Analysis of network traffic can provide a wealth of forensic data and is an essential aspect of many fields of cybersecurity work, including incident response, security operations, and malware analysis. Artifacts obtained through network traffic analysis can reveal hacker techniques and methodologies, such as the use of malware, network traversal, privilege escalation, the establishment of persistence, and data exfiltration. Even relatively “normal” traffic can reveal eye-opening data about user activity.
In this series of training sessions, we will cover the basics of network traffic flow, including topics such as the OSI model and TCP/IP stack, ports and protocols, and packet headers. From there, we will dive into using Wireshark to examine custom packet captures showing a variety of network activity. Participants will learn how to capture their own traffic, and will also be provided with the custom captures and solutions.
Sessions will be recorded so don’t worry if you cannot attend them all. We will also have a Slack site for student chat and resource sharing.
No special equipment is required for this training, just access to a computer and Wireshark, which is available for Mac, Linux, and Windows.
- Session 1: Introduction, networking fundamentals, getting started with Wireshark, application layer
- Session 2: Assignment review, review of transport layer
- Session 3: Assignment review, review of internet layer
- Session 4: Assignment review, review of network access layer, capstone challenge
Ask about the WSC member discount!
About the Instructor
Marcelle Lee is a threat researcher with WhiteOps, an adjunct professor in digital forensics and network security, and she also provides security consulting and training services through her company, Fractal Security Group, LLC. She specializes in network traffic analysis, malware analysis, phishing, and threat hunting. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the Cybersecurity Association of Maryland Advisory Board. She also both builds and participates in cyber competitions, and shares her work through her Github site.
Marcelle has earned the CISSP, CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, PenTest+, Security+, Network+, and ACE industry certifications. She holds four degrees, including a master’s degree in cybersecurity. She has received the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu. Marcelle frequently presents at conferences and training events, and is an active volunteer in the cybersecurity community.