[Noisebridge-discuss] what if: network forensics class
Patrick O'Doherty
p at trickod.com
Sun Jun 14 22:17:20 UTC 2015
I'd be very interested in joining such a group, as it's an area that I'd
realy like to brush up on.
when are you thinking of starting this?
p
On Sun, Jun 14, 2015 at 12:51:05PM -0700, David Stainton wrote:
> Dear Noisebridge,
>
>
> Two things to say:
>
> 1. every popular TCP analyzer software needs to be rewritten to handle
> TCP injection attacks properly. Here are all the TCP injection attacks
> that are possible:
> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>
>
> 2. I'd like to start a class/group that regularly meets in person or
> online; collectively writes network forensics tools.
>
> I'm not sure if there's enough technical interest on this subject...
> but if there is then I'd like to teach about TCP protocol
> analysis/anomaly detection, low level network programming, ethernet
> sniffer packet capture methods, offensive packet spraying for
> detecting Great Cannon MITM etc.
>
> Those of you that know me might've noticed that in the past year I've
> become completely obsessed with network protocol anomaly detection,
> forensics, attack detection etc. especially when it comes to the
> subject of NSA attacks on TCP mentioned in Snowden documents.
>
> Ultimately I feel that a more healthy and balanced interaction in a
> group setting would be a "working group" instead of a class... in this
> case a low level network programming working group... but we could
> start out as a class.
>
>
> Are others interested in getting together to talk about the gory
> technical details of writing "network forensics software"?
> If the answer is no then I'd like to just move to Germany forever and
> find actual hackers over there to work with. Your move.
>
>
> Sincerely,
>
> David Stainton
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20150614/7774b810/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list