Hands-on Network security basics

Learn the code idea of cybersecurity network defense : day 1 training material

What you'll learn:
how to analyze malicious traffic
practical network layering for troubleshooting
Python scapy to analyze typical network attacks
how to analyze routing/filtering issues

Requirements:
CCNA completion or equivalent network knowledge
Linux basics
basic programming skills

Description:
2022/06/17  Working on fixing subtitles.
NEXT update (subject to change): DNS tunneling, SSH intercept, SMPT file carving with Scapy

Disclaimer
All videos, tutorials and attachments are for informational and educational purposes only.
All videos have been made using my own resources in closed, isolated environment. I do not promote, encourage, support any illegal activities.
The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this course to break the law.

Hands-on Network Security Basics
This course is essential training for someone who wants to learn network security.

Everything in this course is based on real-world questions that I collected /arranged for days one, two, or three of network security training. So even if you think this course is too easy for you, you can still use this as training material for your team.

Also, I put priority on dealing with time-tested attack vectors that constantly revive. Threats would not suddenly come alive. Instead, most of them were remodeled and disguised as new.     


contents at a glance (*contents will updated/added without prior notice)

Scapy pcap analysis
Scapy pcap replay (UDP)
ARP scan detection with Scapy
Routing/ Traffic filtering issue analysis and correction in Docker environment
Covert tunneling analysis
Scapy TCP client vs Web Application Firewall
JavaScript mini challenge (first step to Browser automation)
Template Text parser(Python TTP) for Network Security
–––––––––––––––––––––––
ARP traffic investigation
+ Datalink layer

Routing/ packet filtering challenge
+Network layer

HTTPS decryption/ interception
+ Trans-App layer

Web Application Firewall
+ Wrap up practice

VPN fundamentals (ssh tunneling/split-tunneling)
+  Trans-App layer

Logs and security device config files analysis
+  Python ttp and Jinja2 : convert semi-structured data to 2 dimensional dataset
–––––––––––––––––––––––


how I made this course:

collected half-answered or unanswered network security-related questions from famous tech QA sites, security vendors' community sites and Github issues.
picked easy to intermediate ones
made complete answers to them (really time-consuming!)
arranged QAs so we can replicate the issues individually (insanely time-consuming!)

intended audience :

Software developers who usually don't handle NW security problems
Customer Success engineers who want to analyze NW security problems quickly in an isolated environment
NW engineers who are having a hard time understanding weird NGFW UTM /Sandbox alerts

what we're going to do:
Generate malicious traffic using popular tools and feed that traffic to pcap analysis tools to see how they analyze the traffic.
Play with Brim ( pcap analysis tool powered by Zeek and Suricata with SEIM-like searching interface).
learn practical network layering for troubleshooting
code Python scapy to analyze layer two attack
solve real-world routing/filtering issues in Docker environment
analyze typical covert tunneling methodologies

Who this course is for:
software developers who usually don’t handle NW security problems
Customer Success engineers who want to analyze NW security problems quickly in an isolated environment
NW engineers who are having a hard time to understand weird NGFW UTM /Sandbox alerts

More Info