APT Malware Network Analysis By Wireshark
這堂課主要是用真實病毒的網路封包案例,用 WireShark 分析與了解病毒的行為,從哪裡來、做什麼、去哪裡。
The learning objective is analyze APT malware captured network traffic by wirehsark with 5 hands-on case study. You will learn how to use WireShark to analyze these APT malware network traffic cases by answering:
- What network proposal the attack/malware is based on?
- Identify the network environment. i.e. IP, server, infected hosts of DNS, client, server and gateway from the network packets.
- List the visited webpages that include suspicious scripts
- Web visits infection chain
- What operation system does the attack target at?
- How to extract IP, domain name information and suspicious payload from the network packets?
- Identify the root/cause suspicious web redirection behaviors
課程綱要
| Course | APT Malware Network Analysis By Wireshark | ||||||||
| Duration | 12 hours in total | ||||||||
| Target Audience | Attendee whom may be interested or involved with
– Handling advanced threats including target attacks and cyber threats.
– Analyze malware behavior and perform the root cause analysis
– Open source tools for malware activities analysis
|
||||||||
| Prerequisite | -Basic uses of WireShark
-Basic understanding of networking protocol, TCP/UDP/HTTP/DNS
|
||||||||
| Evaluation | -Attendance rate 30%
-Homework / Lab 70%
|
||||||||
| Agenda |
|