Skip to main content
chris_greer_def_con_training
chris_greer_def_con_training

Chris Greer - TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark $1,400 (Early $1,200)

$1,200.00

Name of Training:

Description:

We’re going to rip open pcaps with Wireshark and learn how this protocol really works.

Training description:

Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.

Trainer(s) bio:

Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.

Past content:

TCP Fundamentals (from Sharkfest – Approx 120 attendees): https://youtu.be/xdQ9sgpkrX8
TCP Congestion Control Explained- Advanced TCP Concepts:  https://youtu.be/LNeZZZ_oslI
Analyzing NMAP with Wireshark: https://youtu.be/RxoQTV74s1c

Trainer(s) social media links:

https://twitter.com/packetpioneer
https://www.youtube.com/c/ChrisGreer
https://www.linkedin.com/in/cgreer/

Outline:

Day 1: (Each topic has a hands-on lab)

Core Wireshark Concepts

The OSI Model and Protocol Headers
Capture Methods in a switched environment –Configuring a ring buffers with dumpcap

Configuring a Hacking Profile in Wireshark
Creating Custom Columns and Display filters

Core Protocols
ARP / IP / ICMP / DHCP / DNS Overview

TCP Analysis

Day 2:

TCP Analysis (continued)

The Handshake and Options
Sequence and Acknowledgement
SACK and Dup Acks

Resets and Fins – how connections are torn down

What Firewalls and IDS look for – War Stories

Analyzing Attack Traffic – Threat Hunting

Packets and the MITRE ATT&CK framework

Configuring GeoIP

Catching an NMAP scan – Stealth, Null, Xmas, and Connect

How OS Enumeration works and how to catch it

Analyzing Malware Behavior on the Wire – Trickbot, Emotet and more

Technical difficulty:

This is an intermediate course that will not leave the beginner behind. The labs are also designed so more experienced users will not get bored. There will be CTF-style questions to keep them busy.

Suggested Prerequisites:

On my YouTube channel I have a Wireshark Masterclass mini-course that goes over the basics of Wireshark. It has some sample pcaps that they can use to get some hands-on. That is all they will need for a prerequisite. Here is a link to the first (first of nine) video - https://youtu.be/OU-A2EmVrKQ

What students should bring:

Laptop with a recent copy of Wireshark from wireshark.org.

 

 

DATE: June 27th-28th 2024
TIME: 8am to 5pm
VENUE: Omni Shoreham Hotel 2500 Calvert St NW, Washington, DC 20008
TRAINER: Chris Greer

- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before May 15th, the processing fee is $250.

Trainings are non-refundable after May 22nd, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.