Identifying Malicious Network Connections
When investigating a cybersecurity incident it's important to take memory snapshots of affected systems for further analysis. Students will conduct analysis and look for malicious network connections, processes, and other artifacts.
Identifying Malicious Network Connections is a Cybrscore interactive lab intended for students of Beginner/Intermediate level. Cybrscore's Identifying Malicious Network Connections lab teaches basic forensics procedures, how to identify malicious connections and detection of indicators of compromise and is targeted toward SOC Analysts. Upon successful completion of Cybrscore's Identifying Malicious Network Connections, the student will be able to use forensics tools, differentiate malicious connections from legitimate ones, and identify IOC (Indicators of Compromise). Identifying Malicious Network Connections takes 30 minutes to 1 hour to complete.
In Cybrscore’s Identifying Malicious Network Connections, students will learn about forensics, which, in this lab, involves the analysis of a snapshot of a virtual environment that is suspected to be compromised. Forensics is a vast and deep specialization and in this lab students will understand the importance of forensics procedures and the policies involved, such as chain of custody, proper documentation and protecting the integrity of files and snapshots. The understanding of forensics is a fundamental skill, since it is used to collect evidence, it could be used for compliance of some information security standards such as PCI-DSS or HIPAA, and is even used for legal processes that might derive from an attack. Basic forensics is a key part to become a SOC Analyst, and builds to the detection of suspicious activity.
In Cybrscore’s Identifying Malicious Network Connections, students will learn to identify malicious network connections, which is the ability to recognize non typical behavior of network activity. Understanding the importance of having a baseline of the common behavior of a network will create the ability to notice Network activity that deviates from this baseline, and deciding which incidents require more in depth investigation, which ones are false positives and will help to detect false negatives. Identifying malicious network connections is a key part of a SOC Analyst, and builds towards Incident Response skills.
In Cybrscore’s Identifying Malicious Network Connections, students will learn about the detection of indicators of compromise, which involves the identification of networks, Operating systems or end points that provide evidence that a security breach has been exploited. Typical Indicators of Compromise are virus signatures, connections to IP addresses, hashes or URLs. Detecting Indicators of compromise is a key part of a SOC Analyst, and builds to Incident Response and Forensics Skills.
Completion of Cybrscore’s Identifying Malicious Network Connections means that the student has learned basic forensics, how to identify malicious network connections, and how to detect indicators of compromise.