From BruCON 2015
Jump to: navigation, search
(Created page with "=Wireshark - Packet Class by Didier Stevens = ===Course Description=== This training is based on the best selling book “Backtrack 5 Wireless Penetration Testing" and will p...")
(No difference)

Revision as of 20:50, 12 May 2014

Wireshark - Packet Class by Didier Stevens

Course Description

This training is based on the best selling book “Backtrack 5 Wireless Penetration Testing" and will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools.

During the course of this training participants will do over 25+ hands-on lab sessions and will fight it out against live CTF challenges. These include - cracking WPA Enterprise (PEAP, EAP-TTLS), MITM attacks over Wireless, Creating Wi-Fi Backdoors, Scripting and Attack automation, Wireless Forensics and Security Best Practices.

A non-exhaustive list of topics to be taught includes:

  • Bypassing WLAN Authentication - Shared Key, MAC Filtering, Hidden SSIDs
  • Cracking WLAN Encryption - WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
  • Attacking the WLAN Infrastructure - Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-Fi Protected Setup
  • Advanced Enterprise Attacks - 802.1x, EAP, LEAP, PEAP, EAP-TTLS
  • Attacking the Wireless Client - Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
  • Breaking into the Client - Metasploit, SET, Social Engineering
  • Enterprise Wi-Fi Worms, Backdoors and Botnets

Who should attend

IT Security professionals, network engineers, ..., anyone else who comes into contact with packets with a desire to dissect them.

Objectives

During the course, the student will:

  • Get a thorough overview of Wireshark's features
  • Learn how to customize Wireshark
  • Learn how to script Wireshark

Course Contents

Day 1

  • Get familiar with the user interface of Wireshark
  • The art of capturing traffic
    • Capture traffic at different points in the network
    • Using network devices to capture traffic
    • Using dedicated hardware to capture traffic
  • Capture filters
    • Knowing capture filters is an important skill for security professionals. Capture filters are not only used by Wireshark, but many other (security) tools you will encounter in your career.
  • Display filters (not to be confused with capture filters)
  • Colorizing traffic
  • Build-in statistics
    • Report
    • Graphs
    • Customize with display filters
  • Streams and data
  • Wireshark's expert system

Day 2

  • Practical capture analysis
    • Regular day-to-day traffic
      • DNS
      • TCP/IP
      • HTTP
      • SMTP
      • WLAN
    • Irregular traffic
      • Network scans (nmap anyone?)
      • Network discovery
      • Traffic from hacker tools
      • Traffic from malware like botnets
    • Network forensics
  • Scripting
    • Command-line scripting with Tshark, Python and Lua
    • Lua listeners
    • Lua dissectors
      • Use a Lua dissector generator
      • Refactor existing Lua dissectors
      • New protocol dissectors
      • Post dissectors

Prerequisites

A basic understanding of networking is required. Some basic scripting experience is useful, just not to feel overwhelmed when we discuss custom dissectors. If you know what an if-statement and a for-loop is, you will be fine.

A laptop with the latest version of Wireshark installed (Windows/Linux/OSX) and with Python 2.7. Administrative rights are useful to install some Python modules. If you don't have administrative rights, make sure that you can perform a capture and run Lua scripts. If you are in doubt, make sure that you have administrative rights. Make sure that there is no security software running that could interfere with capturing.

Trainer Biography

Didier Stevens (Security Consultant, Didier Stevens Labs, Contraste Europe NV) is an IT security professional well known for his security and forensic tools, like the Network Appliance Forensic Toolkit (NAFT). Didier is an experienced Wireshark user, he started using it when it was still known as Ethereal.

Didier holds many IT certifications and is an MVP Security. Relevant to this training are his CCNP/Security certification (Cisco Certified Networking Professional) and the fact that he is working towards obtaining the Wireshark Certified Network Analyst certification. You can find his tools on his security blog http://blog.DidierStevens.com


More information is available on Didier Stevens Blog
300px-twitter-icon.jpg @DidierStevens

Mon. 22 - Tue. 23 September 2014 (09:00 - 17:00)

Register.jpg

Back to Training Overview