In this module, we discuss techniques for anonymizing and deanonymizing network traffic data. Anonymization is the process of removing information that can be used to identify a user and may be done as a post-processing effort, or by using systems that hide the user’s identity during normal operations. Anonymity has been a major concern in network security for the past thirty years, with an especially active interest in the last decade with the rise and fall of Napster and other peer-to-peer applications.

In this module, we will discuss and be introduced to various risks, threats, and attack vectors/surfaces for mobile platforms and devices. We will learn how DoS attacks on IEEE 802.11 protocols occur, gain a better understanding of WEP, WPA, and WPA2, and learn about the overall security issues surrounding mobile platforms. Students will discuss different pieces of legislation being considered to protect mobile application users & personal data privacy laws. Mobile application & cloud-based scanning tools, as well as OWASP mobile and application program interface vulnerabilities will be studied.

In this module, we will discuss the use of DNS, one of the Internet’s most important protocols. DNS is the protocol that translates domain names into IP addresses, but more importantly in the modern internet, it is used to hide the multiplexing and geolocation mechanisms that are used to enhance internet performance. Due to its centrality to network traffic, DNS is one of the most hacked and modified protocols in active use, and the way that it is used both by legitimate and illegitimate uses is critical for understanding modern Internet security.

This module covers the evolution of the HTTP protocol and clarifies the distinctions between HTTP, HTML, and the web. It includes an overview of common log formats such as CLF and ELF, and practical configuration of Apache and IIS for log file generation. Students will delve into log collection and analysis tools, particularly Splunk, and learn about iframe exploitation, sandbox countermeasures against clickjacking, and frame-busting techniques along with HTTP headers rulesets.

This module explores the journey of digital messages from origin to destination, highlighting the functions of DNS, SMTP, and POP/IMAP. It covers the role of priority in DNS MX records, how spammers exploit SMTP, and the use of Network Time Protocol (NTP). Students will also delve into various filtering techniques and data analysis tools.

This module covers the fundamentals of TCP state transitions, including predicting state changes based on incoming packets. Students will explore the TCP sequence numbering mechanism, the role of MTU, Ethernet, and lower-level protocols, and understand TCP addressing and session concepts. The course includes practical experience capturing sessions with TCPDump, distinguishing between promiscuous and normal modes, and analyzing traffic using TCPDump or Wireshark. Additionally, students will study common TCP attacks such as sequence number spoofing, Christmas tree packets, and TCP scanning.