After taking a 2-week break from studying after earning my CySA+ it’s time to get back on track learning some really exciting stuff. Last night I spent multiple hours going the Network Traffic & Flow Analysis section of this certification I am pursuing. This section covered how to detect and analyze all types of traffic using packet capture software ( wire shark ) not only providing me with useful slide information but making me VNP into a network to detect these attacks in the rawest form, packet captures.
One of the most interesting sections I found was the IPv6 Analysis section. Discussing and giving me hands-on with detection of IPv6 Fragmentation/tunneling attacks along with an abundance of other IPv6 shortcomings. Alongside this IPv6 section, all the other sections regarding analysis for TCP/UDP/ICMP/SMB/HTTP(S)/SMTP/DNS were very information due to how deep the information was showing me that I can’t let the IDS/IPS tools do all the automation work.
Looking at my learning outline today will be spent focusing on VPN labs learning/using Network Flow Analysis toolkits like YAF, SiLK, flow viewer, and Open source intrusion detection programs like Suricata, Bro, Snort.
I’m excited about this certification course and for the next 2 sections preparing/defecting and SOC operation/analytics.