Jessey Bullock, Jan Kadijk

Wireshark for Security Professionals

Using Wireshark and the Metasploit Framework

• Broschiertes Buch

Produktbeschreibung

Leverage Wireshark, Lua and Metasploit to solve any security challenge

Wireshark is arguably one of the most versatile networking tools available, allowing microscopic examination of almost any kind of network activity. This book is designed to help you quickly navigate and leverage Wireshark effectively, with a primer for exploring the Wireshark Lua API as well as an introduction to the Metasploit Framework.

Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to any Infosec position, providing detailed, advanced content demonstrating the full potential of the Wireshark tool. Coverage includes the Wireshark Lua API, Networking and Metasploit fundamentals, plus important foundational security concepts explained in a practical manner. You are guided through full usage of Wireshark, from installation to everyday use, including how to surreptitiously capture packets using advanced MiTM techniques. Practical demonstrations integrate Metasploit and Wireshark demonstrating how these tools can be used together, with detailed explanations and cases that illustrate the concepts at work. These concepts can be equally useful if you are performing offensive reverse engineering or performing incident response and network forensics. Lua source code is provided, and you can download virtual lab environments as well as PCAPs allowing them to follow along and gain hands on experience. The final chapter includes a practical case study that expands upon the topics presented to provide a cohesive example of how to leverage Wireshark in a real world scenario.
* Understand the basics of Wireshark and Metasploit within the security space
* Integrate Lua scripting to extend Wireshark and perform packet analysis
* Learn the technical details behind common network exploitation
* Packet analysis in the context of both offensive and defensive security research

Wireshark is the standard network analysis tool used across many industries due to its powerful feature set and support for numerous protocols. When used effectively, it becomes an invaluable tool for any security professional, however the learning curve can be steep. Climb the curve more quickly with the expert insight and comprehensive coverage in Wireshark for Security Professionals.

Produktdetails

• Verlag: Wiley & Sons
• Artikelnr. des Verlages: 1W118918210
• 1. Auflage
• Seitenzahl: 288
• Erscheinungstermin: 20. März 2017
• Englisch
• Abmessung: 235mm x 191mm x 16mm
• Gewicht: 546g
• ISBN-13: 9781118918210
• ISBN-10: 1118918215
• Artikelnr.: 41315769

Autorenporträt

JESSEY BULLOCK is a Senior Application Security Engineer with a game company. Having previously worked at both NGS and iSEC Partners as a consultant, he has a deep understanding of application security and development, operating systems internals, and networking protocols. Jessey has experience working across multiple industry sectors, including health care, education, and security. Jessey holds multiple security certifications, including CISSP, CCNA, CWNA, GCFE, CompTIA Security+, CompTIA A+, OSCP, GPEN, CEH, and GXPN. JEFF T. PARKER is a seasoned IT security consultant with a career spanning 3 countries and as many Fortune 1OO companies. Now in Halifax, Canada, Jeff enjoys life most with his two young children, hacking professionally while they're in school.

Inhaltsangabe

Introduction xiii Chapter 1 Introducing Wireshark 1 What Is Wireshark? 2 A
Best Time to Use Wireshark? 2 Avoiding Being Overwhelmed 3 The Wireshark
User Interface 3 Packet List Pane 5 Packet Details Pane 6 Packet Bytes Pane
8 Filters 9 Capture Filters 9 Display Filters 13 Summary 17 Exercises 18
Chapter 2 Setting Up the Lab 19 Kali Linux 20 Virtualization 22 Basic
Terminology and Concepts 23 Benefi ts of Virtualization 23 VirtualBox 24
Installing VirtualBox 24 Installing the VirtualBox Extension Pack 31
Creating a Kali Linux Virtual Machine 33 Installing Kali Linux 40 The W4SP
Lab 46 Requirements 46 A Few Words about Docker 47 What Is GitHub? 48
Creating the Lab User 49 Installing the W4SP Lab on the Kali Virtual
Machine 50 Setting Up the W4SP Lab 53 The Lab Network 54 Summary 55
Exercises 56 Chapter 3 The Fundamentals 57 Networking 58 OSI Layers 58
Networking between Virtual Machines 61 Security 63 The Security Triad 63
Intrusion Detection and Prevention Systems 63 False Positives and False
Negatives 64 Malware 64 Spoofi ng and Poisoning 66 Packet and Protocol
Analysis 66 A Protocol Analysis Story 67 Ports and Protocols 71 Summary 73
Exercises 74 Chapter 4 Capturing Packets 75 Sniffi ng 76 Promiscuous Mode
76 Starting the First Capture 78 TShark 82 Dealing with the Network 86
Local Machine 87 Sniffi ng Localhost 88 Sniffi ng on Virtual Machine
Interfaces 92 Sniffi ng with Hubs 96 SPAN Ports 98 Network Taps 101
Transparent Linux Bridges 103 Wireless Networks 105 Loading and Saving
Capture Files 108 File Formats 108 Ring Buffers and Multiple Files 111
Recent Capture Files 116 Dissectors 118 W4SP Lab: Managing Nonstandard HTTP
Traffi c 118 Filtering SMB Filenames 120 Packet Colorization 123 Viewing
Someone Else's Captures 126 Summary 127 Exercises 128 Chapter 5 Diagnosing
Attacks 129 Attack Type: Man-in-the-Middle 130 Why MitM Attacks Are
Effective 130 How MitM Attacks Get Done: ARP 131 W4SP Lab: Performing an
ARP MitM Attack 133 W4SP Lab: Performing a DNS MitM Attack 141 How to
Prevent MitM Attacks 147 Attack Type: Denial of Service 148 Why DoS Attacks
Are Effective 149 How DoS Attacks Get Done 150 How to Prevent DoS Attacks
155 Attack Type: Advanced Persistent Threat 156 Why APT Attacks Are
Effective 156 How APT Attacks Get Done 157 Example APT Traffi c in
Wireshark 157 How to Prevent APT Attacks 161 Summary 162 Exercises 162
Chapter 6 Off ensive Wireshark 163 Attack Methodology 163 Reconnaissance
Using Wireshark 165 Evading IPS/IDS 168 Session Splicing and Fragmentation
168 Playing to the Host, Not the IDS 169 Covering Tracks and Placing
Backdoors 169 Exploitation 170 Setting Up the W4SP Lab with Metasploitable
171 Launching Metasploit Console 171 VSFTP Exploit 172 Debugging with
Wireshark 173 Shell in Wireshark 175 TCP Stream Showing a Bind Shell 176
TCP Stream Showing a Reverse Shell 183 Starting ELK 188 Remote Capture over
SSH 190 Summary 191 Exercises 192 Chapter 7 Decrypting TLS, Capturing USB,
Keyloggers, and Network Graphing 193 Decrypting SSL/TLS 193 Decrypting
SSL/TLS Using Private Keys 195 Decrypting SSL/TLS Using Session Keys 199
USB and Wireshark 202 Capturing USB Traffi c on Linux 203 Capturing USB
Traffi c on Windows 206 TShark Keylogger 208 Graphing the Network 212 Lua
with Graphviz Library 213 Summary 218 Exercises 219 Chapter 8 Scripting
with Lua 221 Why Lua? 222 Scripting Basics 223 Variables 225 Functions and
Blocks 226 Loops 228 Conditionals 230 Setup 230 Checking for Lua Support
231 Lua Initialization 232 Windows Setup 233 Linux Setup 233 Tools 234
Hello World with TShark 236 Counting Packets Script 237 ARP Cache Script
241 Creating Dissectors for Wireshark 244 Dissector Types 245 Why a
Dissector Is Needed 245 Experiment 253 Extending Wireshark 255 Packet
Direction Script 255 Marking Suspicious Script 257 Snooping SMB File
Transfers 260 Summary 262 Index 265