Monday, January 09, 2006

TCP/IP Weapons School and Network Stealth

I have ideas for two new TaoSecurity classes for 2006. I'd like to hear what you think of both concepts. These classes are in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 planning phase now, but I will be more confident of advancing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir progress if I receive positive feedback. The first class is TCP/IP Weapons School. I plan at least four days of material. The idea behind TCP/IP Weapons School is to teach TCP/IP packet analysis, with a twist -- all traffic will be generated by network security reconnaissance, exploitation, and communications tools. (The name is related to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US Air Force Weapons School.) This course is for attendees closer to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir network security career. It will be a cool way to learn TCP/IP, without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 boring aspects of a typical "fundamentals" class. I plan to cover cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most popular protocols seen when performing network security monitoring, intrusion detection, and network forensics. As a class participant, you'll learn how to interpret network traffic -- but also understand how security tools look when seen on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wire. I will probably teach this course solo, and I hope to introduce at least part of it at USENIX 2006 and potentially USENIX Security 2006.

The second class is Network Stealth. I plan at least two days of material. The idea behind Network Stealth is to teach how to evade network access control and detection systems. This course is for attendees with intermediate knowledge of packet analysis, such as TCP/IP Weapons School graduates. The core of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class will be network-based; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re may be some host-level issues if people find that interesting. I plan to cover evasion and insertion attacks, a wide variety of covert channels, timing and volume attacks, and related ways to make life tough for security analysts. As a class participant, you'll learn how attackers can bypass your IDS, IPS, firewall, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security measures so you can better deal with those events. I am currently brainstorming with a very skilled security analyst who I expect to teach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course with me. I hope to introduce this course at Black Hat USA 2006.

So what do you think? Do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sound like interesting classes?

15 comments:

Anonymous said...

Richard,
I think both are excellent ideas. Although far from being at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of my network security career, it also sounds like an excellent refresher course for those of us who are not doing this on a day to day basis any longer.

Da Kahua


p.s. See you at ShmooCon

Anonymous said...

Hi Richard,
both classes are great ideas so far. Although I'm not quite sure if this classses are of special interest at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of a network security career. (I'm right at this point now.) :-)
Nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less both classes roused my interest. Actually it won't be possible for me to join cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mentioned conferences, so will any materials online for download somewhere? It would be really great to see e.g. an excerpt or so.

Chavez

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Richard,
I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se classes sound like great ideas. I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 low level knowledge of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se apps and how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y interact with TCP/IP and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network is critical to really understanding when a security event is taking place. This sounds like a good approach to understanding how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se apps really work and what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir output really means.

Looking forward to hearing you at ShmooCon.

DJordan

Anonymous said...

I would definitely be interested in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weapons class. I might be a little over my head in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM course since my *nix CLI is a work in progress, and I'm a little hesitant to think my skills are up to par with what that course might require.

stone

John Ward said...

Kind of interesting that you bring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se up since i am writing an article following up on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 proof of concept I mentioned previously. Hell, Im not quite at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "beginning" of my career, but I would still be interested in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se classes. You need to start teaching some more in my neck of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 woods. When you do, Ill whoop you at a round of golf ;)

Anonymous said...

Good ideas. I love to see a course on extrusion detection techniques as well.
not sure how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 knight rider dvd fits in...

Anonymous said...

Hi Richard,

I gave a class, similar to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCP/IP Weapons Class, to an Army CERT team. The class was well received. I found that people who had some experience in this area found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class to be valuable as a refresher course or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y learned somethings that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y had not known.

Travis

Albert Gonzalez said...

Hey Richard,

Will cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class be tailored fitted to new comers? Since I know A LOT of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MSSP's out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re will hire fairly *new* people to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 industry in an attempt to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m longer. I have seen this at two previous locations where I worked. Let me know exactly which direction you're going.. might save me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time in writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 material myself here internally.

- Albert Gonzalez

Smitty said...

Yes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se classes sound good. I would be interested in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m myself even though I am just starting my carreer in Security...

Brad

Anonymous said...

Hi Richard,

How will this class be different from SANS Intrusion Detection in Depth?

Yaser

Richard Bejtlich said...

Chavez,

I do not plan to post full class materials at any time. I may provide excerpts. I would not have much of a teaching career if anyone could download my material for free!

Albert,

I plan for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCP/IP Weapons School to be for junior and intermediate security analysts. Experts are welcome but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 primary audience. Network Stealth will be aimed at intermediate and expert security analysts.

Anonymous,

Regarding SANS -- my classes have material that is newer than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1996-era slides found in Track 3 ("Intrusion Detection In Depth"). For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 8 years, at least, SANS has taught cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same track 3 material -- 1 day on TCP/IP, 2 days on Tcpdump BPF syntax, 1 day on Snort, and 2 days on material that hasn't mattered since it was written (like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 so-called "Mitnick Attack.") Of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 six days, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort material is probably most relevant, since Snort was only added to Track 3 in 2002, I believe. My classes will also not have 50-100 students taught by one instructor. I plan to build VMs for VMware Player to support my classes -- VMs students can take with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. I taught Track 3 in 2002 and 2003, and I demand that my classes will be better in every respect. I believe those who have attended Network Security Operations will agree.

Anonymous said...

Hi Richard,

thanks for your answer regarding my question. Well, I acknowledge that's a very good point. :-)
So an excerpt or a TOC would be more than nice.

Chavez

Anonymous said...

I'd definitely be interested in taking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCP/IP weapons class. I'm at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of my 'security' career and am looking for classes to get some hands on experience.

Scott said...

Snort was in in 2001 when I went. Marty was teaching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n too....pre-2.0 days too.