Wednesday, May 09, 2007

USENIX Santa Clara Update

Last month USENIX posted details on USENIX Annual 2007 in Santa Clara, CA, 17-22 June 2007. I'll be teaching Network Security Monitoring with Open Source Tools and TCP/IP Weapons School (layers 2-3) day one and day two.

I just finished uploading my slides for the three days of training. It seemed everyone liked the NSM course, but I received feedback concerning the coverage of layer 1 in TWS. Therefore, I axed 80% of the layer 1 material (probably 50-60 slides) and created a lot more new material. Specifically, I added sections on IP protocol scanning, Cisco Discovery Protocol use and abuse, and a big section on ICMPv6 Neighbor Discovery and IPv6. These last sections are an introduction really, but it's cool to see the traffic and walk through what it all means.

I will most likely teach layers 4-7 for USENIX at USENIX Security in Boston, MA, 6-10 August 2007. I plan to update the material to cover Metasploit 3 and some of its evasion methods. I'll also cover the traffic begind the Best April Fool's Joke this year.

Register before 1 June to get the best deal.

If you can't make it to Santa Clara for TCP/IP Weapons School (Layers 2-3), I'll be teaching the same material at Techno Security 2007 a few weeks earlier in Myrtle Beach, SC. That class is filling fast though.

I hope to see you there or at another training event this year!


Rodolfo Figueira said...


I have been watching your blog, and I would like to know what do you think or what experience did you have with Bro Intrusion Detection System (

Thanks in advanced.

Richard Bejtlich said...


Bro Basics Follow-up

Rodolfo Figueira said...

Thank you!

Richard, keep doing this very good work on this blog!