Options
Unusual Pass to share - NFA
FillAwful
Member Posts: 119 ■■■□□□□□□□
I took a certification course and test last week that my employer sent me to. It was one of the best training/certification experiences of my career so I thought I would share it with everyone.
First, the training center itself. This place was awesome. Great computer systems (Large Monitors, i5's, 16gb RAM loaded with Ubuntu). The best break room ever, with a fridge stocked with all the red-bull you could drink, coffee, all the snacks and refreshments free of charge. They ordered us lunch from somewhere different every day, Chipotle, Panera, Etc. Killer set up.
The course itself was called Network Forensic Analysis. The first two days consisted of a crash-course/refresh through ipv4 and the specifics of common protocol packet headers. TCP, UDP, Ethernet, Ipv4, DNS, SMTP, HTTP. This included examination of the hexadecimal packet.
The rest of the course was in-depth Wireshark analysis labs. We had a diagram of the network and were given sample captures to examine normal traffic one day, then malicious traffic on another day. The object was to take an unknown capture and examine it with appropriate filters based on known normal protocol behavior. The course focused on HTTP Tunnels, DNS Tunnels, SMTP Tunnels, Web password brute force, XSS, SQL injection. It was awesome. The final day focused on snort rules to block the aforementioned traffic
The test was a fully practical exam. We booted from a live usb and ran a script that generated 6 random captures from a bank of captures. We were to identify the type of malicious traffic, the source and destination ip's and the packet numbers involved. The second portion of the test involved un-commenting the appropriate snort rules for specific traffic from a list of rules.
The test was graded on a pass/fail basis, no score.
I passed and was extremely satisfied with the whole testing experience. I think this course was a great prequel to prepare me for some of the SANS courses I want to take, namely GCIA or NFA.
EDIT: Also was wondering how one might list this Cert on a resume seeing as it is not from a well known official vendor i.r. CompTIA, SANS, EC-Council? It is accepted as 50 CEU's by CompTIA.
First, the training center itself. This place was awesome. Great computer systems (Large Monitors, i5's, 16gb RAM loaded with Ubuntu). The best break room ever, with a fridge stocked with all the red-bull you could drink, coffee, all the snacks and refreshments free of charge. They ordered us lunch from somewhere different every day, Chipotle, Panera, Etc. Killer set up.
The course itself was called Network Forensic Analysis. The first two days consisted of a crash-course/refresh through ipv4 and the specifics of common protocol packet headers. TCP, UDP, Ethernet, Ipv4, DNS, SMTP, HTTP. This included examination of the hexadecimal packet.
The rest of the course was in-depth Wireshark analysis labs. We had a diagram of the network and were given sample captures to examine normal traffic one day, then malicious traffic on another day. The object was to take an unknown capture and examine it with appropriate filters based on known normal protocol behavior. The course focused on HTTP Tunnels, DNS Tunnels, SMTP Tunnels, Web password brute force, XSS, SQL injection. It was awesome. The final day focused on snort rules to block the aforementioned traffic
The test was a fully practical exam. We booted from a live usb and ran a script that generated 6 random captures from a bank of captures. We were to identify the type of malicious traffic, the source and destination ip's and the packet numbers involved. The second portion of the test involved un-commenting the appropriate snort rules for specific traffic from a list of rules.
The test was graded on a pass/fail basis, no score.
I passed and was extremely satisfied with the whole testing experience. I think this course was a great prequel to prepare me for some of the SANS courses I want to take, namely GCIA or NFA.
EDIT: Also was wondering how one might list this Cert on a resume seeing as it is not from a well known official vendor i.r. CompTIA, SANS, EC-Council? It is accepted as 50 CEU's by CompTIA.
Comments
-
Options
danny069
Member Posts: 1,025 ■■■■□□□□□□
Wow congrats! Seems like great training that will prepare you for almost any Security cert.I am a Jack of all trades, Master of None -
OptionsFillAwful
Member Posts: 119 ■■■□□□□□□□
Freewater Technologies. Started by a former Navy Seal.
http://freewatertech.com/training/#Freewater -
Options
Burnsie
Member Posts: 84 ■■□□□□□□□□
Bummer, I used to work just down the street from there. Would have loved to have a testing facility that close! Thanks for the info, seems like a good place.
B
