Building a Better Mousetrap: Effective Techniques in Vulnerability Analysis and Intrusion Detection & Prevention

Rohit Dhamankar & Rob King, TippingPoint

Register Now

USA 2011 Weekend Training Session //July 30-31

USA 2011 Weekday Training Session //August 1-2


It's a fact that hackers are getting smarter faster than network security hardware is getting better. To effectively defend your organization from attacks, you have to know more than just how to configure your IPS or IDS - you need to understand the art behind the science.

This course provides an in-depth look at vulnerability analysis, detection, and prevention from a network-based IPS/IDS standpoint. It starts with how vulnerabilities become vulnerabilities, how hackers attack them, how they look on the wire, and ends with how to write effective signatures and filters for attacks. More esoteric topics covered in this course (and very rarely in others) include how to avoid the dreaded False Positive, how to estimate performance, how to prevent data leakage, and - perhaps most importantly - the techniques hackers use to evade detection by IPS/IDSes, and how you can evade the evasions.

New for 2011:

Custom Web Application Vulnerabilities are the most attacked vulnerabilities for the past year. We will examine common Web Application attacks and explore rules that could be deployed on an IDS/IPS or a Web Application Firewall to prevent these attacks.

A student coming away from this course will have firm theoretical and practical knowledge of how to analyze vulnerabilities, how to write signatures, and how to deploy an effective and powerful intrusion prevention strategy on their network.

A quick but in-depth review of the important minutiae of network protocols, networking theory, and basic security theory will be provided, to ensure that all students get the most possible out of the course.

Note: This is a two-day course.


Basic knowledge of networking and security vulnerabilities.


Rohit Dhamankar: is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine group. His group is responsible for developing protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications to incorporate them into TippingPoint's intrusion prevention systems. He co-authors the weekly SANS Institutes's @RISK newsletter, which ranks the severity level of new vulnerabilities and is sent to over 200,000 subscribers. Rohit is also the Director for the SANS Top-20 Internet Security Attack Target project. Rohit is a frequent speaker at major industry conferences and has been quoted and featured in many top publications including the USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET etc.

Prior to TippingPoint, Rohit was employed at Cisco Systems, where he worked as a software developer for Cisco's Secure Intrusion Detection System and Cisco Secure Scanner. He is a frequent speaker at security conferences, and holds an M.S. in Electrical Engineering from UT, Austin and an M.Sc in Physics from the Indian Institute of Technology in Kanpur, India.

Rob King: is a Principal Security Researcher with the Digital Vaccine group at TippingPoint. He is an expert in security and vulnerability analysis, numerous programming languages, and houses a panoply of computer science esoterica in his head. Rob has spoken at several network security conferences, including Black Hat and Shmoocon. He has provided network security consulting for a variety of high-profile clients, including Exodus Communications and Whole Foods Market in the United States, and the European Investment Bank and InterTransact A.G. in Luxembourg.

Ends April 30
Ends Jun 15
Ends Jul 29