[Noisebridge-discuss] what if: network forensics class
Patrick O'Doherty
p at trickod.com
Fri Jun 19 22:00:14 UTC 2015
I'll be in the space this evening ~6:30ish, and would love to chat about
this for an hour.
p
On 6/16/15 4:49 PM, David Stainton wrote:
> Yesss.... Friday sounds fine to me. I'd like to meet for one hour.
> That should give us time to discuss everyone's network programming
> projects... and then to clearly explain TCP injection attacks and
> other fun things you can do with protocol analysis ;-)
>
> Is 6pm OK? I'm flexible.
>
> On Mon, Jun 15, 2015 at 2:06 PM, Patrick O'Doherty <p at trickod.com> wrote:
>> 5mof is this Thursday. Maybe Friday?
>>
>> p
>>
>> On Mon, Jun 15, 2015 at 12:01:15PM -0700, David Stainton wrote:
>>> would this thursday at 7pm work for others?
>>> or suggest a day/time.
>>>
>>> On Sun, Jun 14, 2015 at 3:17 PM, Patrick O'Doherty <p at trickod.com> wrote:
>>>> I'd be very interested in joining such a group, as it's an area that I'd
>>>> realy like to brush up on.
>>>>
>>>> when are you thinking of starting this?
>>>>
>>>> p
>>>>
>>>> On Sun, Jun 14, 2015 at 12:51:05PM -0700, David Stainton wrote:
>>>>> Dear Noisebridge,
>>>>>
>>>>>
>>>>> Two things to say:
>>>>>
>>>>> 1. every popular TCP analyzer software needs to be rewritten to handle
>>>>> TCP injection attacks properly. Here are all the TCP injection attacks
>>>>> that are possible:
>>>>> https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-badger-the-puppet-masters.rst#tcp-injection-attack-categories
>>>>>
>>>>>
>>>>> 2. I'd like to start a class/group that regularly meets in person or
>>>>> online; collectively writes network forensics tools.
>>>>>
>>>>> I'm not sure if there's enough technical interest on this subject...
>>>>> but if there is then I'd like to teach about TCP protocol
>>>>> analysis/anomaly detection, low level network programming, ethernet
>>>>> sniffer packet capture methods, offensive packet spraying for
>>>>> detecting Great Cannon MITM etc.
>>>>>
>>>>> Those of you that know me might've noticed that in the past year I've
>>>>> become completely obsessed with network protocol anomaly detection,
>>>>> forensics, attack detection etc. especially when it comes to the
>>>>> subject of NSA attacks on TCP mentioned in Snowden documents.
>>>>>
>>>>> Ultimately I feel that a more healthy and balanced interaction in a
>>>>> group setting would be a "working group" instead of a class... in this
>>>>> case a low level network programming working group... but we could
>>>>> start out as a class.
>>>>>
>>>>>
>>>>> Are others interested in getting together to talk about the gory
>>>>> technical details of writing "network forensics software"?
>>>>> If the answer is no then I'd like to just move to Germany forever and
>>>>> find actual hackers over there to work with. Your move.
>>>>>
>>>>>
>>>>> Sincerely,
>>>>>
>>>>> David Stainton
>>>>> _______________________________________________
>>>>> Noisebridge-discuss mailing list
>>>>> Noisebridge-discuss at lists.noisebridge.net
>>>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>> --
>> Patrick O'Doherty
>> +1 (650) 701-7829
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20150619/ff4b5ebe/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list