Network Security Workshop Agenda

Time Schedule

Session 1	9:00 - 10:30
Break	10:30 - 11:00
Session 2	11:00 - 12:30
Lunch	12:30 - 14:00
Session 3	14:00 - 14:30
Break	14:30 - 16:00
Session 4	16:00 - 17:30

* The above schedule is in Bangladesh Standard Time (UTC+6) *

Workshop Survey
Group Photos

Trainers

FL	Name	Email	Organisation	Country
SR	Shamim Reza	CommunityTrainers(at)apnic(dot)net	APNIC Community Trainer	Bangladesh
SS	Suman Saha			Bangladesh
WF	Warren Finch	warren(at)apnic(dot)net	APNIC	Australia

Wednesday	Topic	Trainer	Presentations	Exercises	Other resources
Session 1	Agenda & Introductions Overview of Cybersecurity	SR	Agenda Information Security overview Security in Layers	Deconstructing a Cybersecurity Event Blue Team cheat sheets APT Groups and Operations AlienVault Mitre ATT&CK Internet Outage Detection and Analysis (IODA) https://ioda.inetintel.cc.gatech.edu/country/BD https://rex.apnic.net/overview?economy=BD https://dash.apnic.net/	osi.jpg Security of the Internet Network Security Trends 25% of Internet users vulnerable to infrastructure attack https://flipperzero.one https://darknetdiaries.com/episode/ Security text file https://www.google.com/alerts https://seclists.org/fulldisclosure/ The Incident Response Hierarchy of Needs Pyramid of Pain Pyramid of Pain by David Bianco Pyramid of Pain - Cisco Security Alignment
Session 2	Linux Lab	All	Linux Fundamentals	Linux Basics - Academy https://bellard.org/jslinux/ Lab Information Linux Lab VIM cheatsheet https://lab.redhat.com/tracks/unixisms https://lab.redhat.com/tracks/helpful-commands https://lab.redhat.com/tracks/using-file-permissions https://lab.redhat.com/tracks/managing-user-basics	Kernel History Linux Distro Tree Online Linux manual https://linuxupskillchallenge.org https://linuxcommand.org https://vim.rtorr.com Over the Wire Bandit0 https://explainshell.com/explain?cmd=ls+-lah Extra: Surviving the Command Line Learning VIM https://www.openvim.com https://vim-adventures.com
Session 3	Device and Infrastructure Security	WF	Security Fundamentals - Infrastructure and Device Security	Shodan Shodan CLI https://haveibeenpwned.com https://shodan.io https://github.com/CVEProject/cvelist https://www.senki.org/operators-security-toolkit/	Shodan Search - Devices in Dhaka Shodan Search - List by Organisation Shodan Search - Products https://github.com/jakejarvis/awesome-shodan-queries
Session 4	BGP Route Hijack & Leak Detection & Prevention	WF	Hijacks & Leaks	BGPalerter Lab https://demo.bgpartemis.org/login	https://github.com/nttgin/BGPalerter BGPalerter 1 minute tutorial Easy BGP Monitoring with BGPalerter https://bgpartemis.org Ripe blog about artemis https://github.com/ANSSI-FR/tabi http://caia.swin.edu.au/tools/bgp/brt/downloads.html
Thursday
Session 1	Cancelled
Session 2	Cancelled
Session 3	Distributed Denial of Service (DDoS) Attacks and Countermeausures	SR	DDoS	Install FastNetMon Configure FastNetMon https://fastnetmon.com/docs-fnm-advanced/fastnetmon-advanced-configuration-options/	YouTube - FastNetmon Part 1 YouTube - FastNetmon Part 2 https://asciinema.org/a/428813 YouTube - How BGP FlowSpec Swats Away DDoS Attacks YouTube - DDOS Mitigation Technologies https://blog.apnic.net/?s=ddos https://academy.apnic.net/en/webinar-courses/ddos-attack-prevention https://www.first.org/education/trainings#DDoS-Mitigation-Fundamentals Generating, Capturing and Analyzing DoS and DDoS-centric Network Traffic Youtube - Performing DDoS Attacks (Lab) Unwanted Traffic Removal Service (Team Cymru) TREX Open source Traffic Generator Firewall in RouterOS: Stopping a DDoS Attack
Session 4	Packet Analysis	SS	Packet Analysis	Lab pcaps TShark Lab WireShark Lab	RFC791 - IP RFC793 - TCP Telnet pcap SSH pcap HTTP pcap HTTPS pcap IPv6 pcap
Other - Homework	Intrusion Detection	SR	Overview of IDS - Snort	Snort lab SNORT Lab Answer Update SNORT and review rules Optional Use nmap to do Xmas tree scan Go Buster to discovery directories Bruteforce SSH	Snorpy Web based Rule Creator Snorpy - Snort rules intro and snort web creator Blog post about Snorpy MITRE - Xmas Scan Attack overview Video - Xmas Scan Attack CloudShark APNIC Academy
Friday
Session 1 & 2	Intrusion Detection Investigate Packet captures	SR	Overview of Suricata	Installation Use Suricata to Analyse Packet Captures	workshop.tar.gz https://suricata.io/documentation/ Packet Analysis Tutorial
Session 3	Honeypots 101	SS	Honeypots	Setup Cowrie	secret.docx QRcode URL Cowrie Github Repo APNIC HoneyNet Project https://dash.apnic.net
Session 4	Security Monitoring	SR WF		Security Monitoring and Analysis Lab	Wazuh Elasticsearch YouTube - Building a SOC
Other - Homework	Practical Packet Analysis		Practical Packet Analysis (supplementary to lab)	Practical Packet Analysis Lab	Wireshark Suricata
Saturday
Session 1 & 2	Log Management	WF SS	Overview of Log management	Bruteforce SSH and Syslog Detection Log Management Lab - Academy syslog-ng Lab rsyslog Lab Graylog Lab	Example log server demo SSH Brute-Force Attack Detection Model Windows Event monitoring Sysdig Loghub
Session 3 & 4	Flow monitoring	SR	Flow Monitoring	nfdump Lab - Academy nfdump Lab	https://demo.netflowanalyzer.com/ Orion Netflow Demo Netflow Intro to iperf AS-Stats example https://demo.akvorado.net Threat Hunting with Network Flow Cisco NetFlow Configuration
	Wrap Up				https://www.team-cymru.com/nimbus-threat-monitor https://rocknsm.io https://www.napatech.com

Additional Resources

	Topic	Resources
Other resources	IDS & SNORT	Snorpy Web based Rule Creator Snort 101 Snort 2 - Installation and Config Snort 2 - Introduction to Rule Writing Snort 3 - Introduction and overview MITRE - Xmas Scan Attack overview Video - Xmas Scan Attack CloudShark Putty https://github.com/OJ/gobuster
	WireShark	TCP dump summary TCP dump - 50 ways to isolate traffic Wireshark Detecting Network Attacks
	Youtube	Song - Call Offensive Security https://www.youtube.com/c/OISFSuricata https://www.youtube.com/results?search_query=suricata https://www.youtube.com/results?search_query=snort
Suricata	Online Documentation	https://suricata.readthedocs.io/en/suricata-6.0.3/ https://suricata.readthedocs.io/en/suricata-6.0.3/rule-management/adding-your-own-rules.html https://doc.emergingthreats.net/bin/view/Main/SidAllocation https://suricata.readthedocs.io/en/suricata-6.0.3/file-extraction/file-extraction.html https://suricata.io/webinars/
	Rulesets	Getting Started with Suricata-Update: Managing rule sets and sources An Introduction to Writing Suricata Rules https://suricata.readthedocs.io/en/suricata-6.0.3/rules/intro.html https://doc.emergingthreats.net/bin/view/Main/TorRules http://rules.emergingthreats.net/blockrules/emerging-tor.suricata.rules
	Suricata Sample data	https://github.com/FrankHassanabad/suricata-sample-data
Other Tools	Scirius	https://www.stamus-networks.com/scirius-open-source Hunting Threats That Use Encrypted Network Traffic with Suricata
	EveBox documentation	https://buildmedia.readthedocs.org/media/pdf/evebox/release/evebox.pdf Using EveBox
	Honeypots	https://github.com/Hackinfinity/Honey-Pots-
	Malware Analysis	Wireshark tutorial dridex infection traffic Example malware analysis Malware and where to find them Malware Traffic Analysis SANS Challenge SANS Ransomware Summit 16th Jun 2022 (free)
	RangeForce Community Edition	https://go.rangeforce.com/community-edition-registration
	Packet Analysis & Threat Intelligence	https://github.com/idaholab/Malcolm https://www.blackhillsinfosec.com/projects/rita/ https://arkime.com https://zeek.org
	Threat map	https://threatmap.checkpoint.com https://attack.mitre.org/docs/attack_roadmap_2020_october.pdf
	Network and Security trends	Trustwave Global trends Imperva DDoS attack trends 2019 Cisco Networking Trends Report 2020 Cisco Networking Trends Report 2021 European Union Agency for Cybersecurity (ENISA), Threats and Trends Enisa 2020 Threat Landscape World Economic Forum, Global Risks Red Canary 2021 Threat Detection Report - Threats Red Canary 2021 Threat Detection Report - Techniques https://unit42.paloaltonetworks.com/network-attack-trends
	Misc.	Dragon News Byte (Team Cymru) Cybersecurity Glossary of Terms Comptia Basic definitions Biggest Data Breaches Significant Cyber Incidents http://zone-h.org/archive Cybersecurity Reference Architecture Enisa Network Forensics Handbook https://www.exabeam.com/incident-response/csirt/ Cybersecurity Best Practices Guide For IIROC Dealer Members https://www.exploit-db.com https://www.zerodayinitiative.com/advisories/upcoming/ https://gtfoargs.github.io https://ostechnix.com/run-linux-operating-systems-browser/
	Network Simulation	https://netsim.erinn.io https://github.com/errorinn/netsim https://academy.apnic.net/en/virtual-labs/ https://www.eve-ng.net/ https://gns3.com/ Networking Lab Images From Arista, Cisco, nVidia
	Frameworks	https://www.mercuryit.co.nz/our-services/cyber-security-framework/ https://attack.mitre.org https://www.nist.gov/cyberframework https://cyberexperts.com/cybersecurity-frameworks/
	Mitigation	ASD mitigation strategies https://www.cisecurity.org/cis-benchmarks/ https://attack.mitre.org/mitigations/enterprise/
	Tutorials	https://academy.apnic.net https://academy.apnic.net/en/course/cybersecurity-fundamentals https://www.sans.org/cyberaces/ https://pentesterlab.com/exercises https://cyberdefenders.org/labs/?type=ctf https://go.rangeforce.com/community-edition-registration Using ATT&CK for threat intelligence
	DDoS	Preparing for and Responding to Denial-of-Service Attacks FastNetMon Installation https://github.com/topics/ddos-protection https://github.com/AltraMayor/gatekeeper https://www.thousandeyes.com/blog/how-github-successfully-mitigated-ddos-attack NANOG 66 - DDoS Attacks YouTube - NANOG 66 DDOS Attacks NANOG 72 - DDoS Fundamentals YouTube - Next Gen Blackholing to Counter DDoS YouTube - DDoS Defense in the Terabit Era NANOG list of DDoS Attack presentations
	Infographic	Defense in Depth FAN https://momentumcyber.com/docs/CYBERscape.pdf CyberSecurity Maturity Model (CSMM) InfoSec Colour Wheel Parkerian Hexad Unified Kill Chain