining the Connections As Part of the Infected Machine
Scavenging the Infected Machine Meta Data
Exporting the Data Objects
Summary
Chapter 9: Analyzing Encoding, Obfuscated, and ICS Malware Traffic
Encoding
Investigation of NJRat
Analysis of WannaCry
Exploring CryptoLocker and CryptoWall
Dissecting TRITON
Examining Trickbot
Understanding Exploit Kits
Establish Contact
Redirect
Exploit
Infect
Summary
Chapter 10: Dynamic Malware Network Activities
Dynamic Analysis and the File System
Setting Up Network and Service Simulation
Monitoring Malware Communications and Connections at Runtime and Beyond
Detecting Network Evasion Attempts
Investigating Cobalt Strike Beacons
Exploring C2 Backdoor Methods
Identifying Domain Generation Algorithms
Summary
Chapter 11: Extractions of Forensics Data with Wireshark
Interception of Telephony Data
Discovering DOS/DDoS
Analysis of HTTP/HTTPS Tunneling over DNS
Carving Files from Network Data
Summary
Chapter 12: Network Traffic Forensics
Chain of Custody
Isolation of Conversations
Detection of Spoofing, Port Scanning, and SSH Attacks
Spoofing
Port Scanning
SSH
Reconstruction of Timeline Network Attack Data
Extracting Compromise Data
Summary
Chapter 13: Conclusion
Intrusion Analysis
Malware Analysis
Forensics
Summary
Index