Black Hat USA 2009 Weekend Training Session
July 25-26
Black Hat USA 2009 Weekday Training Session
July 27-28
Assaulting IPS
Craig Williams, Cisco Systems and Tod Beardsley, Breakingpoint
Overview
When testing IPS devices security engineers evaluate speed, accuracy, and ease of use. While speed and ease of use are important for an inline network device, the accuracy of the signature base is critical. Evasion techniques are evolving constantly, so it is imperative that IPS devices have the ability to detect both ordinary exploits as well as their obfuscated cousins. We will cover everything from older well known evasion techniques to cutting edge ones being used in the wild.
We will perform detection testing using penetration testing tools and public proof-of-concept exploits, and students will learn effective and efficient ways to modify these attacks to accurately evaluate a device’s detection engine. The class will also cover the intricacies of performance testing and demonstrate the effects of heavy load on the accuracy of an IPS.
At the end of this 2-day intense hands-on class, students will walk away with detailed knowledge of cutting edge evasion techniques, the ability to properly gauge the performance of a device, and how to avoid IPS testing traps. The key factor in successful IPS testing is having a highly skilled knowledgeable person conducting the test. This class will teach you to be that person.
Student Requirements, experience/expertise
- Basic IPS experience required with a major IPS platform (Cisco, TippingPoint, ISS, Sourcefire, Entrasys, etc.)
- Basic shell scripting programming experience is required.
- Basic familiarity with VMWare Workstation.
- Optional: While Ruby/Python/Perl experienced is not a prerequisite, students with this background will probably be more comfortable with the material.
Trainer:
Craig Williams has a lifelong passion for security that started with research into vulnerabilities and network detection techniques. He has spent his entire career advancing the state of security research within positions at Cisco culminating in his current role as Technical Lead for the Cisco IPS signature team. Craig has extensive experience in IPS signature design, penetration testing, vulnerability research, IPS evasion, attack obfuscation, and network and protocol level programming.
Tod Beardsley has 18 years of experience with data and telephony network security, and has previously held IT security positions at TippingPoint, Dell and Westinghouse. He is a founding member of Austin Hackers Anonymous!, and occasionally blogs at Plan B Security
|
Super Early:
Ends Mar 15 |
Early:
Ends May 1 |
Regular: |
Late: |
Onsite: |
|
$2000 |
$2100 |
$2300 |
$2500 |
$2800 |
Black Hat USA 2009
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
Upcoming Topics
Black Hat Social
LinkedIn
Facebook
Flickr
Twitter
Delicious