[Noisebridge-discuss] what if: network forensics class

Ashley Wilson ash.d.wilson at gmail.com
Mon Jun 15 14:09:59 UTC 2015


I'm interested.
On Jun 15, 2015 6:49 AM, "Bacon Zombie" <baconzombie at gmail.com> wrote:

> Hey,
>
> Any change the slides/class notes and files can be posted online? I know
> asking for video of talks/presentations if probably too much.
>
> Regards,
>
> An Irish Hacker currently in Berlin.
> On 14 Jun 2015 21:51, "David Stainton" <dstainton415 at gmail.com> wrote:
>
>> Dear Noisebridge,
>>
>>
>> Two things to say:
>>
>> 1. every popular TCP analyzer software needs to be rewritten to handle
>> TCP injection attacks properly. Here are all the TCP injection attacks
>> that are possible:
>>
>> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>>
>>
>> 2. I'd like to start a class/group that regularly meets in person or
>> online; collectively writes network forensics tools.
>>
>> I'm not sure if there's enough technical interest on this subject...
>> but if there is then I'd like to teach about TCP protocol
>> analysis/anomaly detection, low level network programming, ethernet
>> sniffer packet capture methods, offensive packet spraying for
>> detecting Great Cannon MITM etc.
>>
>> Those of you that know me might've noticed that in the past year I've
>> become completely obsessed with network protocol anomaly detection,
>> forensics, attack detection etc. especially when it comes to the
>> subject of NSA attacks on TCP mentioned in Snowden documents.
>>
>> Ultimately I feel that a more healthy and balanced interaction in a
>> group setting would be a "working group" instead of a class... in this
>> case a low level network programming working group... but we could
>> start out as a class.
>>
>>
>> Are others interested in getting together to talk about the gory
>> technical details of writing "network forensics software"?
>> If the answer is no then I'd like to just move to Germany forever and
>> find actual hackers over there to work with. Your move.
>>
>>
>> Sincerely,
>>
>> David Stainton
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20150615/4d1783e1/attachment.html>


More information about the Noisebridge-discuss mailing list