Reminder: Bejtlich Teaching at Black Hat DC 2010

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.

First up is Black Hat DC 2010 Training on 31 January and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA.

I will be teaching TCP/IP Weapons School 2.0.

Registration is now open. Black Hat set five price points and deadlines for registration, but only these three are left.

  • Regular ends 15 Jan

  • Late ends 30 Jan

  • Onsite starts at the conference

Seats are filling -- it pays to register early!

If you review the Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furthermore, you can take the class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus the DVD. I have been speaking with other trainers who are adopting this format after deciding they are also tired of the PowerPoint slide parade.

Feedback from my 2009 sessions was great. Two examples:

"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)

"In six years of attending Black Hat (seven courses taken) Richard was the best instructor." (Comment from student, 28 Jul 09)

If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in the new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of the OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.

I will also be teaching in Barcelona and Las Vegas, but I will announce those dates later.

I strongly recommend attending the Briefings on 2-3 Feb. Maybe it's just my interests, but I find the scheduled speaker list to be very compelling.

I look forward to seeing you. Thank you.


Anonymous said…
Hi Richard.

I love this time of year. Guess what I am waiting for? :)

You are right!

The best books you have read this year. ;)

Gonna be reloading your site several times every day. This is how much I want your book summary post!

Yours truly,
Book Worm.
Anonymous said…
Hi Richard,

I am trying to get my company sponsorship for your class at BlackHat. However, I was ask to justify between your class and SANS 503, Intrusion Detection In-Depth.

Would you be able to provide some advice? Please email me at

Appreciate your help. Thank you and happy holidays.

Kind Regards,
Anonymous said…
Hi Richard,

Would you consider offering a package for self-study? I attended your TWS1 class at Black Hat 2008 in Las Vegas and would love to see your updated materials for TWS2. I have grown tired of the conference scene and it's unlikely I would attend another Black Hat, even for you ;)
SC, I will write a new post explaining how my class differs from SANS.

Last Anonymous, TWS2 is completely different compared to TWS1. Check ou the Sample Lab at . I don't plan to release TWS2 in any format other than teaching for BH.
Anonymous said…

Yes. I've looked at the sample lab and the content and format does look fresh. My aversion is to the conference model of presenting the material. For those of you who don't share my personal preference for self-paced learning, you will no doubt enjoy Richard's teaching style and methodologies.

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia