Bejtlich Teaching Two Sessions at Black Hat USA 2011
In January I taught the first TCP/IP Weapons School 3.0 class at Black Hat DC 2011. This is a completely new class written from the ground up. I'm very pleased with how it has developed and the students enjoyed the new content. For example, one of the feedback comments was the following:
"I felt that the pace and level of difficulty was well managed, and the defense-then-offense aspect was a great way to learn!"
I'm happy to announce that registration for TCP/IP Weapons School 3.0 at Black Hat USA 2011 is now open. I will teach two sessions, on 30-31 July and 1-2 August in Las Vegas.
Black Hat has four remaining price points and deadlines for registration.
Seats are filling -- it pays to register early!
While keeping the distinctions from other offerings that I described last year, I've extended this third version of the class to include explicit offensive and defensive portions. Students will receive two VMs, one running a modified version of Doug Burks' SecurityOnion distro as an attack/monitor platform, and the second running a Windows workstation as a victim platform.
The purpose of this class is to develop the investigative mindset needed by digital security professionals. Junior- to intermediate-level security and information technology (IT) staff are the intended audience. The class is a balance of discussion and hands-on labs.
Defensive aspects of the labs emphasize how to discover suspicious and malicious activity in network and log evidence. Offensive aspects of the labs offer the student a chance to do the same sorts of actions that caused the suspicious and malicious activity in the labs. I encourage students to keep an open mind and feel free to expand their interaction with the labs beyond the required material. Take advantage of this time away from the office to enjoy defensive and offensive aspects of the digital security arena!
I do not have any other classes scheduled, although my training page lists a few other possibilities.
TweetTweet
"I felt that the pace and level of difficulty was well managed, and the defense-then-offense aspect was a great way to learn!"
I'm happy to announce that registration for TCP/IP Weapons School 3.0 at Black Hat USA 2011 is now open. I will teach two sessions, on 30-31 July and 1-2 August in Las Vegas.
Black Hat has four remaining price points and deadlines for registration.
- Early ends 30 April
- Regular ends 15 June
- Late ends 29 July
- Onsite starts at the conference
Seats are filling -- it pays to register early!
While keeping the distinctions from other offerings that I described last year, I've extended this third version of the class to include explicit offensive and defensive portions. Students will receive two VMs, one running a modified version of Doug Burks' SecurityOnion distro as an attack/monitor platform, and the second running a Windows workstation as a victim platform.
The purpose of this class is to develop the investigative mindset needed by digital security professionals. Junior- to intermediate-level security and information technology (IT) staff are the intended audience. The class is a balance of discussion and hands-on labs.
Defensive aspects of the labs emphasize how to discover suspicious and malicious activity in network and log evidence. Offensive aspects of the labs offer the student a chance to do the same sorts of actions that caused the suspicious and malicious activity in the labs. I encourage students to keep an open mind and feel free to expand their interaction with the labs beyond the required material. Take advantage of this time away from the office to enjoy defensive and offensive aspects of the digital security arena!
I do not have any other classes scheduled, although my training page lists a few other possibilities.
TweetTweet
Comments
It helps to be comfortable with the Linux environment. Your analysis platform for the class is a version of Doug Burk's excellent SecurityOnion (http://securityonion.blogspot.com/). The victim is a Windows systems. The evidence on the Linux system is available to be analyzed with Sguil, Splunk, and/or any other tools you want to use on Linux.