Level II, the second course in our Cyber Sleuth Immersion Program, delves deeper into the booming field of cybersecurity, further expanding your critical thinking and technical skills. With the guidance of mentor-directed activities, you’ll work through two scenarios: analyzing malicious network traffic and a remote intrusion attempt.
Analyze Malicious Network Traffic – In this first scenario, you’ll analyze traffic generated by a complex cyberattack. You’ll learn how to analyze network traffic moving in and out of a military aide’s personal laptop. Using packet capture (PCAP) files, you’ll also determine if it was infected by malware, what malware is and how the infection occurred.
You’ll learn to:
- Analyze suspicious network traffic using Snort and Wireshark
- Recognize a cushion redirect in network traffic
- Recognize the identifying features of a specific exploit kit attack
- Recognize a malware payload being transferred to a targeted host
- Perform open-source intelligence analysis using resources found on the internet
Remote Intrusion Attempt – In this scenario, you’ll learn the skills of log analysis when a security operations center analyst sees evidence of a password cracking attempt within a key network. You’ll analyze a packet capture file (PCAP) and event logs within a security information and event management system to determine if any passwords were compromised and if the network was breached.
You’ll learn to:
- Continue to practice analyzing suspicious network traffic using Wireshark
- Analyze network and system logs using Splunk, a security information and event management system
- Cross-correlate events seen in network traffic with events seen in logs
- Recognize a brute-forcing attack and determine if it has been successful
Level II will run from 4:00-5:00PM PT Monday through Friday for five weeks, in a structured meeting-style with a course mentor, followed by about two hours of independent work after each class, with optional office hours from 7 to 8 p.m. PT on weekdays.
Prerequisite: Cyber Sleuth Level I is a prerequisite; however, no other prior knowledge of network administration is assumed.