Thursday, September 12, 2013

Bejtlich Teaching at Black Hat West Coast Trainings

I'm pleased to announce that I will be teaching at Black Hat West Coast Trainings 9-10 December 2013 in Seattle, Washington. This is a brand new class, only offered thus far in Las Vegas in July 2013. I posted Feedback from Network Security Monitoring 101 Classes last month as a sample of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student feedback I received.

Several students asked for a more complete class outline. So, in addition to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outline posted currently by Black Hat, I present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following that shows what sort of material I cover in my new class.

Please note that discounted registration ends 11:59 pm EDT October 24th. You can register here. I have only one session available in Seattle and fewer seats than in Las Vegas, so please plan accordingly. Thank you.

OVERVIEW

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you. This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats. Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a virtual machine. Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

CLASS OUTLINE

Day One

0900-1030
·         Introduction
·         Enterprise Security Cycle
·         State of South Carolina case study
·         Difference between NSM and Continuous Monitoring
·         Blocking, filtering, and denying mechanisms
·         Why does NSM work?
·         When NSM won’t work
·         Is NSM legal?
·         How does one protect privacy during NSM operations?
·         NSM data types
·         Where can I buy NSM?

1030-1045
·         Break

1045-1230
·         SPAN ports and taps
·         Making visibility decisions
·         Traffic flow
·         Lab 1: Visibility in ten sample networks
·         Security Onion introduction
·         Stand-alone vs server plus sensors
·         Core Security Onion tools
·         Lab 2: Security Onion installation

1230-1400
·         Lunch

1400-1600
·         Guided review of Capinfos, Tcpdump, Tshark, and Argus
·         Lab 3: Using Capinfos, Tcpdump, Tshark, and Argus

1600-1615
·         Break

1615-1800
·         Guided review of Wireshark, Bro, and Snort
·         Lab 4: Using Wireshark, Bro, and Snort
·         Using Tcpreplay with NSM consoles
·         Guided review of process management, key directories, and disk usage
·         Lab 5: Process management, key directories, and disk usage

Day Two

0900-1030
·         Computer incident detection and response process
·         Intrusion Kill Chain
·         Incident categories
·         CIRT roles
·         Communication
·         Containment techniques
·         Waves and campaigns
·         Remediation
·         Server-side attack pattern
·         Client-side attack pattern

1030-1045
·         Break

1045-1230
·         Guided review of Sguil
·         Lab 6: Using Sguil
·         Guided review of ELSA
·         Lab 7: Using ELSA

1230-1400
·         Lunch

1400-1600
·         Lab 8. Intrusion Part 1 Forensic Analysis
·         Lab 9. Intrusion Part 1 Console Analysis

1600-1615
·         Break

1615-1800
·         Lab 10. Intrusion Part 2 Forensic Analysis
·         Lab 11. Intrusion Part 2 Console Analysis

REQUIREMENTS

Students must be comfortable using command line tools in a non-Windows environment such as Linux or FreeBSD. Basic familiarity with TCP/IP networking and packet analysis is a plus.

WHAT STUDENTS NEED TO BRING

NSM101 is a LAB-DRIVEN course. Students MUST bring a laptop with at least 8 GB RAM and at least 20 GB free on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hard drive. The laptop MUST be able to run a virtualization product that can CREATE VMs from an .iso, such as VMware Workstation (minimum version 8, 9 is preferred); VMware Player (minimum version 5 -- older versions do not support VM creation); VMware Fusion (minimum version 5, for Mac); or Oracle VM VirtualBox (minimum version 4.2). A laptop with access to an internal or external DVD drive is preferred, but not mandatory.

Students SHOULD test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source Security Onion (http://securityonion.blogspot.com) NSM distro prior to class. The students should try booting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 12.04 64 bit Security Onion distribution into live mode. Students MUST ensure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptops can run a 64 bit virtual machine. For help with this requirement, see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware knowledgebase article “Ensuring Virtualization Technology is enabled on your VMware host (1003944)” (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003944). Students MUST have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BIOS password for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to enable virtualization support in class. Students MUST also have administrator-level access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop to install software, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to reconfigure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in class.

WHAT STUDENTS WILL RECEIVE

Students will receive a paper class handbook with printed slides, a lab workbook, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 teacher’s guide for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lab questions. Students will also receive a DVD with a recent version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Onion NSM distribution.

TRAINERS


Richard Bejtlich is Chief Security Officer at MANDIANT. He was previously Director of Incident Response for General Electric, where he built and led cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 40-member GE Computer Incident Response Team (GE-CIRT). Prior to GE, he operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation.  Richard began his digital security career as a military intelligence officer in 1997 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Air  Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).  Richard is a graduate of Harvard University and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States Air Force Academy.  He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics."  His latest book is "The Practice of Network Security Monitoring" (nostarch.com/nsm). He also writes for his blog (taosecurity.blogspot.com) and Twitter (@taosecurity), and teaches for Black Hat.