[Noisebridge-discuss] what if: network forensics class

Benedicto Franco Jr bfrancojr at gmail.com
Mon Jun 15 15:02:07 UTC 2015


+1

On Mon, Jun 15, 2015 at 7:57 AM, Ronald Cotoni <setient at gmail.com> wrote:

> I am totally interested
> On Jun 15, 2015 7:10 AM, "Ashley Wilson" <ash.d.wilson at gmail.com> wrote:
>
>> I'm interested.
>> On Jun 15, 2015 6:49 AM, "Bacon Zombie" <baconzombie at gmail.com> wrote:
>>
>>> Hey,
>>>
>>> Any change the slides/class notes and files can be posted online? I know
>>> asking for video of talks/presentations if probably too much.
>>>
>>> Regards,
>>>
>>> An Irish Hacker currently in Berlin.
>>> On 14 Jun 2015 21:51, "David Stainton" <dstainton415 at gmail.com> wrote:
>>>
>>>> Dear Noisebridge,
>>>>
>>>>
>>>> Two things to say:
>>>>
>>>> 1. every popular TCP analyzer software needs to be rewritten to handle
>>>> TCP injection attacks properly. Here are all the TCP injection attacks
>>>> that are possible:
>>>>
>>>> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>>>>
>>>>
>>>> 2. I'd like to start a class/group that regularly meets in person or
>>>> online; collectively writes network forensics tools.
>>>>
>>>> I'm not sure if there's enough technical interest on this subject...
>>>> but if there is then I'd like to teach about TCP protocol
>>>> analysis/anomaly detection, low level network programming, ethernet
>>>> sniffer packet capture methods, offensive packet spraying for
>>>> detecting Great Cannon MITM etc.
>>>>
>>>> Those of you that know me might've noticed that in the past year I've
>>>> become completely obsessed with network protocol anomaly detection,
>>>> forensics, attack detection etc. especially when it comes to the
>>>> subject of NSA attacks on TCP mentioned in Snowden documents.
>>>>
>>>> Ultimately I feel that a more healthy and balanced interaction in a
>>>> group setting would be a "working group" instead of a class... in this
>>>> case a low level network programming working group... but we could
>>>> start out as a class.
>>>>
>>>>
>>>> Are others interested in getting together to talk about the gory
>>>> technical details of writing "network forensics software"?
>>>> If the answer is no then I'd like to just move to Germany forever and
>>>> find actual hackers over there to work with. Your move.
>>>>
>>>>
>>>> Sincerely,
>>>>
>>>> David Stainton
>>>> _______________________________________________
>>>> Noisebridge-discuss mailing list
>>>> Noisebridge-discuss at lists.noisebridge.net
>>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>>>
>>>
>>> _______________________________________________
>>> Noisebridge-discuss mailing list
>>> Noisebridge-discuss at lists.noisebridge.net
>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>>
>>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>


-- 
Bene.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20150615/c1a2b9e7/attachment.html>


More information about the Noisebridge-discuss mailing list