Network Security and Intro to Threat Hunting with Wireshark

This hands-on course provides a practical introduction to network security analysis and entry-level threat hunting using Wireshark. Participants will explore how network traffic can be used to identify suspicious activity, investigate security incidents, and understand attacker behavior within enterprise environments.

The training covers protocol inspection and encrypted traffic analysis. Participants will work with realistic traffic captures to examine TLS communications, decrypt TLS network sessions, and identify indicators of compromise within complex network activity.

The course also introduces common attack and reconnaissance techniques observable at the network layer, including network scans, command-and-control (C2) communication, suspicious outbound connections, malware-related traffic patterns, and lateral movement activity. Realistic investigation scenarios are used throughout the course to demonstrate how defenders can detect and analyze malicious behavior using network telemetry.

Special emphasis is placed on practical Wireshark usage, efficient traffic filtering, protocol analysis, and investigative workflows commonly used in defensive cybersecurity operations.

• Introduction to Network Security and Threat Hunting
• Packet Filtering and Protocol Analysis
• HTTPS and TLS traffic inspection and decryption
• Detecting Network Scans and Suspicious Activity
• Identifying Malware and Command-and-Control (C2) Traffic
• Indicators of Compromise (IOCs) and Threat Detection
• Investigating Suspicious Connections and Network Behavior
• Practical Threat Hunting and Traffic Analysis Exercises

After completing this course, participants will be able to:

• Use Wireshark to capture, filter, and analyze network traffic

• Identify suspicious network behavior and indicators of compromise (IOCs)

• Detect network scans, malware-related traffic, and command-and-control (C2) activity

• Analyze HTTPS, and TLS communication patterns

• Apply basic threat hunting and incident investigation techniques

• Perform practical network-based security investigations in enterprise environments

This instructor-led training combines technical theory with extensive hands-on exercises and practical traffic analysis scenarios. Participants will work directly with Wireshark to analyze packet captures, investigate suspicious network activity, and apply threat hunting techniques in realistic enterprise-style environments.

The course includes guided demonstrations, interactive discussions, and practical labs focused on network analysis, malware-related traffic, command-and-control (C2) communication, and incident investigation workflows. Emphasis is placed on developing practical analytical skills that can be directly applied in real-world IT and cybersecurity environments.