This hands-on course uses only freely available open source tools and is beneficial to anyone performing a cyber investigation or vulnerability assessment. Law enforcement and military communities were specifically in mind during the design, however anyone in cyber security would benefit. You will learn to use open-source tools from the Kali.org Linux distribution. You will learn both active and passive methods to gain information on the person(s) of interest. Hands-on labs combined with various hardware demonstrations, give you numerous opportunities to apply what was learned during the lecture.
Learning Objectives
Best practices to capture network traffic on 802.11 wireless, Bluetooth and ethernet networks. Aircrack, tcpdump and Wireshark will be used. Capture filters will be used to narrow the scope of the case. Examine 802.11 specific headers as well as the TCP/IP protocol headers Analyze the data using Wireshark. Various statistics and graphing which can be used to isolate connection patterns Identify ARP spoofing in Wireshark Signature identification and filtering for operating systems and connection establishment with Wireshark Extract executables and images from Wireshark
Framework Connections
Competency Areas
Work Roles
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.