Showing posts with label training. Show all posts
Showing posts with label training. Show all posts

Thursday, September 12, 2013

Bejtlich Teaching at Black Hat West Coast Trainings

I'm pleased to announce that I will be teaching at Black Hat West Coast Trainings 9-10 December 2013 in Seattle, Washington. This is a brand new class, only offered thus far in Las Vegas in July 2013. I posted Feedback from Network Security Monitoring 101 Classes last month as a sample of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student feedback I received.

Several students asked for a more complete class outline. So, in addition to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outline posted currently by Black Hat, I present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following that shows what sort of material I cover in my new class.

Please note that discounted registration ends 11:59 pm EDT October 24th. You can register here. I have only one session available in Seattle and fewer seats than in Las Vegas, so please plan accordingly. Thank you.

OVERVIEW

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you. This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats. Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a virtual machine. Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

CLASS OUTLINE

Day One

0900-1030
·         Introduction
·         Enterprise Security Cycle
·         State of South Carolina case study
·         Difference between NSM and Continuous Monitoring
·         Blocking, filtering, and denying mechanisms
·         Why does NSM work?
·         When NSM won’t work
·         Is NSM legal?
·         How does one protect privacy during NSM operations?
·         NSM data types
·         Where can I buy NSM?

1030-1045
·         Break

1045-1230
·         SPAN ports and taps
·         Making visibility decisions
·         Traffic flow
·         Lab 1: Visibility in ten sample networks
·         Security Onion introduction
·         Stand-alone vs server plus sensors
·         Core Security Onion tools
·         Lab 2: Security Onion installation

1230-1400
·         Lunch

1400-1600
·         Guided review of Capinfos, Tcpdump, Tshark, and Argus
·         Lab 3: Using Capinfos, Tcpdump, Tshark, and Argus

1600-1615
·         Break

1615-1800
·         Guided review of Wireshark, Bro, and Snort
·         Lab 4: Using Wireshark, Bro, and Snort
·         Using Tcpreplay with NSM consoles
·         Guided review of process management, key directories, and disk usage
·         Lab 5: Process management, key directories, and disk usage

Day Two

0900-1030
·         Computer incident detection and response process
·         Intrusion Kill Chain
·         Incident categories
·         CIRT roles
·         Communication
·         Containment techniques
·         Waves and campaigns
·         Remediation
·         Server-side attack pattern
·         Client-side attack pattern

1030-1045
·         Break

1045-1230
·         Guided review of Sguil
·         Lab 6: Using Sguil
·         Guided review of ELSA
·         Lab 7: Using ELSA

1230-1400
·         Lunch

1400-1600
·         Lab 8. Intrusion Part 1 Forensic Analysis
·         Lab 9. Intrusion Part 1 Console Analysis

1600-1615
·         Break

1615-1800
·         Lab 10. Intrusion Part 2 Forensic Analysis
·         Lab 11. Intrusion Part 2 Console Analysis

REQUIREMENTS

Students must be comfortable using command line tools in a non-Windows environment such as Linux or FreeBSD. Basic familiarity with TCP/IP networking and packet analysis is a plus.

WHAT STUDENTS NEED TO BRING

NSM101 is a LAB-DRIVEN course. Students MUST bring a laptop with at least 8 GB RAM and at least 20 GB free on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hard drive. The laptop MUST be able to run a virtualization product that can CREATE VMs from an .iso, such as VMware Workstation (minimum version 8, 9 is preferred); VMware Player (minimum version 5 -- older versions do not support VM creation); VMware Fusion (minimum version 5, for Mac); or Oracle VM VirtualBox (minimum version 4.2). A laptop with access to an internal or external DVD drive is preferred, but not mandatory.

Students SHOULD test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source Security Onion (http://securityonion.blogspot.com) NSM distro prior to class. The students should try booting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 12.04 64 bit Security Onion distribution into live mode. Students MUST ensure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptops can run a 64 bit virtual machine. For help with this requirement, see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware knowledgebase article “Ensuring Virtualization Technology is enabled on your VMware host (1003944)” (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003944). Students MUST have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BIOS password for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to enable virtualization support in class. Students MUST also have administrator-level access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop to install software, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to reconfigure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir laptop in class.

WHAT STUDENTS WILL RECEIVE

Students will receive a paper class handbook with printed slides, a lab workbook, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 teacher’s guide for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lab questions. Students will also receive a DVD with a recent version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Onion NSM distribution.

TRAINERS


Richard Bejtlich is Chief Security Officer at MANDIANT. He was previously Director of Incident Response for General Electric, where he built and led cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 40-member GE Computer Incident Response Team (GE-CIRT). Prior to GE, he operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation.  Richard began his digital security career as a military intelligence officer in 1997 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Air  Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).  Richard is a graduate of Harvard University and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States Air Force Academy.  He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics."  His latest book is "The Practice of Network Security Monitoring" (nostarch.com/nsm). He also writes for his blog (taosecurity.blogspot.com) and Twitter (@taosecurity), and teaches for Black Hat.

Sunday, April 21, 2013

Bejtlich Teaching New Class at Black Hat in July

I'm pleased to announce I will teach two sessions of a brand-new two day class at Black Hat USA 2013 this summer. The new class is Network Security Monitoring 101. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overview:

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you.

This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats.

Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a few virtual machines.

Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

Black Hat has three remaining price points and deadlines for registration.

  • "Regular" ends 31 May

  • "Late" ends 24 July

  • "Onsite" starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference

Seats are filling -- it pays to register early!

If you have any questions about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, please leave a comment here or contact me via Twitter at @taosecurity. Thank you.

I'm also talking with Black Hat about teaching at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Istanbul and Seattle events later this year.

Sunday, August 28, 2011

TCP/IP Weapons School 3.0 in McLean, VA 26-27 Oct

I just created a class page for my upcoming TCP/IP Weapons School 3.0 in McLean, VA on 26-27 October 2011. I decided to offer this class because I haven't taught anything nearby in quite a while, and many people asked for a class in NoVA. I don't plan to offer this sort of "solo" (i.e., outside Black Hat) class again (or anytime soon). So, if you're in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 neighborhood and you'd like to attend a TWS3 class, this could be your chance! The venue only seats 20-25 students, so please keep that in mind. You can register through RegOnline immediately. Thank you.

Monday, August 15, 2011

Bejtlich Webinar for Dark Reading and InformationWeek

Thanks to Dark Reading and InformationWeek I will participate in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 How Security Breaches Happen online virtual event on 25 August 2011. At 1330 ET I present with Nicholas J. Percoco and Kelly Jackson Higgins on "Why Bad Breaches Happen To Good Companies."

I will share cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise/CSO perspective while Nicholas will present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 adversary simulation/pen tester perspective. Kelly will moderate. Lots of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r speakers will participate from 1030 ET to 1815 ET.

We hope you can attend!

Feedback from Latest TCP/IP Weapons School 3.0 Class

At Black Hat in Las Vegas and USENIX Security in San Francisco I taught three TCP/IP Weapons School 3.0 classes. I think my weekday class at Black Hat set a personal record student count, and I was glad to have Steve Andres from Special Ops Security cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re to help students with questions and lab issues!

I wanted to share some feedback from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 classes, in case any of you are considering attending an upcoming class. Currently I'm scheduled to teach at Black Hat Abu Dhabi on 12-13 December. The only ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r possibilities for training this year include a class in norcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rn VA in eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r September or October, and a class cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weekend before USENIX LISA in Boston on 3-4 December 2011. Next year I will likely return to Las Vegas again in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 summer (21-24 July) and DC in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fall (30-31 Oct) but beyond that I am not sure how much training I might do in 2012.

Student feedback from TWS3 included:

  • I've been to a lot of training sessions and this was by far cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best. The discussions were useful and practical. The labs were well done enough to repeat and follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m later.

  • Excellent speaker, well-prepared and extremely engaging. Perfect balance of real world scenarios and information.

  • Great course! More lab-based and little [i.e., fewer] PowerPoints is a recipe for success. Will recommend to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs.

  • This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best Black Hat Training class I've ever taken. The techniques and information Richard taught are instantly usable in my day-to-day security analyst work. Well worth cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time and money.

  • Richard worked hard to answer our questions and tailor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class to our needs.

  • Discussion-based training without PowerPoint was a great experience -- much more rewarding than death by .ppt!

  • Richard does an excellent job presenting material in an engaging way.

  • Excellent job handling diverse student population with very different skill levels.

  • I would take anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security course taught by Richard as well as recommend this course to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs.


The students who attend to learn how to collect and analyze network- and log-centric artifacts and data in order to detect and respond to intrusions tend to like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class best.

Thank you to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 students from all three classes for your participation!

Saturday, June 04, 2011

Security Conference Recommendations

After my post Bejtlich Teaching at USENIX Security in San Francisco 8-9 Aug a reader asked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

Richard,

I was curious if you could suggest ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security conferences that eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r you have attended or have heard are better than average?

It seems as though everyone and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir brocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sponsor some sort of security conference and it is difficult to tell how educational cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be just by reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 website.

Perhaps you could provide some insight into how you determine which conferences you would actually pay to attend? Thanks!


Great question. The answer that follows is just my opinion, and I'm sure ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs feel differently. For me, I like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se conferences:

  • Black Hat offers cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best combination of training plus briefings per unit time, on a consistent basis. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, I believe attendees will learn more in two days of Black Hat Training plus two days of Black Hat Briefings compared to any alternatives, every year. The content is uniformly high, regardless of whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r you attend in DC, Barcelona, Las Vegas, Tokyo, or Abu Dhabi. This is why I will be teaching two TCP/IP Weapons School 3.0 classes this summer and staying for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two days of Briefings that follow.

  • My next favorite event is probably cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS What Works in Forensics and Incident Response Summit organized each year by Rob Lee. His Summit connects me with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of people who do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same work that I do. The event is a mix of panels and briefings by interesting people.

  • In terms of value per dollar spent, you can't beat Security B-Sides. Why is that? Well, your travel cost will likely be almost nothing, since B-Sides events happen all over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world. Registration is free. Content quality is mixed, but when you throw a lot of local security people into a room in a non-traditional format, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output is surprisingly good!

  • If you want more of an academic approach, I recommend any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USENIX conferences. They are also a mix of training, "Refereed Papers" (see what I mean), and Invited Talks. I tend to see more college students talking about "solutions" more or less detached from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 real world, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diversity of specialized events means you're likely to find something of value that meets your direct needs, especially regarding system administration. After a multi-year break, I'm returning to teach TCP/IP Weapons School 3.0 in San Francisco at USENIX Security in August.

  • Returning to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 incident response world, you might also like FIRST conferences. I think every CIRT should become a FIRST member, and attending a conference or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r FIRST event every ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r year or so is a nice way to stay in touch with a very globalized security community.

  • If you qualify to attend, you might also enjoy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DoD Cybercrime or GFIRST conferences. As you can tell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y cater to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .gov and .mil communities, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir focus tends to involve more interesting problem sets.

  • I should also give CanSecWest an honorable mention, although it's been years since I've attended. I could say cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same for BSDCan and ShmooCon.

    Speaking of Shmoo, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logistics are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main reason I stopped going. At least with my old job, it was a hassle to commute to DC for only a Friday evening, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n again for a full day Saturday, and again for only a few hours on Sunday morning. I don't like weekend events since I'd racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r spend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time with my family, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ratio of travel-to-conference for Friday evening and Sunday morning was just too high!


Regarding how I pick conferences, I primarily want to learn something and see people whom I may not have seen recently. I prefer to avoid any conferences where keynotes are given to sponsors based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir sponsorship alone. I also try to attend conferences where I expect new material to be presented.

What conferences do you like to attend, and why?

Wednesday, May 18, 2011

Bejtlich Teaching at USENIX Security in San Francisco 8-9 Aug

For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time in four years, I will teach for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USENIX organization! I'm pleased to announce that on August 8-9 at USENIX Security 2011 in San Francisco, I will teach a special two-day edition of TCP/IP Weapons School 3.0.

This class is designed for junior and intermediate security analysts. The "sweet spot" for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 potential student is someone working in a security operations center (SOC) or computer incident response team (CIRT), or someone trying to establish one of those organizations. The class is very hands-on, and focuses on labs and discussions. There are less than 10 slides at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very beginning of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, and I build cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flow of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class based on what you want to hear.

If you would like details on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, please see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linked site. You may also find my announcement for my Black Hat sessions on 30-31 July and 1-2 August to be helpful too. It will be a busy few weeks this summer but I'm looking forward to seeing you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset needed to detect and respond to digital intrusions!

On a related note, I received a very positive response regarding a possible class in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 norcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rn VA area this fall. I will work out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details on that and try to post information as soon as I figure it out. Thank you.

Wednesday, April 13, 2011

UBM Cancels GTEC, Bejtlich Considers Alternatives

I received word this week that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 venue hosting my special session of TCP/IP Weapons School 3.0 was cancelled! That means no GTEC and no extra DC class.

I'm sad to hear this because I'm receiving word from students wondering what happened.

As best I understand it, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current Federal budget situation made hosting this conference a tough prospect for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DC crowd.

At this point I'm evaluating options, including hosting a class myself. If you would be interested in attending a group class of TCP/IP Weapons School 3.0 in norcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rn VA this year, please email training [at] taosecurity [dot] com. I think a class late in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year, hopefully during FY 2012 (so 1 Oct or later), might be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best option for Federal workers enduring budget woes.

I'd racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r teach within anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r venue, like Black Hat, but if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's enough demand from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cancelled GTEC event I'll see what it takes to offer a solo class.

As noted on my Training site, I am teaching Two Sessions of TWS3 at Black Hat USA in Las Vegas this summer. That is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r option for those who will miss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GTEC class.

I'm also still working out details to offer training at USENIX Security 2011 in San Francisco in August. I expect word from USENIX on that before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 month. Thank you.

Monday, January 18, 2010

Bejtlich Teaching at Black Hat EU 2010

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.

After Black Hat DC comes Black Hat EU 2010 Training on 12-13 April 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain.

I will be teaching TCP/IP Weapons School 2.0.

Registration is now open. Black Hat set five price points and deadlines for registration.

  • Super early ends 1 Feb

  • Early ends 1 Mar

  • Regular ends 1 Apr

  • Late ends 11 Apr

  • Onsite starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference


Seats are filling -- it pays to register early!

If you review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, you can take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DVD. I have been speaking with ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r trainers who are adopting this format after deciding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are also tired of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PowerPoint slide parade.

Feedback from my 2009 sessions was great. Two examples:

"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)

"In six years of attending Black Hat (seven courses taken) Richard was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best instructor." (Comment from student, 28 Jul 09)

If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.

I recently described differences between my class and SANS if that is a concern.

I will also be teaching in Barcelona and Las Vegas, but I will announce those dates later.

I look forward to seeing you. Thank you.

Thursday, January 14, 2010

Friday is Last Day to Register for Black Hat DC at Reduced Rate

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.

First up is Black Hat DC 2010 Training on 31 January and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA.

I will be teaching TCP/IP Weapons School 2.0.

Registration is now open. Black Hat set five price points and deadlines for registration, but only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se three are left.

  • Regular ends 15 Jan

  • Late ends 30 Jan

  • Onsite starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference


Seats are filling -- it pays to register early!

If you review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, you can take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DVD. I have been speaking with ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r trainers who are adopting this format after deciding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are also tired of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PowerPoint slide parade.

Feedback from my 2009 sessions was great. Two examples:

"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)

"In six years of attending Black Hat (seven courses taken) Richard was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best instructor." (Comment from student, 28 Jul 09)

If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.

I will also be teaching in Barcelona and Las Vegas, but I will announce those dates later.

I strongly recommend attending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Briefings on 2-3 Feb. Maybe it's just my interests, but I find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scheduled speaker list to be very compelling.

I look forward to seeing you. Thank you.

Wednesday, December 30, 2009

Difference Between Bejtlich Class and SANS Class

A comment on my last post, Reminder: Bejtlich Teaching at Black Hat DC 2010, a reader asked:

I am trying to get my company sponsorship for your class at Black Hat. However, I was ask to justify between your class and SANS 503, Intrusion Detection In-Depth.

Would you be able to provide some advice?


That's a good question, but it's easy enough to answer. The overall point to keep in mind is that TCP/IP Weapons School 2.0 is a new class, and when I create a new class I design it to be different from everything that's currently on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market. It doesn't make sense to me to teach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same topics, or use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same teaching techniques, found in classes already being offered. Therefore, when I first taught TWS2 at Black Hat DC last year, I made sure it was unlike anything provided by SANS or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r trainers.

Beyond being unique, here are some specific points to consider. I'm sure I'll get some howls of protest from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS folks, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own platform to justify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir approach. The two classes are very different, each with a unique focus. It's up to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student to decide what sort of material he or she wants to learn, in what environment, using whatever methods he or she prefers. I don't see anything specifically "wrong" with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS approach, but I maintain that a student will learn skills more appropriate for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir environment in my class.

  • TWS2 is a case-driven, hands-on, lab-centric class. SANS is largely a slide-driven class.

    When you attend my class you get three handouts: 1) a workbook explaining how to analyze digital evidence; 2) a workbook with questions for 15 cases; and 3) a teacher's guide answering all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 questions for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 15 cases. There are no slides aside from a few housekeeping items and a diagram or two to explain how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class is set up.

    When you attend SANS you will receive several sets of slide decks that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instructor will show during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. You will also have labs but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 focus of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class.

  • I designed TWS2 to meet cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 needs of a wide range of students, from beginners to advanced practitioners. TWS2 attendees typically finish 5-7 cases per class, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remainder suitable for "homework." Students can work at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own pace, although we cover certain cases at checkpoints during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. A few students have completed all 15 cases, and I often ask if those students are looking for a new opportunity with my team!

  • TWS2 is about investigating digital evidence, primarily in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 form of network traffic, logs, and some memory captures. The focus is overwhelmingly on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content and not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 container. SANS spends more time on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 container and less on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content.

    For example, if you look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS course overview, you'll see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y spend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first three days on TCP/IP headers and analysis with Tcpdump. Again, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's nothing wrong with that, but I don't care so much about what bit in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCP header corresponds to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RST flag. That was mildly interesting in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 late 1990s when that part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS course was written, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of a network conversation has been more important this decade. Therefore, my class focuses on what is being said and less on how it was transmitted.

  • TWS2 is not about Snort. While students do have access to a fully-functional Sguil instance with Snort alerts, SANCP session data, and full content libpcap network traffic, I do not spend time explaining how to write Snort alerts. SANS spends at least one day talking about Snort.

  • TWS is not about SIM/SEM/SIEM. Any "correlation" between various forms of evidence takes place in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student's mind, or using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 free Splunk instance containing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs collected from each case. If you consider dumping evidence into a system like Splunk, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n querying that evidence, to be "correlation," cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n we have "correlation." (Please see Defining Security Event Correlation for my thoughts on that subject.) SANS spends two days on fairly simple open source options for "correlation" and "traffic analysis."

  • TWS cases cover a wide variety of activity, while SANS is narrowly focused on suspicious and malicious network traffic. I decided to write cases that cover many of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of activities I expect an enterprise incident detector and responder to encounter during his or her professional duties.

    I also do not dictate any single approach to investigating each case. Just like real life, I want cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student to produce an answer. I care less about how he or she analyzed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data to produce that answer, as long as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 chain of reasoning is sound and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student can justify and repeat his or her methodology.


I hope that helps prospective students make a choice. I'll note that I don't send any of my analysts to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS "intrusion detection" class. We provide in-house training that includes my material but also focuses on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of decision-making and evidence sources we find to be most effective in my company. Also please note this post concentrated on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 differences between my class and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS "intrusion detection" class, and does not apply to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r SANS classes.

Saturday, June 09, 2007

PowerLite S4 Multimedia Projector

This week I taught TCP/IP Weapons School, Layers 2-3 at Techno Security 2007 in Myrtle Beach, SC. I enjoyed teaching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, especially since several students were repeat customers. Two were even alumni from classes I taught at Foundstone five years ago! Because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cost of renting a projector and screen from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hotel (and even from rentacomputer.com) seemed outrageous, I decided to buy my own. I purchased an Epson PowerLite S4 Multimedia Projector and Da-Lite 72263 Versatol Tripod Screen 70"x70" Matte White with Keystone Elim for use in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. I was extremely pleased with both. In fact, right after I bought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Epson projector I saw it covered in a USA TODAY review, which helped validate my purchase.

If you're in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market for a projector and screen combination for less than $800 (or even $700 if you're not time-crunched, as I was) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I think you'll like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se products.

Sunday, May 27, 2007

Reminder: Early Registration Ends Soon for Bejtlich at SANSFIRE 2007

I'll be teaching a special one-day course, Enterprise Network Instrumentation, at SANSFIRE 2007 in Washington, DC on 25 July 2007.

ENI is a one-day course designed to teach all methods of network traffic access. If you have a network you need to monitor, ENI will teach you what equipment is available (hubs, switch SPAN ports, taps, bypass switches, matrix switches, and so on) and how to use it effectively. Everyone else assumes network instrumentation is a given. ENI teaches cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reality and provides practical solutions.

Please register while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are still seats available. My class is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day before all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 six-day tracks begin. If you register before 6 June you will save $250. If you register by 27 June you will save $150. If you take this one-day class with a full SANS track my class only costs $450. Please note SANS set all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se prices and schedules.

This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only time I'll be teaching this class in 2007. Thank you.

Update: I cancelled cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. If you want reasons please email me privately. Thank you.

Bejtlich Teaching Network Security Operations in Chicago

I am happy to announce that I will be teaching a three day edition of my Network Security Operations training class in Chicago, IL on 27-29 August 2007. This is a public class, although I will be speaking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 30 August meeting of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chicago Electronic Crimes Task Force. Please register here. The early discount applies to registrations before midnight 27 July. ISSA members get an additional discount on top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 early registration discount.

Network Security Operations addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following topics:

  • Network Security Monitoring


    • NSM cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory

    • Building and deploying NSM sensors

    • Accessing wired and wireless traffic

    • Full content tools: Tcpdump, Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real/Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, Snort as packet logger, Daemonlogger

    • Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude

    • Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP

    • Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records

    • Sguil (sguil.sf.net)

    • Case studies, personal war stories, and attendee participation


  • Network Incident Response


    • Simple steps to take now that make incident response easier later

    • Characteristics of intruders, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir motivation, skill levels, and
      techniques

    • Common ways intruders are detected, and reasons cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are often initially
      missed

    • Improved ways to detect intruders based on network security monitoring
      principles

    • First response actions and related best practices

    • Secure communications among IR team members, and consequences of negligence

    • Approaches to remediation when facing a high-end attacker

    • Short, medium, and long-term verification of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remediation plan to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      intruder out


  • Network Forensics


    • Collecting network traffic as evidence

    • Protecting and preserving traffic from tampering, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r by careless
      helpers or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intruder himself

    • Analyzing network evidence using a variety of open source tools, based
      on network security monitoring (NSM) principles

    • Presenting findings to lay persons, such as management, juries, or judges

    • Defending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conclusions reached during an investigation, even in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      face of adversarial defense attorneys or skeptical business leaders



This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.

Bejtlich Teaching Network Security Operations in Cincinnati

I am happy to announce that I will be teaching a three day edition of my Network Security Operations training class in Cincinnati, OH on 21-23 August 2007. The Cincinnati ISSA chapter is hosting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. Please register here. The early discount applies to registrations before 20 July. ISSA members get an additional discount on top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 early registration discount.

Network Security Operations addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following topics:

  • Network Security Monitoring


    • NSM cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory

    • Building and deploying NSM sensors

    • Accessing wired and wireless traffic

    • Full content tools: Tcpdump, Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real/Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, Snort as packet logger, Daemonlogger

    • Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude

    • Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP

    • Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records

    • Sguil (sguil.sf.net)

    • Case studies, personal war stories, and attendee participation


  • Network Incident Response


    • Simple steps to take now that make incident response easier later

    • Characteristics of intruders, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir motivation, skill levels, and
      techniques

    • Common ways intruders are detected, and reasons cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are often initially
      missed

    • Improved ways to detect intruders based on network security monitoring
      principles

    • First response actions and related best practices

    • Secure communications among IR team members, and consequences of negligence

    • Approaches to remediation when facing a high-end attacker

    • Short, medium, and long-term verification of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remediation plan to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      intruder out


  • Network Forensics


    • Collecting network traffic as evidence

    • Protecting and preserving traffic from tampering, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r by careless
      helpers or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intruder himself

    • Analyzing network evidence using a variety of open source tools, based
      on network security monitoring (NSM) principles

    • Presenting findings to lay persons, such as management, juries, or judges

    • Defending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conclusions reached during an investigation, even in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      face of adversarial defense attorneys or skeptical business leaders



This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.

Friday, April 13, 2007

Brief Thoughts on Security Education

Once in a while I get requests from blog readers for recommendations on security education. I am obviously biased because I offer training independently, in private and public forums. However, I've attended or spoken at just about every mainstream security forum, so I thought I would provide a few brief thoughts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject.

First, decide if you want to attend training, briefings, or classes. I consider training to be an event of at least 1/2 day or longer. Anything less than 1/2 day is a briefing, and is probably part of a conference. Some conferences include training, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two topics are not mutually exclusive. Classes include courses offered by .edu's.

Training events focus on a specific problem set or technology, for an extended period of time. Training is usually a stand-alone affair. For example, when I prepared for my CCNA, took a week-long class by Global Net Training. If I choose to pursue cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CCNP I will return to GNT for more training. I seldom attend training because I do not usually need in-depth discussions of a single topic.

Briefings also focus on specific problems or technologies, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir scope is usually narrow due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time constraints. The content is typically fresher because it takes less work to prepare a briefing compared to a 1/2 day or longer training session. Briefings are more likely to contain marketing material because you can be halfway through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talk before realizing it's a pitch piece. I attend briefings more often than training because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y tend to fit my schedule and I can quickly learn something new.

Classes are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 forums offered by institutions over an extended period of time. Traditional colleges and universities provide classes, although some non-traditional teaching vehicles exist. I've never taken any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se although I would like to pursue my PhD some point soon.

With that background, here are a few thoughts on popular education venues:

  • USENIX: USENIX is my favorite venue. USENIX offers 1/2, 1, and 2-day training, plus briefings. I usually train at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 three major conferences cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y offer: Annual, Security, and LISA (Large Installation System Administration). Training tends to be very practical, with strong preferences for operational information for system administrators. The briefings especially tend to be more academic, with lots of research by students and/or professors. People-wise, I tend to like USENIX for connecting with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 university community.

  • Black Hat: Black Hat is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best place to learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest public attack tools and techniques. Defense is usually secondary. Black Hat offers 1 and 2-day training, plus briefings. I've trained through Foundstone at Black Hat, and I'll be training at Black Hat in Las Vegas this summer. If you want to get very technical information on attacks (and some countermeasures), Black Hat is a great venue. People-wise, I've decided to begin attending Black Hat regularly because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most interesting people are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.

  • SANS: SANS offers a wide variety of material, through training, briefings, classes, newsletters, and webcasts. I taught cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS IDS track in 2002 and 2003, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n returned to teach Enterprise Network Instrumentation late last year. I'll be back teaching ENI at SANSFIRE 2007. In my opinion some SANS training is woefully out-of-date, while ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r training is very good. SANS tracks are usually six days. SANS also offers shorter training like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 log management summit I attended last year. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r times SANS offers very short briefings on a single topic, like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SANS Software Security Institute. People-wise, SANS tracks tend to involve more people at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir security careers.

  • RSA: I mention RSA because it's big and people might want to know more about it. I spoke at RSA 2006. That was enough for me. RSA is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 place to be if you're a vendor, but ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks less inspiring than ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r venues. If you're a cryptographer you might find RSA's cryptography track to be helpful, since that subject is usually not emphasized elsewhere. People-wise, I met lots of people trying to attract business at RSA last year.

  • Niche Public Events: A lot of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r venues fill this space. Among those I've attended or spoken at, CanSecWest is one leader. I delivered a Lightning Talk cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re in 2004. The best part of CSW is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact it's a single track. By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event, some sense of community has been built. ShmooCon is similar to CSW, although it has multiple tracks. Techno Security and Techno Forensics are two great sources of education, generally heavy on Feds and forensics. I'll be teaching at Security and probably later at Forensics this year. If you're in Europe take a look at CONFidence in Poland.

  • Niche Government or Government-Centric Events: I include conferences usually sponsored or mainly attended by law enforcement, government, and military audiences here. FIRST and GFIRST fit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se bills. I speak cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re to meet people and less to hear about what's happening. The Telestrategies ISS World events are similar. For those of you in Australia, AusCERT looks like a good bet; I'll be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re this year.


That's all I have time to discuss now. Good luck spending your security education dollars.

Monday, March 19, 2007

Bejtlich Teaching at Sys Admin Magazine Conference in Baltimore

I will be teaching two half-day tutorials for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sys Admin Technical Conference on Monday 7 May 2007 in Baltimore, MD. I'll spend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 morning teaching Network Incident Response and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 afternoon teaching Network Forensics. Early Bird Pricing for SA Tech 2007 ends 30 March 2007, after which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 price will escalate by $250. Please register before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 seats fill. Thank you.

Bejtlich at AusCERT and Secure Agility/Sydney

I'm pleased to announce I will be speaking and training in Australia in May 2007. First, I will attend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AusCERT Asia Pacific Information Technology Security Conference in Gold Coast, Australia. According to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 schedule I'll be discussing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Self-Defeating Network at 1420 on Wednesday 23 May 2007. The following day I'll present half-day tutorials on Network Incident Response and Network Forensics. Registration is open now. The day after my AusCERT tutorials I will be joining friends at Secure Agility to teach Network Security Monitoring in Sydney, Australia on Friday 25 May 2007. If you'd like to attend this class please review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class page and return cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 registration form to me before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class fills. Thanks to Christian Heinrich for coordinating my visit to Sydney. Secure Agility will be handling collecting class fees, and I'll post more information when that aspect of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event is finalized. Thank you.

Wednesday, March 07, 2007

Bejtlich Teaching at SANSFIRE 2007

I'll be teaching a special one-day course, Enterprise Network Instrumentation, at SANSFIRE 2007 in Washington, DC on 25 July 2007. ENI is a one-day course designed to teach all methods of network traffic access. If you have a network you need to monitor, ENI will teach you what equipment is available (hubs, switch SPAN ports, taps, bypass switches, matrix switches, and so on) and how to use it effectively. Everyone else assumes network instrumentation is a given. ENI teaches cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reality and provides practical solutions.

Please register while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are still seats available. Thank you.

Thursday, February 01, 2007

TaoSecurity 2007 Training Schedule

I just posted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TaoSecurity 2007 Training Schedule on my company Web site. I didn't include all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 places I might be teaching this year. All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public classes are tentative at this point, but I am working on securing hosting facilities. You'll notice I plan to conduct six public classes across cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US, and I am appearing at a few overseas conferences too -- including a one-day public class in Sydney, Australia.

If you would like to support my bid to teach at Black Hat USA Training (28-21 July 2007) in Las Vegas, NV, please email Ping Look via ping [at] blackhat [dot] com.

Email training [at] taosecurity [dot] com for advance details on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 classes listed below. Registration information for public classes will be posted shortly.

I maintain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest schedule at TaoSecurity training.

If you would like me to conduct a private class at your facility, please email training [at] taosecurity [dot] com.

Thank you. I hope to meet you in 2007!