Forwarded from the Skullspace announce list since I know this will be of interest to some of members. -Adam

-------- Original Message -------- Subject: [SkullSpace-Announce] Full-Day Class on Wireshark and SSL on Saturday From: Mak Kolybabi mak@kolybabi.com To: announce@lists.skullspace.ca CC:

Alex, Ron, and I will all be attending Sharkfest next Sunday through Thursday as presenters. Alex and I are looking to do a full test run of our material the day before we leave, Saturday, June 15th, at the next SkullSpace hackathon. We'd appreciate an audience.

At Sharkfest, I'm teaching a full-day hands-on lab from 10:15 am to 4:45 pm. This is a huge chunk of time, large enough to strain my usual time-filling tactics of ranting while doing jazz hands and berating the audience. I've been called in to replace someone far more qualified than I am for this, so as not to embarrass myself at Sharkfest, I plan to do a full run-through of the course on Saturday. After the course is done, Alex will give his presentation.

We will both be talking about packet captures and network analysis, which are useful in troubleshooting, reversing, and CTFs. My hands-on lab will be from 10:15 am to 4:45 pm and Alex will present at 5:00 pm. Below are our bios and other information shamelessly lifted from the Sharkfest site.

Please reply out-of-band -- by making a separate, not reply-all, email to me -- if you are planning to attend the hands-on lab, so I can plan pizza (we'll take a lunch break) and seating accordingly.

******************************************************************************** SSL Troubleshooting With Wireshark

Mak Kolybabi, Technical Lead, Reverse Engineering, Tenable Network Security

SSL plays an important role in ensuring confidentiality, integrity and authentication of communication over a public network like the Internet. It is used for securing (web) applications as well as for implementing a public key infrastructure (PKI). A good understanding of the SSL protocol will help solve issues in setting up secure communication based on SSL. In this Hands-On Lab, we'll review the SSL protocol and how Wireshark and tshark can be used to analyze the different handshake messages, troubleshoot common problems in the SSL session setup and successfully decrypt SSL traffic for further analysis of the transported data.

Who Should Attend: Network engineers, network security professionals, software developers

What You'll Need: Bring your own laptop with Wireshark installed.

Takeaway: A good understanding of the SSL and a sure footing in setting up secure communication based on the protocol.

Mak Kolybabi lives in Canada and is the Technical Lead of Reverse Engineering at Tenable Network Security. He has written hundreds of Nessus plugins and currently maintains those related to SSL/TLS/X.509. In his spare time he gives talks locally and teaches classes at the local hackerspace, SkullSpace, which he co-founded. Recently, he's been working on organizing BSides Winnipeg and creating a learning CTF called The DangerZone." ********************************************************************************

******************************************************************************** I Can Hear You Tunneling...

Alex Weber, Security Software Developer

SSH is the de facto standard for accessing remote Unix-like servers over a hostile Internet. SSH has many other capabilities, including secure file transfer and the ability to tunnel TCP-based protocols, providing an additional layer of transport security. All of this functionality is great for users that legitimately need to protect their communications, but without the ability for network administrators to do Deep Payload Inspection, SSH presents a very real risk to an organization's network security.

In this presentation, Alex Weber will summarize previous research and present tools and techniques to passively analyze SSH traffic for evidence of policy violation and intrusion.

Alex Weber is a Canadian software developer with an interest in network security, cryptography, and interesting programming languages.

Outside of his day job, Alex has contributed patches to the Nmap network scanner, the FreeBSD Documentation Project, and has been featured on the front page of Threatpost for writing a malicious bootloader program to steal Windows passwords ********************************************************************************