Black Hat Europe Training 2006
Grand Hotel Krasnapolsky • 28 February-1 March

Overview
Few years after the birth of those valuable solutions to delude attackers, Honeypots have become a new key to improve the security of IT infrastructures. This 2 days comprehensive course is geared to teach you almost anything about honeypots technologies: theory, value, goals, conception, design, architectures, etc. Practical periods will allow students to switch their role from whitehat to blackhat, with live hacking on dedicated honeypots !

Key Learning Objectives

• Set-up real honeypots architectures in the Lab and try to defeat them by learning current known methods and tools used by blackhats.
• Improve the security of those systems by knowing their inherent vulnerabilities.
• Design honeypots in order to fit many different specific goals (deal with external threats, deal with internal threats, catch 0-days, etc) and avoid stealth problems.
• Know the small proofs that might defeat your infrastructure for an external potential incoming attacker and improve cloaking on your honeypots.
• Come back on your network with a practical knowledge on how to monitor the activity of your honeypots networks without loosing too much time.
• Harden your honeypots by adding containment and control capabilities (intrusion prevention, firewalls, etc).
• Study specific examples from real life like Wifi Honeypots, Spammers and honeypots, Botnet, Fishing, Scam, and the Honeynet project technologies.
• Understand potential future concepts though advanced features on honeypots: Active Defense with retaliation, Dynamic Honeypots, Embedded Honeypots.
• Hands on lab exercises are built to improve your pratical knowledge with whitehats but also blackhats tools (pentests, etc).

Prerequisites
Students should have intermediate understanding and a minimum of experience on network security (TCP/IP, firewalls), Windows or Unix. Notice that this course will focus on technical challenges and solutions to set-up powerful honeypot architectures (legal and organization issues won't be studied with too much details).

Materials
Students will be presented with the following materials to be used and referenced throughout the duration of the course:

• At least one CDROM with the main tools (sources, binaries, etc) and documentations (papers, howto, etc)
• Printed materials for the lecture and lab

What to bring:
The student is required to bring a preconfigured laptop with a current Linux or a current Windows XP. A recent VMWare should also be installed properly.

Laptop must have a 10BaseT Network card and CD drive - tools will be provided during the courses via CDROM.

Laurent Oudot is a security expert currently employed by the CEA (french equivalent of the US DOE). On his spare time, he is an active member of a security team called "RstAck". His research focus on defensive technologies highly closed to blackhats activities like honeypots, intrusion prevention, IDS, firewalls, sandboxes, etc. Laurent has been teaching network and systems security for the last seven years, and has managed numerous security projects for about ten years.

Concerning honeypots, he is a member of the Steering Committee of the Honeynet Research Alliance led by Lance Spitzner. Laurent is also the (co-)author of several research papers published at Security Focus, Institute of Internal Auditors, MISC magazine, etc. Last years, he has presented at international conferences and meetings such as Honeynet annual meeting, Defcon, Black Hat USA, Black Hat Asia, Cansecwest, Pacsec, Hope, etc.