WEEK 4
Network Intrusion Analysis
Traffic Analysis, IDS/IPS Alerts & Forensic Artifacts
Topics
Labs
Complete
Intrusion Detection
Categorize Intrusion Events
Kill chain stages, MITRE ATT&CK tactics, and SOC triage decision matrices.
TOPIC 4.1Source Technologies & Events
SIEM, event sources, Windows Event IDs, and log collection architecture.
TOPIC 4.2Compare Firewall Operations
Packet filtering, stateful inspection, application-layer firewalls, and IDS/IPS integration.
LINK → Shield
Traffic Analysis
Traffic Analysis Techniques
Flow analysis, DPI, behavioral patterns, JA3 fingerprinting, and beaconing detection.
TOPIC 4.4Extract Files from TCP Stream
File carving, magic bytes, HTTP object export, and PCAP evidence extraction.
TOPIC
Analysis Skills
Identify Intrusion Elements
IDS/IPS alert anatomy, SID research, triage workflow, and false positive analysis.
TOPIC 4.6Interpret Artifact Elements
Forensic artifacts, MAC times, Windows/Linux locations, and anti-forensics awareness.
TOPIC 4.7Basic Regular Expressions
Pattern matching, security-focused regex, log filtering, and live regex tester.
TOPIC
Hands-On Labs
Wireshark: UDP/DNS Analysis
Capture DNS traffic, identify tunneling indicators, and analyze UDP protocols.
30-45 min
Eye House
Wireshark: TCP/UDP Comparison
Analyze TCP handshake, sequence numbers, and protocol behavior differences.
30-45 min
Eye House
Wireshark: HTTP/HTTPS
Extract files from HTTP, analyze TLS handshakes, and detect web attacks.
45 min
Eye House
Packet Flow Visualization
Visualize packet encapsulation and routing decisions through network layers.
30 min
Web House
ACL Demonstration
Interactive ACL rule processing, wildcard masks, and placement decisions.
30 min
Web House
Week 4 Evaluation
Complete all topics and labs, then take the Week 4 assessment to test your network intrusion analysis skills.
Begin Evaluation