My goal is for students to be able to leave this class and immediately implement what they've learned in their own enterprise. The course outline includes:
TWS2 consists of a series of data-driven scenarios where students must interpret evidence in order to identify suspicious and malicious activity. The purpose of the exercises is to develop an investigative mindset, independent of any specific tool or vendor. Students will be given advice on how to perform forensic and intrusion analysis and then allowed to form conclusions through hands-on inspection.
Who Should Take This CourseTWS2 is designed for basic to intermediate network security personnel. This course is an excellent way for someone with general security knowledge to enter the incident response field. Investigators with a background in hard disk forensics but little experience with intrusion analysis will also find this course a great way to expand their horizons. Because this course addresses the entire incident detection and response process, students should not expect extremely advanced material in any single area (such as memory forensics), although the instructor is willing to discuss network-centric issues beyond the intermediate level if questioned.
If you have taken Richard Bejtlich's TCP/IP Weapons School at USENIX or Black Hat before, TWS2 is COMPLETELY DIFFERENT. Please join Richard for a completely new class for 2009!
PrerequisitesStudents must be comfortable using command line tools in a non-Windows environment such as Linux or FreeBSD. Students must have at least basic familiarity with TCP/IP networking and packet analysis. Students must bring their own laptop; see What to Bring for details.
Course LengthTwo days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.
Richard Bejtlich is Director of Incident Response for General Electric. Prior to joining GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics." He also writes for his blog (taosecurity.blogspot.com) and SearchSecurity.com, and teaches for Black Hat.
Super Early:
Ends Mar 15 |
Early:
Ends May 1 |
Regular: |
Late: |
Onsite: |
$2200 |
$2300 |
$2500 |
$2700 |
$3000 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.