Black Hat Digital Self Defense USA 2006


Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas July 28-29 (Weekend) & July 30-31 (Weekday)

Course Length: 2 days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.

Black Hat Registration

Incident Response: Black Hat Edition


What to bring:
All laptops and training equipment are provided.

Read: “Real Digital Forensics” by Keith Jones, Richard Beijtlich, and Curtis Rose

Course Description
As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area. Course attendees will obtain an understanding of the following:

  • Learn the different phases and activities of the Incident Response process
  • Learn the roles and responsibilities of each member of the Incident Response team
  • Create Incident Response checklists and notification lists
  • Use the Metasploit Framework to understand the latest automated attack processes
  • How to rapidly detect or confirm attacks against Windows and Unix systems
  • How to find, review, and interpret Windows and Unix log files
  • Perform live response on a compromised Windows server
  • Perform live response on a compromised Unix server
  • Learn what volatile evidence is present on a live system to before it is powered down
  • Determine the function of unidentified executable processes
  • Detect loadable kernel modules, rootkits, and trojaned files
  • Run rootkits to learn their impact on a live system, and how to respond

Who Should Attend the Class: 
Information technology staff, information security staff, corporate investigators, or other staff that require an understanding of how networks work, how to capture network traffic, how to investigate network use, how to identify and escalate suspected computer security incidents, and how to safeguard corporate assets via network defense will greatly benefit from this course.


Jerry Pierce has worked in the information security field for over 15 years, having initially been brought into the field to combat the hackers working to gain access to the UNIX systems he supported at the RBOC (Regional Bell Operating Company) where he was employed.  He currently holds a GCFA advanced forensics certification from the SANS institute, and is working on obtaining his CCE.

Mr. Pierce has worked in the incident response & forensics field for just over 6 years, having been initially trained in this field while employed at VISA International as one of their two Chief Information Security Analysts.   While at VISA, he was their central contact for FIRST (Forum of Incident Response Security Teams) and provided testimony to various law enforcement agencies including Scotland Yard.

Prior to joining Mandiant, Jerry was employed as a Sr. Instructor/Consultant at Foundstone, where he was a member of their Incident Response practice and member of FIRST (Forum of Incident Response Security Teams).   Within this capacity he performed incident response in the financial, health care & manufacturing environments for a variety of clients.

While at Foundstone, he taught their Incident Response & Forensics course to a wide variety of corporate clients, branches of the US military and other government agencies (both foreign and domestic).

At previous employers he has held such wide-ranging positions as Sr. Security Engineer at Providian Financial where he was the technical lead for their intrusion detection/incident response efforts to Vice President of Internal Audit at Wells Fargo Bank where he directed a team of auditors in performing “deep” application & system audits to ensure compliance with various regulatory agencies.

Ken Bradley is a Senior Consultant for Mandiant in the Alexandria, Virginia office. Mr. Bradley has more than 13 years of technological industry and network security experience. He has designed and maintained information systems within high levels of the Department of Defense such as Undersecretary of Defense, Air Force Chief of Staff, and Headquarters Air Force Office of Special Investigations.

Prior to joining Mandiant, Mr. Bradley was responsible for developing and conducting network surveillance and intrusion detection operations for the Counter Intelligence Field Activity. As an information security consultant for Booz Allen Hamilton, Ken was assigned to conduct network penetration tests and vulnerability assessments for an array of federal government clients. His work was immediately noticed by the government lead representative and he was placed in charge of the UNIX assessments branch. Hired specifically for his forensic experience, Mr. Bradley assisted other penetration testers perform more stealthy testing methodologies.

Ken was formerly a member of the elite Air Force Office of Special Investigations, Technical Monitoring Team. Operating from the Washington Field Office, He was responsible for performing advanced network intrusion surveillance, digital forensics and data reconstruction required during network intrusion investigations. Mr. Bradley is recognized as a UNIX/Linux expert within the federal investigative community and has consulted to the Federal Bureau of Investigations, Office of Postal Inspector General, Naval Criminal Investigative Service, Defense Criminal Investigative Service and Department of Defense Computer Forensics Laboratory.

Ken has delivered several lectures on advanced digital forensics for the George Washington University Master of Arts, Criminal Justice Program. He has also taught classes on computer forensics and cyber terrorism to local law enforcement departments for the North Carolina Piedmont Region Advanced Law Enforcement Center.

Mr. Bradley has received extensive training from the Department of Defense Computer Investigative Training Program and the SANS Institute. He is a Red Hat Certified Engineer, a candidate for the Certified Information Systems Security Professional, and enjoys developing open source forensics tools and techniques in his spare time. Mr. Bradley currently holds a Top Secret clearance.

Black Hat Registration

Course Length: 2 days All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


Ends May 31, 2007

Ends July 19, 2007

Begins July 20, 2007




Black Hat Logo
(c) 1996-2007 Black Hat