Trial By Fire

Thomas Ptacek | April 26th, 2005 | Filed Under: Uncategorized

The website for our class is up, to some definition thereof.

I think the class itself is going to be excellent. We’re going to teach an audience how to beat the hell out of security products, something that rarely happens in real-world product evaluations. Some interesting aspects of the class:

• It’s black-box “pentest”-style security with a completely white-hat objective that is common to teams at basically every large company.

• There are significant cases, regarding very well-known products, where “the emperor really has no clothes”, and you’ve gotta love the idea of teaching people how to stick it to those crooks.

• It reprises and extends research me and Tim Newsham did 8 years ago and allows us to collect all the ideas everyone else has come up with in one place.

  (The plan, right now, is to build the website into that resource).

And by the way, in that vein, I managed to resurrect our IDS paper from the clutches of PostScript bitmap fonts, and created a digitally remastered version on the new site. I actually salvaged this from an old dvihtml document. If anyone can come up with a decent way to “fix” an old PostScript document with bad fonts, I’d love to hear about it.