Semester 1 2022 has snuck up on me again. This semester as part of the UNSW and ADFA run Master of Cyber Security degree, I’m taking the blue team core unit ZEIT8026 Cyber Defence - Network Security Operations (SecOps) lectured by Dr Waqas Haider and Dr Nour Moustafa. Unlike its sister red team unit ZEIT8020 Cyber Offense - Cyber Network Operations (CNO) which I took in 2018, ZEIT8026 aims to lay the foundational knowledge of cyber defence operations: ...
An evolving list of resources around packet analysis tips and tricks. Terminology Cheat sheets Anatomy of a Packet OSI Model Layers Link Layer Ether Type Fields Network layer Transport layer Tools Wireshark (and tshark) tcpdump Useful switches Examples Real world use-cases netsniff-ng Analysis Terminology SOC, or Security Operations Center, is a central location composed of leading edge tools, technology and peeps (intel gatherers, analysts) that deals with security issues at an organisational and technical level. IDS, or Intrusion Detection System, is a device that monitors network traffic for threats to the environment, proactively alert the SOC analyst of potential problems. IPS, or an Intrusion Prevention System, is more sits inline, and can take active or passive mitigation actions. SIEM, or Security Information and Event Management, is all about the collection and aggregation of alerts and logs for event tracking, retention and correlation from multiple hosts. Cheat sheets SANS TCP/IP and tcpdump Pocket Reference Guide RFC 790 Assigned Internet Protocol Numbers RFC 791 Internet Protocol Anatomy of a Packet OSI Model Layers 7: application: HTTP, FTP, DNS 6: presentation: SSL, JPEG 5: session: SQL, SCP, NetBIOS, SOAP 4: transport: TCP, UDP 3: network: IPv4, IPv6, ICMP 2: data-link: PPP, ARP, CDP 1: physical: Ethernet, Bluetooth Layers 2-4 will be of primary interest. ...