I have recently returned from London after completing the SANS Intrusion Detection In Depth 6 day bootcamp. Being the first SANS course I have attended I was very impressed, both with the quality of the course and the tutors, whilst also enjoying many restaraunt quality meals between lessons!
The course material was (in my opinion) somewhat basic and much more of a general overview around Intrusion Detection, with various subjects touching on more advanced topics. I was particularly impressed with the depth into administering/using TCPDump and creating advanced pcap-filters. Delving into SNORT was nothing new to me, however the aforementioned knowledge on deep packet analysis with tcpdump certainly helped me understand Snort signature creation & optimisation.
We were lead by SANS ‘Chief Research Officer’ Johannes Ullrich – who was one of the best instructors I have had, leading with clear & well defined examples and real world scenarios. I appreciate an instructor who takes the time to discuss the more complex subjects whilst fast-tracking the less, ‘interesting’ topics – whilst maintaining a high level knowledge transfer. Johannes certainly pulled this off.
Personal projects to come out of the course -
- Install & Configure honeypot/snort system at home
- Collect syslog events from snort sensor & collate with SPLUNK
- Configure scripts to retrieve pcap on demand from within SPLUNK
Hi. I'm Matt Newham, 23 years old. I'm a network security engineer, specializing in Intrusion Detection.
I enjoyed checking out your blog today and I will be back to check it more in the future so please keep up your good quality work. I love the colors that you chose, you are quite talented!