tag:blogger.com,1999:blog-4088979.post113685467624477286..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: TCP/IP Weapons School and Network StealthRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-4088979.post-1137170503335534482006-01-13T11:41:00.000-05:002006-01-13T11:41:00.000-05:00I'd definitely be interested in taking the TCP/IP ...I'd definitely be interested in taking the TCP/IP weapons class. I'm at the beginning of my 'security' career and am looking for classes to get some hands on experience.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137053141474035682006-01-12T03:05:00.000-05:002006-01-12T03:05:00.000-05:00Hi Richard,thanks for your answer regarding my que...Hi Richard,<BR/><BR/>thanks for your answer regarding my question. Well, I acknowledge that's a very good point. :-)<BR/>So an excerpt or a TOC would be more than nice. <BR/><BR/>ChavezAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137028555152539692006-01-11T20:15:00.000-05:002006-01-11T20:15:00.000-05:00Chavez,I do not plan to post full class materials ...Chavez,<BR/><BR/>I do not plan to post full class materials at any time. I may provide excerpts. I would not have much of a teaching career if anyone could download my material for free!<BR/><BR/>Albert,<BR/><BR/>I plan for the TCP/IP Weapons School to be for junior and intermediate security analysts. Experts are welcome but they are not the primary audience. Network Stealth will be aimed at intermediate and expert security analysts.<BR/><BR/>Anonymous,<BR/><BR/>Regarding SANS -- my classes have material that is newer than the 1996-era slides found in Track 3 ("Intrusion Detection In Depth"). For the last 8 years, at least, SANS has taught the same track 3 material -- 1 day on TCP/IP, 2 days on Tcpdump BPF syntax, 1 day on Snort, and 2 days on material that hasn't mattered since it was written (like the so-called "Mitnick Attack.") Of the six days, the Snort material is probably most relevant, since Snort was only added to Track 3 in 2002, I believe. My classes will also not have 50-100 students taught by one instructor. I plan to build VMs for VMware Player to support my classes -- VMs students can take with them. I <A HREF="http://www.taosecurity.com/events.html" REL="nofollow">taught</A> Track 3 in 2002 and 2003, and I demand that my classes will be better in every respect. I believe those who have attended <A HREF="http://www.taosecurity.com/training.html" REL="nofollow">Network Security Operations</A> will agree.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137010388951130932006-01-11T15:13:00.000-05:002006-01-11T15:13:00.000-05:00Hi Richard,How will this class be different from ...Hi Richard,<BR/><BR/>How will this class be different from SANS Intrusion Detection in Depth?<BR/><BR/>YaserAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137008737018910332006-01-11T14:45:00.000-05:002006-01-11T14:45:00.000-05:00Yes these classes sound good. I would be intereste...Yes these classes sound good. I would be interested in them myself even though I am just starting my carreer in Security...<BR/><BR/>BradSmittyhttps://www.blogger.com/profile/00830212966548113852noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136914645163827642006-01-10T12:37:00.000-05:002006-01-10T12:37:00.000-05:00Hi Richard,I gave a class, similar to the TCP/IP W...Hi Richard,<BR/><BR/>I gave a class, similar to the TCP/IP Weapons Class, to an Army CERT team. The class was well received. I found that people who had some experience in this area found the class to be valuable as a refresher course or they learned somethings that they had not known. <BR/><BR/>TravisAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136911845946570802006-01-10T11:50:00.000-05:002006-01-10T11:50:00.000-05:00Good ideas. I love to see a course on extrusion d...Good ideas. I love to see a course on extrusion detection techniques as well.<BR/>not sure how the post about the knight rider dvd fits in...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136907885494921252006-01-10T10:44:00.000-05:002006-01-10T10:44:00.000-05:00Kind of interesting that you bring these up since ...Kind of interesting that you bring these up since i am writing an article following up on the proof of concept I mentioned previously. Hell, Im not quite at the "beginning" of my career, but I would still be interested in these classes. You need to start teaching some more in my neck of the woods. When you do, Ill whoop you at a round of golf ;)John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136901310340445162006-01-10T08:55:00.000-05:002006-01-10T08:55:00.000-05:00I would definitely be interested in the weapons cl...I would definitely be interested in the weapons class. I might be a little over my head in the NSM course since my *nix CLI is a work in progress, and I'm a little hesitant to think my skills are up to par with what that course might require. <BR/><BR/>stoneAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136900071027209242006-01-10T08:34:00.000-05:002006-01-10T08:34:00.000-05:00Richard, I think these classes sound like great ...Richard, <BR/> I think these classes sound like great ideas. I think the low level knowledge of these apps and how they interact with TCP/IP and the network is critical to really understanding when a security event is taking place. This sounds like a good approach to understanding how these apps really work and what their output really means. <BR/><BR/>Looking forward to hearing you at ShmooCon. <BR/><BR/>DJordanAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136882748266943902006-01-10T03:45:00.000-05:002006-01-10T03:45:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136880595903608522006-01-10T03:09:00.000-05:002006-01-10T03:09:00.000-05:00Hi Richard,both classes are great ideas so far. Al...Hi Richard,<BR/>both classes are great ideas so far. Although I'm not quite sure if this classses are of special interest at the beginning of a network security career. (I'm right at this point now.) :-)<BR/>Nevertheless both classes roused my interest. Actually it won't be possible for me to join the mentioned conferences, so will any materials online for download somewhere? It would be really great to see e.g. an excerpt or so.<BR/><BR/>ChavezAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1136864093912698522006-01-09T22:34:00.000-05:002006-01-09T22:34:00.000-05:00Richard, I think both are excellent ideas. Althoug...Richard,<BR/> I think both are excellent ideas. Although far from being at the beginning of my network security career, it also sounds like an excellent refresher course for those of us who are not doing this on a day to day basis any longer.<BR/><BR/>Da Kahua<BR/><BR/><BR/>p.s. See you at ShmooConAnonymousnoreply@blogger.com