[Noisebridge-discuss] what if: network forensics class

David Stainton dstainton415 at gmail.com
Sun Jun 14 19:57:57 UTC 2015

there are lots of badass network programming nerds hiding in san
francisco. you know who you are... Let's collaborate to hack the
planet! ahem... i mean write software... fun software with weird names




On Sun, Jun 14, 2015 at 12:51 PM, David Stainton <dstainton415 at gmail.com> wrote:
> Dear Noisebridge,
> Two things to say:
> 1. every popular TCP analyzer software needs to be rewritten to handle
> TCP injection attacks properly. Here are all the TCP injection attacks
> that are possible:
> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
> 2. I'd like to start a class/group that regularly meets in person or
> online; collectively writes network forensics tools.
> I'm not sure if there's enough technical interest on this subject...
> but if there is then I'd like to teach about TCP protocol
> analysis/anomaly detection, low level network programming, ethernet
> sniffer packet capture methods, offensive packet spraying for
> detecting Great Cannon MITM etc.
> Those of you that know me might've noticed that in the past year I've
> become completely obsessed with network protocol anomaly detection,
> forensics, attack detection etc. especially when it comes to the
> subject of NSA attacks on TCP mentioned in Snowden documents.
> Ultimately I feel that a more healthy and balanced interaction in a
> group setting would be a "working group" instead of a class... in this
> case a low level network programming working group... but we could
> start out as a class.
> Are others interested in getting together to talk about the gory
> technical details of writing "network forensics software"?
> If the answer is no then I'd like to just move to Germany forever and
> find actual hackers over there to work with. Your move.
> Sincerely,
> David Stainton

More information about the Noisebridge-discuss mailing list