Cyber Network Defense Bootcamp

Adam Meyers


Register Now for Black Hat DC 2011


DC 2011 Training Session // january 16 - 17


Overview:

Cyber Network Defense is a critical and evolving requirement for organizations large and small in the 21st century. There are a number of component courses available for various disciplines in the realm of CND; however, there are very few options for a CND crash-course bootcamp that covers topics relevant to the overarching mission of defending the home network. Many courses teach the fundamentals of incident response utilities, malware analysis, and reverse engineering. In practice, we find many “detection” tools have limited success rates and can be quite misleading – from basic antivirus to highly specialized memory and hooking analysis tools.

This course will cover the holistic approach to CND, beginning with intelligence ingestion and easing into network anomaly detection and advanced network forensics. Following the understanding of the network layer, the course will introduce key concepts of incident analysis by providing an in-depth introduction into incident response device forensics using freely available and commercially licensed tools of the trade. With incident analysis and network forensics under their belts, students will then immerse themselves in nearly a full day of static and dynamic reverse engineering to include topics like manual unpacking and deobfuscation of command and control protocols. To round out the training, students will be given a short training in incident reporting and will learn how to present technical findings to managerial and executive level personnel in a clear and concise manner.

course syllabus

  • DAY ONE
  • Open Source Intelligence Methods and Commercial Intelligence Options
  • Network Forensics and Analysis
  • Advanced Network Detection Techniques
  • Device Forensics Tools
  • Device Forensics Methodologies
  • DAY TWO
  • Dynamic Malware Analysis
  • Static Malware Analysis
  • Dynamic Memory Analysis
  • Incident Reporting
  • Talking to the C-Level

Student Requirements:

Students should have an understanding of networking, and a basic concept of computer programming.

What to Bring:

Laptop with Linux or OSX with a windows XP virtual machine.

What you get:

  • Book of materials
  • Course disc

Trainer:

Adam Meyers is a Senior Principal with the Products and Offerings Division of SRA International. Mr. Meyers serves as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provides both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers has extensive experience in Penetration Testing, Security Engineering and Architecture, Wireless Communication, and Reverse Code Engineering. Mr. Meyers is a recognized speaker who has presented on topics ranging from high level business solutions to deep technical training including industry conferences such as RSA and CSI. He currently supports the Department of State Bureau of Diplomatic Security leading a reverse engineering and cyber threat analysis team charged with investigation and mitigation.


Gary Golomb is a Senior Research and Development Engineer at NetWitness Corporation, and has previously served as the founder and CEO of Proventsure, Director of R&D and Security Competitive Intelligence at Enterasys Networks, and lead IT Forensics Investigator for the George Washington University (GWU). At GWU, Mr. Golomb led projects analyzing thousands of the university's computers for Personally Identifiable Information, security configuration, and policy compliance, and network detection of malware and policy and regulation violations. Academically, Mr. Golomb worked in the field of bioinformatics, proteomics, and pharmacogenomics, and created algorithms for protein identification used in synthetic biomaterials and genome mapping. Mr. Golomb served in the U.S. Marine Corps as a Recon Marine in a direct action platoon in the 2nd Force Recon Company and deployed internationally as part of the Special Operations team of the 24th Marine Expeditionary Unit. Mr. Golomb has developed a number of patent-pending techniques for detecting various types of data and activity in data in motion and data at rest.


Brian Jack is the founder and CEO of iAssault Technologies. Previously he served as the Lead Security Analyst for GFI Software (formerly Sunbelt Software), Senior Software Engineer at Raytheon Corporation, and as an Information Security Consultant for PricewaterhouseCoopers. Mr. Jack was responsible for the research and development team at Sunbelt/GFI for their malware analysis tools, CWSandbox/GFI Sandbox and ThreatTrack. His focus was on building automated analysis, detection, and prevention tools for web and non-executable threats. Mr.Jack has presented at several conferences regarding threat analysis and security awareness. Mr.Jack currently holds CISSP, CEH, and GREM certifications, has developed patent-pending technology regarding document exploits, and is a published author in the field of neuroscience research.


Super Early:
Ends Oct 15

Early:
Ends Nov 15

Regular:
Ends Dec 15

Late:
Ends Jan 15

Onsite:

$2200

$2400

$2600

$2800

$3100