SIT Learn

SITizens Learning Credits

Overview

This course is in collaboration with NECAsia Pacific and LAC.

In recent years, many network forensics techniques and processes have been developed in the cyber security world to investigate the ever-increasing number of security threats. Network forensics techniques allow the finding and tracking of internal and external network attacks and suspicious situations by focusing on inherent network vulnerabilities and communication protocols. Network forensics experts need to be capable of capturing, recording, and analysing network events in order to discover indications of/sources of security attacks through network communications analysis.

This four-day training course offers skills and techniques for future forensic investigator or analyst in a Security Operations Centre (SOC). Participants can equip themselves with a wide range of skills starting from basic skills of log and packet analysis, methods to identify attacks, methods to identify malware traces and basic techniques of correlational analysis.

Participants can then adopt these skills and techniques to use on daily security operations. This can help to identify cybersecurity threats more effectively and more accurately than before.

Teaching Team

What You’ll Learn

This course is based on field knowledge by NEC APAC/LAC who run SOC and offer incident response and VA/PT services. In this Network Forensic course, the major base of skills and technique come from real field experience of SOC.

Basic knowledge for analysis
Participants will learn how to analyse packets and find the original sources of packets in a communication network or in special proxy network environment and understand cipher and character encoding.

Attack packet analysis
Participants will learn the known common attack methods and techniques against Networks, Operating Systems (OS), Middleware and Web Applications. Techniques such as SQL injection and Password cracking are covered too. Participants will learn the differences in logs between normal access and unauthorized accesses to make reasonable judgement calls whether the suspicious activities are false positives or otherwise.

Malware analysis
Participants will acquire knowledge of surface and dynamic analysis methods and acquire the skills to conduct a quick malware analysis to detect common malware e.g., Worm, Ransomware, Banking Malware and RAT etc. For hands-on exercise, participants execute real malware in the lab and analyse them from which they will achieve a deeper understanding of the techniques learnt. They can then apply these knowledge and techniques back at their work place.

System log analysis
Participants will learn techniques to find traces of attacks and intrusions in the logs of products other than security devices, such as proxy servers, web servers, Windows, and DNS servers.

Deep Analysis (basic)
Participants will learn the key points and practical examples of detecting threats based on correlation. Furthermore, participants will learn to analyse a large amount of packet data efficiently and extract unauthorized transactions when an incident occurs.

Who Should Attend

• Those who aspire to be forensic investigator
• Those who aspire to be an analyst in a Security Operation Centre (SOC)

Prerequisites

Working knowledge for TCP/IP, Windows OS, Linux and security devices.
Knowledge of current threats and trends present in the Information Security and Technology field.

SITizens Learning Credits (SLC) - Eligible Course

This course is SITizens Learning Credits (SLC) eligible. Please refer to the user guide how to register for courses utilising your SLC.

Find out more about SITizens Learning Credits (SLC).

Certificate and Assessment

A Certificate of Participation will be issued to participants who:

Attend at least 75% of the course
Undertake non-credit bearing assessment during the course

Frequently Asked Questions

What is hands-on training system?
Hands-on training system is the exercise lab for participants to conduct exercises. This system is comprised of attacker server, victim server (Linux and Windows) and client terminal (windows) and necessary tools for attack, analysis, investigation, and protection e.g., Metasploit, Wireshark, Process monitor, firewall and Suricata IDS are preinstalled.

What can I learn by using hands-on training system?
Participants can learn how to do analysis and protect from attack in the hands-on training system. For an example, in one of exercise, participants will execute real malware e.g., credential stealer Pony and analyse its behaviour which leads participants to think about protection.

How do I access to hands-on training system?
RDP is required to access to hands-on training system.

Will I share the hands-on training system with other?
No. one set of hands-on training system is allocated individually.

What is prerequisite of this course?
Basic knowledge for TCP/IP, windows OS, Linux and security devices. Knowledge of current threats and trends present in the Information Security and Technology field. We expect at least three years’ experience.

Is this course online or onsite?
It is online course. We use online conference tool, LMS (learning management system) and hands-on training system on cloud.

Does this course have an exam?
Yes. We have online quiz (multiple choice type) in each topic.

Schedule

Day 1: 14 Apr 2022

Welcome and Registration
Introduction
Basic knowledge for analysis - Knowledge Regarding Packet Analysis and Exercise with Wireshark
Tea Break
Basic knowledge for analysis - Knowledge Regarding Packet Analysis and Exercise with tcpdump and TCPSlice
Lunch
Basic knowledge for analysis - Knowledge for Analyzing Sources
Tea Break
Basic knowledge for analysis - Knowledge Regarding Special Network Environments
Basic knowledge for analysis - Knowledge Regarding Cipher
End of Day

Day 2: 15 Apr 2022

Welcome and Registration
Basic knowledge for analysis - Knowledge Regarding Character Encoding
Attack packet analysis - Knowledge Regarding Packet Analysis
Tea Break
Attack packet analysis - Knowledge Regarding Packet Analysis Exercise (Port scanning, Heartbleed, SQL Injection)
Lunch
Attack packet analysis - Knowledge for Identifying Attacks Exercise (XSS, Password cracking, OS command Injection)
Tea Break
Attack packet analysis - Knowledge for Identifying Attacks Exercise (Path Traversal, Shellshock)
Extra Lab Time
End of Day

Day 3: 21 Apr 2022

Welcome and Registration
Malware analysis - Knowledge Regarding Representative Malware Communication
Tea Break
Malware analysis - Knowledge Regarding Representative Malware Communication and Exercise (Banking Malware, RAT)
Lunch
Malware analysis - Knowledge Regarding Representative Malware Communication and Exercise (Credential Stealer, Packet Forwarding)
Tea Break
Malware analysis - Knowledge Regarding Representative Malware Communication and Exercise (Worm)
Extra Lab Time
End of Day

Day 4: 22 Apr 2022

Welcome and Registration
System log analysis - Knowledge for Analyzing the Logs of Non-security Products and Exercise (Proxy log, Web server log)
Tea Break
Deep Analysis (basic) - Knowledge for Identifying Correlation Between Logs
Lunch
Deep Analysis (basic) - Knowledge for Performing Deep Inspections
Tea Break
Deep Analysis (basic) - Knowledge for Performing Deep Inspections and Exercise (large volume of packet)
Extra Lab Time
Closing and Feedback
End of Day

Fees

Category	Full Fee	After SF Funding
Singapore Citizen (Below 40) / Singapore PR	$~~3,852.00~~	$1,155.60
Singapore Citizen (40 & above)	$~~3,852.00~~	$435.60
Non-Singaporeans	$3,852.00	Not Eligible

Note:

All figures include GST. GST applies to individuals and Singapore-registered companies.
You can opt for either SkillsFuture Funding or Mid-Career Enhanced Subsidy. Both cannot be combined.

» Learn more about funding types available

Terms & Conditions:

SkillsFuture Funding

To be eligible for the 70% training grant awarded, applicants (and/or their sponsoring organisations where applicable) must:

Be a Singaporean Citizen or Singapore Permanent Resident
Not receive any other funding from government sources in respect of the actual grant disbursed for the programme

SkillsFuture Mid-Career Enhanced Subsidy

To be eligible for the 90% enhanced subsidy awarded, applicants (and/or their sponsoring organisations where applicable) must:

Be a Singaporean Citizen
Be at least 40 years old
Not receive any other funding from government sources in respect of the actual grant disbursed for the programme

SIT reserves the right to collect the balance of the programme fees (i.e. the potential grant amount) directly from the applicants (and/or their sponsoring organisations where applicable) should the above requirements not be fulfilled.

SIT reserves the right to make changes to published course information, including dates, times, venues, fees and instructors without prior notice.