• Classroom
  • Online, Instructor-Led
Course Description

This hands-on course uses only freely available open source tools and is beneficial to anyone performing a cyber investigation or vulnerability assessment. Law enforcement and military communities were specifically in mind during the design, however anyone in cyber security would benefit. You will learn to use open-source tools from the Kali.org Linux distribution. You will learn both active and passive methods to gain information on the person(s) of interest. Hands-on labs combined with various hardware demonstrations, give you numerous opportunities to apply what was learned during the lecture.

Learning Objectives

Best practices to capture network traffic on 802.11 wireless, Bluetooth and ethernet networks. Aircrack, tcpdump and Wireshark will be used. Capture filters will be used to narrow the scope of the case. Examine 802.11 specific headers as well as the TCP/IP protocol headers Analyze the data using Wireshark. Various statistics and graphing which can be used to isolate connection patterns Identify ARP spoofing in Wireshark Signature identification and filtering for operating systems and connection establishment with Wireshark Extract executables and images from Wireshark

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Cyber Investigation
  • Digital Forensics
  • Exploitation Analysis
  • Network Services
  • Risk Management
  • Software Development
  • Test and Evaluation
  • Threat Analysis
  • Training, Education, and Awareness
  • Vulnerability Assessment and Management