Are you interested in joining the exalted ranks of vulnerability analysts? Are you responsible for your organization's IPS/IDS deployment? Would you like to use those IPS/IDSes to the fullest of their potential?

Well, you're in luck! Rohit and I are presenting a class at this year's Black Hat information security conference!

The class is designed to allow you to write the best possible signatures for your IPS/IDS, and the best way in which to deploy the IPS/IDS. It also covers ways to use your IPS system for things other than intrusion prevention, including security policy enforcement and data leakage prevention.

The class begins with a quick overview of the TCP/IP stack. While you may think this is redundant, it covers a lot of the rare corner cases and portions of the stack that are often glossed over.

It then is followed by tutorials in regular expressions, the Snort signature language, and an in-depth analysis of the theory behind IPS/IDS.

(Trust me on the theory portion: we want to be absolutely sure that the techniques learned in this course apply to whatever IPS/IDS solution you have installed at your organization, regardless of vendor.)

It continues with an analysis of common evasion techniques (and how to evade them!), common vulnerabilities, and methods of writing filters that will protect a broad swath of vulnerabilities in a single fell swoop.

The course also covers the tools of the trade, including traffic analysis tools, traffic generation tools, and the ever popular exploit tools.

Practical exercises abound: you'll write signatures against vulnerabilities, evade others' signatures (and your own!), write signatures that enforce security policy, and analyze exploit source code.

The goal here is that, after a brief two days, you'll be able to effectively use IPSes and IDSes to help secure your organization against both internal and external threats. And, perhaps even more interestingly, you'll be able to use your IPS to enforce organizational policy and help with regulatory compliance.

There's still a little room left, if you'd like to join us! The class is filling up, though, so be sure to register sooner rather than later!