RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-3, August 4-5

The Art of Developing Effective Intrusion Detection/Prevention Signatures

Rohit Dhamankar, TippingPoint

Rob King, TippingPoint

registration button


This course provides a good theoretical and practical introduction to the development of effective intrusion detection and prevention strategies, with an emphasis on traffic identification via IDS/IPS signatures. Students will learn how to analyze raw network traffic, how to identify salient points in attacks, and how to effectively differentiate attack traffic from benign traffic. Practical exercises include developing signatures for live IDSes and seeing how those signatures block real attack traffic, capturing traffic, using popular exploit tools, attempting to evade IPS/IDS signatures, and using various network traffic analysis tools. A full verview of theoretical and technical aspects of traffic analysis, including overviews of the TCP/IP protocol stack and regular expressions, will be provided


2 days


Basic knowledge of networking and security vulnerabilities


Rohit Dhamankar is the Senior Manager of Security Research at TippingPoint, where he leads the Digital Vaccine group. His group is responsible for developing protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications to incorporate them into TippingPoint's intrusion prevention systems. He co-authors the weekly SANS Institutes's @RISK newsletter, which ranks the severity level of new vulnerabilities and is sent to over 200,000 subscribers. Rohit is also the Director for the SANS Top-20 Internet Security Attack Target project. Rohit is a frequent speaker at major industry conferences and has been quoted and featured in many top publications including the USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET etc.

Prior to TippingPoint, Rohit was employed at Cisco Systems, where he worked as a software developer for Cisco's Secure Intrusion Detection System and Cisco Secure Scanner. He is a frequent speaker at security conferences, and holds an M.S. in Electrical Engineering from UT, Austin and an M.Sc in Physics from the Indian Institute of Technology in Kanpur, India.

Rob King is aSenior Security Researcher with the Digital Vaccine group at TippingPoint. He is an expert in security and vulnerability analysis, numerous programming languages, and houses a panoply of computer science esoterica in his head. He co-authors the weekly SANS @RISK network security newsletter, read by over 200,000 regular subscribers. Rob has spoken at several network security conferences, including Black Hat and Shmoocon. He has provided network security consulting for a variety of high-profile clients, including Exodus Communications and Whole Foods Market in the United States, and the European Investment Bank and InterTransact A.G. in Luxembourg.

Ends May 1

Ends July 1

Ends July 31

Begins August 1

$2000 USD

$2200 USD

$2400 USD

$2700 USD
1997-2009 Black Hat ™