RSS feed logo header graphic

Black Hat USA 2009 Weekend Training Session

July 25-26

Black Hat USA 2009 Weekday Training Session

July 27-28

Assaulting IPS

Craig Williams, Cisco Systems and Tod Beardsley, Breakingpoint

Register Button


When testing IPS devices security engineers evaluate speed, accuracy, and ease of use. While speed and ease of use are important for an inline network device, the accuracy of the signature base is critical. Evasion techniques are evolving constantly, so it is imperative that IPS devices have the ability to detect both ordinary exploits as well as their obfuscated cousins. We will cover everything from older well known evasion techniques to cutting edge ones being used in the wild.

We will perform detection testing using penetration testing tools and public proof-of-concept exploits, and students will learn effective and efficient ways to modify these attacks to accurately evaluate a device’s detection engine. The class will also cover the intricacies of performance testing and demonstrate the effects of heavy load on the accuracy of an IPS.

At the end of this 2-day intense hands-on class, students will walk away with detailed knowledge of cutting edge evasion techniques, the ability to properly gauge the performance of a device, and how to avoid IPS testing traps. The key factor in successful IPS testing is having a highly skilled knowledgeable person conducting the test. This class will teach you to be that person.

Student Requirements, experience/expertise

  1. Basic IPS experience required with a major IPS platform (Cisco, TippingPoint, ISS, Sourcefire, Entrasys, etc.)
  2. Basic shell scripting programming experience is required.
  3. Basic familiarity with VMWare Workstation.
  4. Optional: While Ruby/Python/Perl experienced is not a prerequisite, students with this background will probably be more comfortable with the material.


Craig Williams has a lifelong passion for security that started with research into vulnerabilities and network detection techniques. He has spent his entire career advancing the state of security research within positions at Cisco culminating in his current role as Technical Lead for the Cisco IPS signature team. Craig has extensive experience in IPS signature design, penetration testing, vulnerability research, IPS evasion, attack obfuscation, and network and protocol level programming.

Tod Beardsley has 18 years of experience with data and telephony network security, and has previously held IT security positions at TippingPoint, Dell and Westinghouse. He is a founding member of Austin Hackers Anonymous!, and occasionally blogs at Plan B Security

Register Button
Super Early:
Ends Mar 15
Ends May 1

Ends Jul 1

Ends Jul 22







Black Hat Webcasts

Black Hat Social