Network Security Workshop Agenda

Time Schedule

Session 1 9:00 - 10:30
Break 10:30 - 11:00
Session 2 11:00 - 12:30
Lunch 12:30 - 14:00
Session 3 14:00 - 14:30
Break 14:30 - 16:00
Session 4 16:00 - 17:30

* The above schedule is in Bangladesh Standard Time (UTC+6) *

Workshop Survey
Group Photos


FL Name Email Organisation Country
SR Shamim Reza CommunityTrainers(at)apnic(dot)net APNIC Community Trainer Bangladesh
SS Suman Saha Bangladesh
WF Warren Finch warren(at)apnic(dot)net APNIC Australia
Wednesday Topic Trainer Presentations Exercises Other resources
Session 1 Agenda & Introductions
Overview of Cybersecurity
SR Agenda
Information Security overview
Security in Layers
Deconstructing a Cybersecurity Event
Blue Team cheat sheets
APT Groups and Operations
Mitre ATT&CK
Internet Outage Detection and Analysis (IODA)
Security of the Internet
Network Security Trends
25% of Internet users vulnerable to infrastructure attack
Security text file
The Incident Response Hierarchy of Needs
Pyramid of Pain
Pyramid of Pain by David Bianco
Pyramid of Pain - Cisco Security Alignment
Session 2 Linux Lab All Linux Fundamentals Linux Basics - Academy
Lab Information
Linux Lab
VIM cheatsheet
Kernel History
Linux Distro Tree
Online Linux manual
Over the Wire Bandit0
Extra: Surviving the Command Line
Learning VIM
Session 3 Device and Infrastructure Security WF Security Fundamentals - Infrastructure and Device Security Shodan
Shodan CLI
Shodan Search - Devices in Dhaka
Shodan Search - List by Organisation
Shodan Search - Products
Session 4 BGP Route Hijack & Leak
Detection & Prevention
WF Hijacks & Leaks BGPalerter Lab
BGPalerter 1 minute tutorial
Easy BGP Monitoring with BGPalerter
Ripe blog about artemis
Session 1 Cancelled
Session 2 Cancelled
Session 3 Distributed Denial of Service (DDoS)
Attacks and Countermeausures
SR DDoS Install FastNetMon
Configure FastNetMon
YouTube - FastNetmon Part 1
YouTube - FastNetmon Part 2
YouTube - How BGP FlowSpec Swats Away DDoS Attacks
YouTube - DDOS Mitigation Technologies
Generating, Capturing and Analyzing DoS
and DDoS-centric Network Traffic
Youtube - Performing DDoS Attacks (Lab)
Unwanted Traffic Removal Service (Team Cymru)
TREX Open source Traffic Generator
Firewall in RouterOS: Stopping a DDoS Attack
Session 4 Packet Analysis SS Packet Analysis Lab pcaps
TShark Lab
WireShark Lab
RFC791 - IP
RFC793 - TCP
Telnet pcap
SSH pcap
HTTP pcap
HTTPS pcap
IPv6 pcap
Other - Homework Intrusion Detection SR Overview of IDS - Snort Snort lab
SNORT Lab Answer
Update SNORT and review rules
Use nmap to do Xmas tree scan
Go Buster to discovery directories
Bruteforce SSH
Snorpy Web based Rule Creator
Snorpy - Snort rules intro and snort web creator
Blog post about Snorpy
MITRE - Xmas Scan Attack overview
Video - Xmas Scan Attack
APNIC Academy
Session 1 & 2 Intrusion Detection
Investigate Packet captures
SR Overview of Suricata Installation
Use Suricata to Analyse Packet Captures
Packet Analysis Tutorial
Session 3 Honeypots 101 SS Honeypots Setup Cowrie secret.docx
QRcode URL
Cowrie Github Repo
APNIC HoneyNet Project
Session 4 Security Monitoring SR
Security Monitoring and Analysis Lab *Wazuh
YouTube - Building a SOC
Other - Homework Practical Packet Analysis Practical Packet Analysis (supplementary to lab) Practical Packet Analysis Lab *Wireshark
Session 1 & 2 Log Management WF
Overview of Log management Bruteforce SSH and Syslog Detection
Log Management Lab - Academy
syslog-ng Lab
rsyslog Lab
Graylog Lab
Example log server demo
SSH Brute-Force Attack Detection Model
Windows Event monitoring
Session 3 & 4 Flow monitoring SR Flow Monitoring nfdump Lab - Academy
nfdump Lab
Orion Netflow Demo
Intro to iperf
AS-Stats example
Threat Hunting with Network Flow
Cisco NetFlow Configuration
Wrap Up

Additional Resources

Topic Resources
Other resources IDS & SNORT Snorpy Web based Rule Creator
Snort 101
Snort 2 - Installation and Config
Snort 2 - Introduction to Rule Writing
Snort 3 - Introduction and overview
MITRE - Xmas Scan Attack overview
Video - Xmas Scan Attack
WireShark TCP dump summary
TCP dump - 50 ways to isolate traffic
Detecting Network Attacks
Youtube Song - Call Offensive Security
Suricata Online Documentation
Rulesets Getting Started with Suricata-Update: Managing rule sets and sources
An Introduction to Writing Suricata Rules
Suricata Sample data
Other ToolsScirius
Hunting Threats That Use Encrypted Network Traffic with Suricata
EveBox documentation
Using EveBox
Malware Analysis Wireshark tutorial dridex infection traffic
Example malware analysis
Malware and where to find them
Malware Traffic Analysis
SANS Challenge
SANS Ransomware Summit 16th Jun 2022 (free)
RangeForce Community Edition
Packet Analysis &
Threat Intelligence
Threat map
Network and Security trends Trustwave Global trends
Imperva DDoS attack trends 2019
Cisco Networking Trends Report 2020
Cisco Networking Trends Report 2021
European Union Agency for Cybersecurity (ENISA), Threats and Trends
Enisa 2020 Threat Landscape
World Economic Forum, Global Risks
Red Canary 2021 Threat Detection Report - Threats
Red Canary 2021 Threat Detection Report - Techniques
Misc. Dragon News Byte (Team Cymru)
Cybersecurity Glossary of Terms
Comptia Basic definitions
Biggest Data Breaches
Significant Cyber Incidents
Cybersecurity Reference Architecture
Enisa Network Forensics Handbook
Cybersecurity Best Practices Guide For IIROC Dealer Members
Network Simulation
Networking Lab Images From Arista, Cisco, nVidia
Mitigation ASD mitigation strategies
Using ATT&CK for threat intelligence
DDoS Preparing for and Responding to Denial-of-Service Attacks
FastNetMon Installation
NANOG 66 - DDoS Attacks
YouTube - NANOG 66 DDOS Attacks
NANOG 72 - DDoS Fundamentals
YouTube - Next Gen Blackholing to Counter DDoS
YouTube - DDoS Defense in the Terabit Era
NANOG list of DDoS Attack presentations
Infographic Defense in Depth FAN
CyberSecurity Maturity Model (CSMM)
InfoSec Colour Wheel
Parkerian Hexad
Unified Kill Chain
  • security-20230510/agenda.txt
  • Last modified: 2023/05/13 10:29
  • by warren