CHF44.00
Download steht sofort bereit
Master Wireshark to solve real-world security problems
If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.
Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.
Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material.
Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark's features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book's final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark.
By the end of the book you will gain the following:
Master the basics of Wireshark
Explore the virtual w4sp-lab environment that mimics a real-world network
Gain experience using the Debian-based Kali OS among other systems
Understand the technical details behind network attacks
Execute exploitation and grasp offensive and defensive activities, exploring them through Wireshark
Employ Lua to extend Wireshark features and create useful scripts
To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.
Autorentext
JESSEY BULLOCK is a Senior Application Security Engineer with a game company. Having previously worked at both NGS and iSEC Partners as a consultant, he has a deep understanding of application security and development, operating systems internals, and networking protocols. Jessey has experience working across multiple industry sectors, including health care, education, and security. Jessey holds multiple security certifications, including CISSP, CCNA, CWNA, GCFE, CompTIA Security+, CompTIA A+, OSCP, GPEN, CEH, and GXPN. JEFF T. PARKER is a seasoned IT security consultant with a career spanning 3 countries and as many Fortune 1OO companies. Now in Halifax, Canada, Jeff enjoys life most with his two young children, hacking professionally while they're in school.
Zusammenfassung
Master Wireshark to solve real-world security problems
If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.
Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.
Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material.
Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark's features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book's final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark.
By the end of the book you will gain the following:
Inhalt
Introduction xiii
Chapter 1 Introducing Wireshark 1
What Is Wireshark? 2
A Best Time to Use Wireshark? 2
Avoiding Being Overwhelmed 3
The Wireshark User Interface 3
Packet List Pane 5
Packet Details Pane 6
Packet Bytes Pane 8
Filters 9
Capture Filters 9
Display Filters 13
Summary 17
Exercises 18
Chapter 2 Setting Up the Lab 19
Kali Linux 20
Virtualization 22
Basic Terminology and Concepts 23
Benefits of Virtualization 23
Virtual Box 24
Installing VirtualBox 24
Installing the VirtualBox Extension Pack 31
Creating a Kali Linux Virtual Machine 33
Installing Kali Linux 40
The W4SP Lab 46
Requirements 46
A Few Words about Docker 47
What Is GitHub? 48
Creating the Lab User 49
Installing the W4SP Lab on the Kali Virtual Machine 50
Setting Up the W4SP Lab 53
The Lab Network 54
Summary 55
Exercises 56
Chapter 3 The Fundamentals 57
Networking 58
OSI Layers 58
Networking between Virtual Machines 61
Security 63
The Security Triad 63
Intrusion Detection and Prevention Systems 63
False Positives and False Negatives 64
Malware 64
Spoofing and Poisoning 66
Packet and Protocol Analysis 66
A Protocol Analysis Story 67
Ports and Protocols 71
Summary 73
Exercises 74
Chapter 4 Capturing Packets 75
Sniffing 76
Promiscuous Mode 76
Starting the First Capture 78
TShark 82
Dealing with the Network 86
Local Machine 87
Sniffing Localhost 88
Sniffing on Virtual Machine Interfaces 92
Sniffing with Hubs 96
SPAN Ports 98
Network Taps 101
Transparent Linux Bridges 103
Wireless Networks 105
Loading and Saving Capture Files 108
File Formats 108
Ring Buffers and Multiple Files 111
Recent Capture Files 116
Dissectors 118
W4SP Lab: Managing Nonstandard HTTP Traffic 118
Filtering SMB Filenames 120
Packet Colorization 123
Viewing Someone Else's Captures 126
Summary 127
Exercises 128
Chapter 5 Diagnosing Attacks 129
Attack Type: Man-in-the-Middle 130
Why MitM Attacks Are Effective 130
How MitM Attacks Get Done: ARP 131
W4SP Lab: Performing an ARP MitM Attack 133
W4SP Lab: Performing a DNS MitM Atta…