[Noisebridge-discuss] what if: network forensics class

Patrick O'Doherty p at trickod.com
Mon Jun 15 21:06:21 UTC 2015


5mof is this Thursday. Maybe Friday?

p

On Mon, Jun 15, 2015 at 12:01:15PM -0700, David Stainton wrote:
> would this thursday at 7pm work for others?
> or suggest a day/time.
>
> On Sun, Jun 14, 2015 at 3:17 PM, Patrick O'Doherty <p at trickod.com> wrote:
> > I'd be very interested in joining such a group, as it's an area that I'd
> > realy like to brush up on.
> >
> > when are you thinking of starting this?
> >
> > p
> >
> > On Sun, Jun 14, 2015 at 12:51:05PM -0700, David Stainton wrote:
> >> Dear Noisebridge,
> >>
> >>
> >> Two things to say:
> >>
> >> 1. every popular TCP analyzer software needs to be rewritten to handle
> >> TCP injection attacks properly. Here are all the TCP injection attacks
> >> that are possible:
> >> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
> >>
> >>
> >> 2. I'd like to start a class/group that regularly meets in person or
> >> online; collectively writes network forensics tools.
> >>
> >> I'm not sure if there's enough technical interest on this subject...
> >> but if there is then I'd like to teach about TCP protocol
> >> analysis/anomaly detection, low level network programming, ethernet
> >> sniffer packet capture methods, offensive packet spraying for
> >> detecting Great Cannon MITM etc.
> >>
> >> Those of you that know me might've noticed that in the past year I've
> >> become completely obsessed with network protocol anomaly detection,
> >> forensics, attack detection etc. especially when it comes to the
> >> subject of NSA attacks on TCP mentioned in Snowden documents.
> >>
> >> Ultimately I feel that a more healthy and balanced interaction in a
> >> group setting would be a "working group" instead of a class... in this
> >> case a low level network programming working group... but we could
> >> start out as a class.
> >>
> >>
> >> Are others interested in getting together to talk about the gory
> >> technical details of writing "network forensics software"?
> >> If the answer is no then I'd like to just move to Germany forever and
> >> find actual hackers over there to work with. Your move.
> >>
> >>
> >> Sincerely,
> >>
> >> David Stainton
> >> _______________________________________________
> >> Noisebridge-discuss mailing list
> >> Noisebridge-discuss at lists.noisebridge.net
> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

--
Patrick O'Doherty
+1 (650) 701-7829
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20150615/f5e945f5/attachment-0003.sig>


More information about the Noisebridge-discuss mailing list