Monday, July 28, 2008

Notes for Black Hat Students

The following is directed at students of my TCP/IP Weapons School (TWS) at Black Hat USA 2008 on 2-3 and 4-5 August 2008, at Caesars Palace, Las Vegas, NV. Please disregard otherwise.

TWS is an advanced network traffic analysis class. We expect students to have some experience looking at network traffic using tools like Wireshark. We also expect students to have some experience working in Unix-like operating systems.

We want you to get the most value from TWS. Students may participate in three ways.

  1. Students may simply observe while the instructor explains the network traffic and attacks which generated the traces. Students do not need anything to enjoy this aspect of the class.

  2. Students are encouraged to review traces as the instructor explains the network traffic and attacks. Students will need a laptop running Wireshark and a DVD drive to enjoy this aspect of the class.

  3. Students are encouraged to perform hands-on exercises which demonstrate tools and techniques to create interesting network traffic. Students will need a laptop with 10 GB free and a DVD drive.

    The laptop must have a VMware product installed. The instructor tested the VMs with VMware Server 1.0.6 on Ubuntu 8.04 and Windows XPSP2. The instructor expects the VMs to work on VMware Player (free), VMware Workstation (not free) and VMware Fusion (not free), although they were not tested. Students are strongly discouraged from relying on VMware Player, which only allows one VM to run at a time. Students will receive 3 VMs, and some labs require all 3 to be running simultaenously.

    At least one of the VMs is compressed using the 7z format. Windows users can use 7-zip and Unix-like users can use p7zip to extract the VM(s).


We hope you choose to participate by examining network traces using Wireshark and running the labs, so please bring the appropriate software and hardware to class. Extracting the VMs from the DVD may take an hour or more depending on hardware speeds, so hands-on labs will not start until late morning or early afternoon of the first day of class.

If you have any questions, please email taosecurity -at- gmail -dot- com.

No comments: