TCP/IP Weapons School and Network Stealth
The second class is Network Stealth. I plan at least two days of material. The idea behind Network Stealth is to teach how to evade network access control and detection systems. This course is for attendees with intermediate knowledge of packet analysis, such as TCP/IP Weapons School graduates. The core of the class will be network-based; there may be some host-level issues if people find that interesting. I plan to cover evasion and insertion attacks, a wide variety of covert channels, timing and volume attacks, and related ways to make life tough for security analysts. As a class participant, you'll learn how attackers can bypass your IDS, IPS, firewall, and other security measures so you can better deal with those events. I am currently brainstorming with a very skilled security analyst who I expect to teach the course with me. I hope to introduce this course at Black Hat USA 2006.
So what do you think? Do these sound like interesting classes?