While so much of a security assessor's work involves examining systems and applications, you can also learn a lot about an organization by observing their network traffic. Wireshark was designed with that exact purpose in mind. Learn where to access this tool, how to get it up and running, and how to determine when to use DisplayFilters versus CaptureFilters.
Resume Transcript Auto-Scroll
Author
Jerod Brennen
Released
2/8/2019
To provide your organization with confidence, you need to perform testing to prove it's secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to have an understanding of the many different types of security testing and know when and how to implement them. This course provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Instructor Jerod Brennen also helps you analyze test results and draft a report of your findings. Plus, see popular testing frameworks tools in action, include Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
Topics include:
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
2h 48m
Duration
4,792
Views
Show More
Show Less
-
Introduction
-
What you should know1m 49s
-
1. Understanding Security Assessments
-
Language is important1m 58s
-
Risk assessments1m 54s
-
Calculating risk score2m 38s
-
NIST and ISO2m 57s
-
Compliance assessments2m 40s
-
Vulnerability assessments2m 41s
-
Penetration tests1m 58s
-
Goals of penetration tests1m 52s
-
-
2. Your Testing Environment
-
Kali Linux5m 20s
-
Nmap1m 21s
-
Nessus1m 4s
-
Wireshark2m 10s
-
Lynis4m 14s
-
CIS-CAT Lite1m 41s
-
Aircrack-ng2m 26s
-
Hashcat1m 9s
-
OWASP ZAP2m 9s
-
OWASP ZAP demo3m 8s
-
3. Planning Your Assessment
-
Understanding your scope1m 37s
-
Vulnerability testing3m 12s
-
Basic assessment tools2m 19s
-
Advanced assessment tools1m 46s
-
-
4. Review Techniques
-
Documentation review4m 55s
-
Logging and monitoring1m 36s
-
Log management tools3m 4s
-
Ruleset review3m 23s
-
System configuration review2m 24s
-
CIS-CAT demo3m 33s
-
Network sniffing2m 27s
-
Wireshark demo2m 40s
-
File integrity checking4m 2s
-
-
5. Identifying Your Targets
-
Network discovery2m 29s
-
Open-source intelligence3m 5s
-
Nmap demo4m 16s
-
Vulnerability scanning2m 23s
-
Determining severity1m 49s
-
Nessus demo3m 1s
-
Wireless scanning2m 37s
-
Wireless testing process1m 41s
-
Aircrack demo6m 18s
-
-
6. Vulnerability Validation
-
Password cracking3m 38s
-
Hashcat demo4m 27s
-
Penetration test planning2m 58s
-
Penetration test tools3m 13s
-
Penetration test techniques1m 43s
-
Social engineering3m 49s
-
SET demo4m 19s
-
-
7. Additional Considerations
-
Data analysis3m 30s
-
Providing context1m 42s
-
Data handling3m 44s
-
Drafting your report1m 44s
-
Delivering your report2m 40s
-
Conclusion
-
Next steps3m 39s
-
Show MoreShow Less
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Wireshark