[Noisebridge-discuss] what if: network forensics class

David Stainton dstainton415 at gmail.com
Tue Jun 16 23:49:14 UTC 2015


Yesss.... Friday sounds fine to me. I'd like to meet for one hour.
That should give us time to discuss everyone's network programming
projects... and then to clearly explain TCP injection attacks and
other fun things you can do with protocol analysis ;-)

Is 6pm OK? I'm flexible.

On Mon, Jun 15, 2015 at 2:06 PM, Patrick O'Doherty <p at trickod.com> wrote:
> 5mof is this Thursday. Maybe Friday?
>
> p
>
> On Mon, Jun 15, 2015 at 12:01:15PM -0700, David Stainton wrote:
>> would this thursday at 7pm work for others?
>> or suggest a day/time.
>>
>> On Sun, Jun 14, 2015 at 3:17 PM, Patrick O'Doherty <p at trickod.com> wrote:
>> > I'd be very interested in joining such a group, as it's an area that I'd
>> > realy like to brush up on.
>> >
>> > when are you thinking of starting this?
>> >
>> > p
>> >
>> > On Sun, Jun 14, 2015 at 12:51:05PM -0700, David Stainton wrote:
>> >> Dear Noisebridge,
>> >>
>> >>
>> >> Two things to say:
>> >>
>> >> 1. every popular TCP analyzer software needs to be rewritten to handle
>> >> TCP injection attacks properly. Here are all the TCP injection attacks
>> >> that are possible:
>> >> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>> >>
>> >>
>> >> 2. I'd like to start a class/group that regularly meets in person or
>> >> online; collectively writes network forensics tools.
>> >>
>> >> I'm not sure if there's enough technical interest on this subject...
>> >> but if there is then I'd like to teach about TCP protocol
>> >> analysis/anomaly detection, low level network programming, ethernet
>> >> sniffer packet capture methods, offensive packet spraying for
>> >> detecting Great Cannon MITM etc.
>> >>
>> >> Those of you that know me might've noticed that in the past year I've
>> >> become completely obsessed with network protocol anomaly detection,
>> >> forensics, attack detection etc. especially when it comes to the
>> >> subject of NSA attacks on TCP mentioned in Snowden documents.
>> >>
>> >> Ultimately I feel that a more healthy and balanced interaction in a
>> >> group setting would be a "working group" instead of a class... in this
>> >> case a low level network programming working group... but we could
>> >> start out as a class.
>> >>
>> >>
>> >> Are others interested in getting together to talk about the gory
>> >> technical details of writing "network forensics software"?
>> >> If the answer is no then I'd like to just move to Germany forever and
>> >> find actual hackers over there to work with. Your move.
>> >>
>> >>
>> >> Sincerely,
>> >>
>> >> David Stainton
>> >> _______________________________________________
>> >> Noisebridge-discuss mailing list
>> >> Noisebridge-discuss at lists.noisebridge.net
>> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
> --
> Patrick O'Doherty
> +1 (650) 701-7829


More information about the Noisebridge-discuss mailing list