Offensive Countermeasures: Defensive Tactics that Actually Work

Paul Asadoorian Paul Asadoorian july 21-22 july 23-24

---

$2200

Ends February 1

$2400

Ends June 1

$2600

Ends July 20

$2900

July 21-24

Overview

One of the big questions we get is why Offensive Countermeasures are so important. Well, to be honest, you will need it someday. The current threat landscape is shifting. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you and, finally, attack the attackers.

More to the point, the old strategies of security have failed us and will continue to fail us unless we start becoming more offensive in our defensive tactics.

What we will cover

• Why Offensive Countermeasures?
• Legal Issues
• Core Security Concepts most People are Missing
• Why Current Security Strategies are Failing
• Layers of Defense for the Bad Guy
• Observe Orient Decide Act
• The Three A's of Offensive Countermeasures (Annoyance, Attribution and Attack)
• Fuzzing Attack Tools
• DOM-Hanoi
• SpiderTrap
• Web Labyrinth
• DNS Servers from Hell
• Honeypots
• Dynamic Blacklists from the Command Line for Windows and for Linux
• Dealing with Attackers using TOR
• Proxychains and TORProxy
• How Nmap Really Works with TOR
• Metasploit Decloak
• Word Web Bugs
• Web Application Street Fighting
• Browser Exploitation Framework
• Evil Java Applications
• Social Engineering Toolkit and OCM
• Bypassing AV... To Attack the Attackers
• Honey Claymores (or, Why did I open that file?)

There will be lecture followed by a hands-on lab for each of the major sections of the class. There are 7 labs per day for the class.

Who Should Attend

Security Professionals and Systems Administrators who are tired of playing catch-up with attackers.

Student Requirements

Basic OS understanding of Windows and Linux and a basic understanding of TCP/IP.

What to Bring

• Host system with at least 2 Gig of memory.
• VMware Player, Workstation or Fusion
• Windows XP, Windows 7, or OS X

What Students Get

Class slides and a DVD with the necessary tools and the OCM VM, which is a fully functional Linux system with the tools of OCM installed and ready to go for the class and in their work environment.

Trainer

John Strand co-hosts PaulDotCom Security Weekly, the world's largest computer security podcast. He is also the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He is a Senior Instructor with the SANS Institute. He has presented for the FBI, NASA, the NSA, and at DEF CON. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.

Paul Asadoorian is currently the "Product Evangelist" for Tenable Network Security, where he showcases vulnerability scanning and management through blogs, podcasts and videos. Paul is also the founder of PaulDotCom, an organization centered around the award winning "PaulDotCom Security Weekly" podcast that brings listeners the latest in security news, vulnerabilities, research and interviews with the security industry's finest. Paul has a background in penetration testing, intrusion detection, and is the author of "WRT54G Ultimate Hacking," a book dedicated to hacking Linksys routers.