[Noisebridge-discuss] what if: network forensics class

David Stainton dstainton415 at gmail.com
Mon Jun 15 18:39:47 UTC 2015


Hello Bacon Zombie of Berlin,


ahh Berlin. I've got some things for you all to watch/read right now! READY!?


https://www.youtube.com/watch?v=b0w36GAyZIA#t=28m34s

https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks

http://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/

https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst

https://appliance.cloudshark.org/blog/quantuminsert-analysis-capture/

https://honeybadger.readthedocs.org/en/latest/



Cheers,

David

On Mon, Jun 15, 2015 at 6:48 AM, Bacon Zombie <baconzombie at gmail.com> wrote:
> Hey,
>
> Any change the slides/class notes and files can be posted online? I know
> asking for video of talks/presentations if probably too much.
>
> Regards,
>
> An Irish Hacker currently in Berlin.
>
> On 14 Jun 2015 21:51, "David Stainton" <dstainton415 at gmail.com> wrote:
>>
>> Dear Noisebridge,
>>
>>
>> Two things to say:
>>
>> 1. every popular TCP analyzer software needs to be rewritten to handle
>> TCP injection attacks properly. Here are all the TCP injection attacks
>> that are possible:
>>
>> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>>
>>
>> 2. I'd like to start a class/group that regularly meets in person or
>> online; collectively writes network forensics tools.
>>
>> I'm not sure if there's enough technical interest on this subject...
>> but if there is then I'd like to teach about TCP protocol
>> analysis/anomaly detection, low level network programming, ethernet
>> sniffer packet capture methods, offensive packet spraying for
>> detecting Great Cannon MITM etc.
>>
>> Those of you that know me might've noticed that in the past year I've
>> become completely obsessed with network protocol anomaly detection,
>> forensics, attack detection etc. especially when it comes to the
>> subject of NSA attacks on TCP mentioned in Snowden documents.
>>
>> Ultimately I feel that a more healthy and balanced interaction in a
>> group setting would be a "working group" instead of a class... in this
>> case a low level network programming working group... but we could
>> start out as a class.
>>
>>
>> Are others interested in getting together to talk about the gory
>> technical details of writing "network forensics software"?
>> If the answer is no then I'd like to just move to Germany forever and
>> find actual hackers over there to work with. Your move.
>>
>>
>> Sincerely,
>>
>> David Stainton
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss


More information about the Noisebridge-discuss mailing list