Thursday, September 12, 2013

Bejtlich Teaching at Black Hat West Coast Trainings

I'm pleased to announce that I will be teaching at Black Hat West Coast Trainings 9-10 December 2013 in Seattle, Washington. This is a brand new class, only offered thus far in Las Vegas in July 2013. I posted Feedback from Network Security Monitoring 101 Classes last month as a sample of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student feedback I received.

Several students asked for a more complete class outline. So, in addition to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outline posted currently by Black Hat, I present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following that shows what sort of material I cover in my new class.

Please note that discounted registration ends 11:59 pm EDT October 24th. You can register here. I have only one session available in Seattle and fewer seats than in Las Vegas, so please plan accordingly. Thank you.

OVERVIEW

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you. This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats. Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a virtual machine. Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

CLASS OUTLINE

Day One

0900-1030
·         Introduction
·         Enterprise Security Cycle
·         State of South Carolina case study
·         Difference between NSM and Continuous Monitoring
·         Blocking, filtering, and denying mechanisms
·         Why does NSM work?
·         When NSM won’t work
·         Is NSM legal?
·         How does one protect privacy during NSM operations?
·         NSM data types
·         Where can I buy NSM?

1030-1045
·         Break

1045-1230
·         SPAN ports and taps
·         Making visibility decisions
·         Traffic flow
·         Lab 1: Visibility in ten sample networks
·         Security Onion introduction
·         Stand-alone vs server plus sensors
·         Core Security Onion tools
·         Lab 2: Security Onion installation

1230-1400
·         Lunch

1400-1600
·         Guided review of Capinfos, Tcpdump, Tshark, and Argus
·         Lab 3: Using Capinfos, Tcpdump, Tshark, and Argus

1600-1615
·         Break

1615-1800
·         Guided review of Wireshark, Bro, and Snort
·         Lab 4: Using Wireshark, Bro, and Snort
·         Using Tcpreplay with NSM consoles
·         Guided review of process management, key directories, and disk usage
·         Lab 5: Process management, key directories, and disk usage

Day Two

0900-1030
·         Computer incident detection and response process
·         Intrusion Kill Chain
·         Incident categories
·         CIRT roles
·         Communication
·         Containment techniques
·         Waves and campaigns
·         Remediation
·         Server-side attack pattern
·         Client-side attack pattern

1030-1045
·         Break

1045-1230
·         Guided review of Sguil
·         Lab 6: Using Sguil
·         Guided review of ELSA
·         Lab 7: Using ELSA

1230-1400
·         Lunch

1400-1600
·         Lab 8. Intrusion Part 1 Forensic Analysis
·         Lab 9. Intrusion Part 1 Console Analysis

1600-1615
·         Break

1615-1800
·         Lab 10. Intrusion Part 2 Forensic Analysis
·         Lab 11. Intrusion Part 2 Console Analysis

REQUIREMENTS

Students must be comfortable using command line tools in a non-Windows environment such as Linux or FreeBSD. Basic familiarity with TCP/IP networking and packet analysis is a plus.

WHAT STUDENTS NEED TO BRING

NSM101 is a LAB-DRIVEN course. Students MUST bring a laptop with at least 8 GB RAM and at least 20 GB free on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hard drive. The laptop MUST be able to run a virtualization product that can CREATE VMs from an .iso, such as VMware Workstation (minimum version 8, 9 is preferred); VMware Player (minimum version 5 -- older versions do not support VM creation); VMware Fusion (minimum version 5, for Mac); or Oracle VM VirtualBox (minimum version 4.2). A laptop with access to an internal or external DVD drive is preferred, but not mandatory.

Students SHOULD test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source Security Onion (http://securityonion.blogspot.com) NSM distro prior to class. The students should try booting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 12.04 64 bit Security Onion distribution into live mode. Students MUST ensure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptops can run a 64 bit virtual machine. For help with this requirement, see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware knowledgebase article “Ensuring Virtualization Technology is enabled on your VMware host (1003944)” (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003944). Students MUST have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BIOS password for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to enable virtualization support in class. Students MUST also have administrator-level access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop to install software, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to reconfigure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in class.

WHAT STUDENTS WILL RECEIVE

Students will receive a paper class handbook with printed slides, a lab workbook, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 teacher’s guide for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lab questions. Students will also receive a DVD with a recent version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Onion NSM distribution.

TRAINERS


Richard Bejtlich is Chief Security Officer at MANDIANT. He was previously Director of Incident Response for General Electric, where he built and led cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 40-member GE Computer Incident Response Team (GE-CIRT). Prior to GE, he operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation.  Richard began his digital security career as a military intelligence officer in 1997 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Air  Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).  Richard is a graduate of Harvard University and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States Air Force Academy.  He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics."  His latest book is "The Practice of Network Security Monitoring" (nostarch.com/nsm). He also writes for his blog (taosecurity.blogspot.com) and Twitter (@taosecurity), and teaches for Black Hat.

Tuesday, August 13, 2013

Feedback from Network Security Monitoring 101 Classes

At Black Hat in Las Vegas I taught two Network Security Monitoring 101 (NSM101) classes. This is a new class that I developed this year, after retiring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third edition of my TCP/IP Weapons School. Once again I was glad to have Steve Andres from Special Ops Security cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re to help students with questions and lab issues.

I wanted to share some feedback from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 classes, in case any of you are considering attending an upcoming edition. Currently I'm scheduled to teach at Black Hat Seattle on 9-10 December. I plan to continue offering my class through Black Hat as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y expand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir training location offerings.

Student feedback from NSM101 included:
  • Great tools, fun labs, very prepared -- a lot of experience from interesting real world scenarios.
  • This course was everything I hoped for and more. Very impressive considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course is new.
  • One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best training classes I have ever taken.
  • Richard hosted an exemplary class.
  • I thought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class was excellent, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content was relevant and informative.
  • The instructor was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re when help was needed. I can easily take what I learned here and apply it to my work.
  • Excellent instructor and class. It is nice to learn from true pros who are humble and willing to help.
  • Richard is an excellent speaker. His use of real world examples added value to each lab. The material was easy to understand and very well thought out.
  • The stories behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scenes and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 practical notes (i.e., how to create a team) really helped.
  • Great balance of hands-on and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory.
  • Easy to follow and inspiring, even for an NSM beginner like me.
  • Great companion to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new NSM book.
  • This class was fantastic. I wish I could send my whole department.
  • I look forward to using your book and teaching some of your techniques to my students.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "constructive criticism" category, several students recommended that I modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class description to better suit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class structure. For example, some students didn't realize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would be using Security Onion in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. A few students told me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would have sent more people from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir team if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y had a better sense of what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class was going to include. I will fix that for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Seattle edition and future events.

Overall I very much enjoyed teaching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new class. I will make a few tweaks to fix typos but ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise I am ready to teach again in December. Once cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 registration form is active I will post it via Twitter.

If you have any questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m as comments here or via Twitter to @taosecurity. Thank you.

Tuesday, June 18, 2013

President Obama Is Right On US-China Hacking

I strongly recommend watching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 excerpt on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Charlie Rose show titled Obama: Blunt Conversation With China on Hacking. I reproduced cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 relevant part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 transcript below and added emphasis to key points.

CHARLIE ROSE: Speaking of pushing back, what happened when you pushed back on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 question of hacking and serious allegations that come from this country that believe that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese are making serious strides and hacking not only private sector but public sector?

BARACK OBAMA: We had a very blunt conversation about cyber security.

CHARLIE ROSE: Do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y acknowledge it?

BARACK OBAMA: You know, when you’re having a conversation like this I don’t think you ever expect a Chinese leader to say "You know what? You’re right. You caught us red-handed."

CHARLIE ROSE: You got me. Yes.

BARACK OBAMA: We’re just stealing all your stuff and every day we try to figure out how we can get into Apple --

CHARLIE ROSE: But do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y now say "Look? See you’re doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing. We’ve been reading about what NSA is doing and you’re doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing that we’re doing and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are some allegations of that. And cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 man who is now unleashing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se secrets who’s telling everybody is in Hong Kong.

(CROSSTALK)

BARACK OBAMA: Yes.

CHARLIE ROSE: And may be talking to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese.

BARACK OBAMA: Well, let’s separate out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSA issue which I’m sure you’re going to want to talk to and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole full balance of privacy and security with -- with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 specific issue of cyber security and our concerns --

CHARLIE ROSE: And cyber warfare and cyber espionage.

BARACK OBAMA: Right. Every country in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world, large and small, engages in intelligence gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ring and that is an occasional source of tension but is generally practiced within bounds. There is a big difference between China wanting to figure out how can cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y find out what my talking points are when I’m meeting with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Japanese which is standard fare and we’ve tried to prevent cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m from --

(CROSSTALK)

CHARLIE ROSE: Right.

BARACK OBAMA: -- penetrating that and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y try to get that information. There’s a big difference between that and a hacker directly connected with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese government or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese military breaking into Apple’s software systems to see if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can obtain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 designs for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest Apple product. That’s cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft. And we can’t tolerate that.

And so we’ve had very blunt conversations about this. They understand, I think, that this can adversely affect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fundamentals of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 U.S./China relationship. We don’t consider this a side note in our conversations. We think this is central in part because our economic relationship is going to continue to be premised on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world’s innovator. We have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest R&D. We have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest entrepreneurial culture.

Our value added is at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value chain and if countries like China are stealing that that affects our long-term prosperity in a serious way.

This is an amazing development for someone aware of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 history of this issue. President Obama is exactly right concerning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 differences between espionage, practiced by all nations since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of time, and massive industrial cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft by China against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 developed world, which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States, at least, will not tolerate. I am so pleased that this issue is at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 agenda between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US and China and that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 President and his team, as well as Congress, are taking it so seriously.

Thursday, June 13, 2013

Pre-Order The Practice of Network Security Monitoring Before Price Hike

When my publisher and I planned and priced my new book The Practice of Network Security Monitoring, we assumed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book would be about 250 pages. As we conclude cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 copyediting process and put print in layout format, it's clear cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book will be well over 300. The current estimate is 328, but I think it could approach 350 pages.

Because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 much larger page count, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher and I agreed to reprice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. The price will rise from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current list of $39.95 for paperback and $31.95 for ebook to $49.95 for paperback and $39.95 for ebook.

However, those prices will not go into effect until next Friday, June 21st. That means if you preorder at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NoStarch.com Web site before next Friday, you will get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current lower prices. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, use preorder code NSM101 to save 30% off list. If you use NSM101 as your discount code it shows No Starch that you got word of this from me.

Those of you who already preordered have already taken advantage of this deal. Thanks for your orders!

We're still on track for publication by July 22, in time for books on hand at my new Network Security Monitoring 101 class in Las Vegas. Seats for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two editions of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class (weekend and weekday) continue to fill.

If you live in Europe or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Middle East or Africa, you may want to attend my new class in Istanbul in September. I hope cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protestors and government can manage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir differences in time for this great new Black Hat event!

Monday, April 29, 2013

Practice of Network Security Monitoring Table of Contents

Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC has only solidified in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last day or so. I delayed responding until I completed all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text, which I did this weekend.

You can preorder cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book through No Starch. Please consider using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discount code NSM101 to save 30%.

I'm still on track to publish by July 22, 2013, in time to teach two sessions of my new course, Network Security Monitoring 101, in Las Vegas. I'll be using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new book's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes for inspiration but will likely have to rebuild all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs.

I expect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book to approach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 350 page mark, exceeding my initial estimates for 256 pages and 7 chapters. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest Table of Contents.

  • Part I, “Getting Started,” introduces NSM and how to think about sensor placement.
    • Chapter 1, “NSM Rationale,” explains why NSM matters, to help you gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 support needed to deploy NSM in your environment.
    • Chapter 2, “Collecting Network Traffic: Access, Storage, and Management,” addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges and solutions surrounding physical access to network traffic.

  • Part II, “Security Onion Deployment,” focuses on installing SO on hardware, and configuring SO effectively.
    • Chapter 3, “Stand-alone Deployment,” introduces SO, and explains how to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software on spare hardware to gain initial NSM capability at low or no cost.
    • Chapter 4, “Distributed Deployment,” extends Chapter 3 to describe how to install a dispersed SO system.
    • Chapter 5, “SO Housekeeping,” discusses maintenance activities for keeping your SO installation running smoothly.

  • Part III, “Tools,” describes key software shipped with SO, and how to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se applications.
    • Chapter 6, “Command Line Packet Analysis Tools,” explains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key features of Tcpdump, Tshark, Dumpcap, and Argus in SO.
    • Chapter 7, “Graphical Packet Analysis Tools,” adds GUI-based software to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mix, describing Wireshark, Xplico, and NetworkMiner.
    • Chapter 8, “Consoles,” shows how NSM suites like Sguil, Squert, Snorby, and ELSA enable detection and response workflows.

  • Part IV, “NSM in Action,” discusses how to use NSM processes and data to detect and respond to intrusions.
    • Chapter 9, “Collection, Analysis, Escalation, and Resolution,” shares my experience building and leading a global Computer Incident Response Team (CIRT).
    • Chapter 10, “Server-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first NSM case study, wherein you’ll learn how to apply NSM principles to identify and validate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise of an Internet-facing application.
    • Chapter 11, “Client-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second NSM case study, offering an example of a user being victimized by a client-side attack.
    • Chapter 12, “Extending SO,” covers tools and techniques to expand SO’s capabilities.
    • Chapter 13, “Proxies and Checksums,” concludes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main text by addressing two challenges to conducting NSM.

  • The Conclusion offers a few thoughts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future of NSM, especially with respect to cloud environments and workflows.
  • Appendix A, “Security Onion Scripts and Configuration,” includes information from SO developer Doug Burks on core SO configuration files and control scripts.

I hope you enjoy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book and consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new class! If you have comments or questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here on via @taosecurity.

Sunday, April 21, 2013

Bejtlich Teaching New Class at Black Hat in July

I'm pleased to announce I will teach two sessions of a brand-new two day class at Black Hat USA 2013 this summer. The new class is Network Security Monitoring 101. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overview:

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you.

This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats.

Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a few virtual machines.

Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

Black Hat has three remaining price points and deadlines for registration.

  • "Regular" ends 31 May

  • "Late" ends 24 July

  • "Onsite" starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference

Seats are filling -- it pays to register early!

If you have any questions about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, please leave a comment here or contact me via Twitter at @taosecurity. Thank you.

I'm also talking with Black Hat about teaching at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Istanbul and Seattle events later this year.

Saturday, March 02, 2013

Mandiant APT1 Report: 25 Best Commentaries of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Last 12 Days

Two weeks ago today our team at Mandiant was feverishly preparing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 release of our APT1 report.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 twelve days that followed publication on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 evening of Monday cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 18th, I've been very pleased by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 amount of constructive commentary and related research published online.

In this post I'd like to list those contributions that I believe merit attention, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event you missed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time around.

These sorts of posts are examples of what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security community can do to advance our collective capability to counter digital threats.

Please note I avoided mass media accounts, interviews with Mandiant team members, and most general commentary.

They are listed in no particular order.

  1. Seth Hall (Bro): Watching for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT1 Intelligence
  2. Jason Wood (SecureIdeas): Reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Mandiant APT1 Report
  3. Chris Sanders: Making cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Mandiant APT1 Report Actionable
  4. Symantec: APT1: Q&A on Attacks by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Comment Crew
  5. Tekdefense (NoVA Infosec): MASTIFF Analysis of APT1
  6. Chort Row (@chort0): Analyzing APT1 with Cuckoobox, Volatility, and Yara
  7. Ron Gula (Tenable): We have Microsoft Tuesday, so how long until we have Indicator Wednesday?
  8. OpenDNS Umbrella Labs:An intimate look at APT1, China’s Cyber-Espionage Threat
  9. Chris Lew (Mandiant): Chinese Advanced Persistent Threats: Corporate Cyber Espionage Processes and Organizations (BSidesSF, slides not online yet)
  10. Adam Segal: Hacking back, signaling, and state-society relations
  11. Snorby Labs: APT Intelligence Update
  12. Wendy Nacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r: Exercises left to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader
  13. Brad Shoop (Mandiant): Mandiant’s APT1 Domain/MD5 Intel and Security Onion for Splunk
  14. Brad Shoop (Mandiant): Mandiant’s APT1 Domain/MD5 Intel and Security Onion with ELSA
  15. Kevin Wilcox: NSM With Bro-IDS Part 5: In-house Modules to Leverage Outside Threat Intelligence
  16. Cyb3rsleuth: Chinese Threat Actor Part 5
  17. David Bianco: The Pyramid of Pain
  18. Wesley McGrew: Mapping of Mandiant APT1 malware names to available samples
  19. Russ McRee: Toolsmith: Redline, APT1, and you – we’re all owned
  20. Jaime Blasco ( AlienVault Labs): Yara rules for APT1/Comment Crew malware arsenal
  21. Brandon Dixon: Mandiant APT2 Report Lure
  22. Seculert: Spear-Phishing with Mandiant APT Report
  23. PhishMe: How PhishMe addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top attack method cited in Mandiant’s APT1 report
  24. Rich Mogull (Securosis): Why China's Hacking is Different
  25. China Digital Times: Netizens Gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Evidence of PLA Hacking

M-Unition (Mandiant) published Netizen Research Bolsters APT1 Attribution.

I'd also like to cite Verizon for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir comments and mention of IOCExtractor and Symantec for publishing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir indicators via Pastebin after I asked about it.

Thank you to those who took cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time to share what you found when analyzing related APT1 data, or when showing how to use APT1 indicators to do detection and response.