Review: Offensive Countermeasures: Defensive Tactics That Actually Work

docricedocrice Member Posts: 1,706 ■■■■■■■■■■


I had an opportunity to take some training classes at Black Hat USA this year and this one caught my eye. The instructors were John Strand and Paul Asadoorian (of PaulDotCom). As I work in network security / defense, this two-day course seemed intriguing and I wasn't sure what to expect. Given the reputation of the instructors (with John being a SANS instructor and Paul being known throughout the community for his podcasts), it seemed that I would get my money's worth. The instructors are very passionate about their focus and obviously very good at what they do.

Offensive Countermeasures is not your typical infosec class. It's not about how to configure firewalls / IDS / monitoring systems, doing packet analysis, or pentesting in the usual manner. As the title implies, it covers methods (some which are traditionally used by the bad guys) and turning the table to give the defense team the advantage, centering around using said techniques to annoy potential intruders, attribute their characteristics to make them stand out, and "attack" as a defensive measure. The traditional solutions that organizations have been employing over the past decades have either been incomplete relative to current threats or totally ineffective. Thus, a new approach is needed and the ideas presented in class should help further equalize the playing field.

In a nutshell, I felt this was one of the best classes I've ever taken. It's very practical, there are lots of hands-on labs, and if you do network security for your organization and feel as if you're constantly behind the security curve, then this course is for you. There are many concepts taught that you probably wouldn't want to try out in your production environment without consulting your legal team first, but otherwise there are lots of valuable nuggets to walk out of the class with that you'll be thinking about trying on the Monday you get back to work.

At the end of the course is a capture-the-flag event where many of those ideas can be used to earn points towards an ultimate objective. The CTF involves working in teams and collaborating to employ the different techniques to get the bad guy to reveal himself.

Unfortunately, this course isn't a regular offering but it seems as if SANS provides a schedule for it occasionally. I'm not sure whether this is an official SANS offering or independently provided by John Strand and Paul Asadoorian. Either way, the course description should provide a good overview of what you'll get. It will be a lot of fun regardless.

One thing to consider is that while the course description implied that one could get away with just bringing a MacBook with sufficient hardware to class, in reality it helps to also have a Windows machine as well (or just a Windows machine for the entire class). A small number of labs relied on Windows.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/


Sign In or Register to comment.