Over the holiday break I've been putting the finishing touches on TCP/IP Weapons School 3.0, to be presented first at Black Hat DC 2011 on 16-17 Jan 11. This is a completely new class written from the ground up. I'm very pleased with how it has developed.
While keeping the distinctions from other offerings that I described last year, I've extended this third version of the class to include explicit offensive and defensive portions. Students will receive two VMs, one running a modified version of Doug Burks' SecurityOnion distro as an attack/monitor platform, and the second running a Windows workstation as a victim platform.
The purpose of this class is to develop the investigative mindset needed by digital security professionals. Junior- to intermediate-level security and information technology (IT) staff are the intended audience. The class is a balance of discussion and hands-on labs.
Defensive aspects of the labs emphasize how to discover suspicious and malicious activity in network and log evidence. Offensive aspects of the labs offer the student a chance to do the same sorts of actions that caused the suspicious and malicious activity in the labs. I encourage students to keep an open mind and feel free to expand their interaction with the labs beyond the required material. Take advantage of this time away from the office to enjoy defensive and offensive aspects of the digital security arena!
Registration is open and continues at the current rate until 15 Jan, after which the onsite rate kicks in.
I'll also teach the course in Las Vegas this summer. Thank you.