B1 IP Protocols

1)  IP protocols: IPv4 and IPv6, TCP, UDP and ICMP.

1.1) IPv4 and IPv6

5. The Internet Protocol (IP) | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)

1.2) TCP

12. TCP: The Transmission Control Protocol (Preliminaries) | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)

1.3) UDP

10. User Datagram Protocol (UDP) and IP Fragmentation | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)

1.4) 8. ICMPv4 and ICMPv6: Internet Control Message Protocol | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)


2) Detailed knowledge of application layer protocols commonly used by Trojan malware, namely TCP, UDP, HTTP[S], SMTP, and DNS.


3) In-depth understanding of how the Internet (web browser/server architecture) and email systems function.



4) Fundamental knowledge of at least the following protocols; IRC, DHCP, FTP, SMB, SNMP, ICMP.

4.1) IRC

What is IRC? (csun.edu)

Internet Relay Chat (IRC) protocol with Wireshark - Infosec Resources (infosecinstitute.com)

IRC (Internet Relay Chat) Protocol Activity to the Internet | SIEM Guide [7.8] | Elastic


4.2) DHCP 

6. System Configuration: DHCP and Autoconfiguration | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)


4.3)FTP


4.4) SMB


4.5) SNMP


4.6) ICMP.

8. ICMPv4 and ICMPv6: Internet Control Message Protocol | TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (oreilly.com)


Comments

Post a Comment

Popular posts from this blog

CREST Practitioner Intrusion Analyst: CPIA Exam Information

Image
  2. EXAMINATION DETAILS (CPIA)  2.1 Format The CREST Practitioner Intrusion Analyst examination is delivered at Pearson Vue Centres. Please visit www.pearsonvue.com and follow the on-screen instructions to schedule your chosen examination. Note the logistical requirements for exams conducted at a Pearson Vue centre are defined by Pearson Vue and candidates must ensure they adhere to all the necessary requirements as listed on their website. CREST candidates are not exempt from any of the standard requirements. The CPIA examination comprises one hundred and twenty (120) multiple choice questions, all of which the candidate must complete Details of the areas covered can be found in the Syllabus document.  2.2 Timings The examination lasts 2 hours. Note that the permitted maximum session time at Pearson Vue is 2.5 hours in total, allowing time to read the Code of Conduct and also to provide feedback following the examination.  2.3 Open Book/Closed Book The ex...
Read more

A1 Engagement Lifecycle Management

1) Benefits and utility of incident response to the client. 2) Awareness of steps that can be taken to prepare for potential incidents. 3) Structure of incident response engagements, including the relevant processes and procedures. 4) Knowledge of appropriate actions that should be taken when investigating an incident. Understanding that some actions should be avoided due to risk of evidence corruption. 5) Know how to safely handle malware and potentially malicious files encountered during an engagement. 6) Understanding limitations of system logs.
Read more