OpenBSD Journal

REcon announcement - training session needs some help

Contributed by grey on from the Wanna get schooled? dept.

REcon will be going on for the second year in Montreal this June, and OpenBSD contributors will be there in force. With Mathieu Sauvé - Frankel (msf@) still behind the scenes as an organizer, this year's main conference will also feature a talk from Ted Unangst (tedu@) on material from his day job at Coverity.

However, due to one of the training sessions receiving low registration numbers putting it in jeopardy I want to put the spotlight on one of the intensive courses in particular: Packet Mastering the Monkey Way taught by Marius Eriksen (marius@) & Jose Nazario (deadly.org & Secure Architectures with OpenBSD). Currently only three people are enrolled for this training session, and if there aren't 10 registered attendees within a week, the session will be cancelled in order to give fair warning & refunds to those who have already made a commitment for this class.

This is the first time this two day intensive will be taught in North America (last year Jose presented an extremely condensed hour overview at both REcon and previously HitB Malaysia while Marius & Jose did a two day hands on intensive for the first time at HitB Malaysia with a small class). This is a rare chance to learn the network tool development techniques employed by the likes of other monkeys (and OpenBSD contributors ;) such as Dug Song & Niels Provos. The class itself will have a box running OpenBSD with all the needed tools set up, so our readers should be familiar with the environment - just bring yourself and a laptop with an ssh client and by the end of two days you should have written everything from your own network scanners, to password sniffers.

Anyway, I hope it doesn't sell like I'm trying to sell this too hard. Due to unfortunate circumstances, last year's talk from Ryan McBride (mcbride@) on network randomness and OpenBSD was cancelled at REcon. I prepared the original announcement, and hope I didn't let our readers down who may have attended on account of that. This year, hearing wind of one of the pertinent training sessions being put at risk of cancellation, I thought it would be prudent to be proactive in posting a story in hopes that perhaps enough of our readership might find this class worthwhile to make it happen.

Of course, the main conference itself has plenty of other great speakers lined up on subjects pertinent to security & reverse engineering. While the separate training intensives may sound a bit expensive, I think you'd be challenged to find comparable courses anywhere else regardless of price. Just so as not to focus entirely on Marius & Jose's course, I have heard that Nicolas Brulez reverse engineering classes are "very very good" teaching material in a hands on manner. That said, in my opinion the main conference I must say has one of the best deals in a security conference to be found and has great catering included in the $450 CDN.

(Comments are closed)


Comments
  1. By Anonymous Coward (128.171.90.200) on

    Was Coverity not used by DHS to uncover the recent bug in X ?

    Comments
    1. By Nate (65.94.97.111) on

      > Was Coverity not used by DHS to uncover the recent bug in X ? Well, since they started scanning X.org has fixed lots of bugs, or at least the scan site says so.

    2. By Matthieu Herrb (213.41.176.184) on

      > Was Coverity not used by DHS to uncover the recent bug in X ?

      Yes the Coverity scans helped to find the bug. They were sponsored by DHS. But spotting this vulnerability among all the errors reported was done by a X.Org developper, not my DHS.

    3. By David Martin (69.92.240.238) on

      > Was Coverity not used by DHS to uncover the recent bug in X ? A story regarding the "X bug" can be found here.

      Comments
      1. By Anonymous Coward (128.171.90.200) on

        > Was Coverity not used by DHS to uncover the recent bug in X ?
        > A story regarding the "X bug" can be found here.

        and the CVS fix is here

  2. By Anonymous Coward (64.92.167.26) lo@obsd.org on

    i think Coverity is a big joke. they have not done anything usefull really.

    Comments
    1. By phessler (69.12.168.114) on http://www.coverity.com

      > i think Coverity is a big joke. they have not done anything usefull really.

      Do you mean other than writing a tool to find those bugs automatically and giving Open Souce developers access to it for free?

      (Disclosure: I work for Coverity)

      Comments
      1. By Anonymous Coward (64.92.167.26) lo@obsd.org on

        > Do you mean other than writing a tool to find those bugs automatically and giving Open Souce developers access to it for free?

        You are insulting my freedom by requiring me to register so i can view those results.
        And by the way how many bugs those awesome automatic tools found from OpenBSD?

        (Disclosure: I work as i want)

        Comments
        1. By Anonymous Coward (69.12.168.114) on

          > And by the way how many bugs those awesome automatic tools found from OpenBSD?

          probably more than you have.

          Comments
          1. By tedu (69.12.168.114) on

            oops, i said the above.

        2. By rmg (208.181.115.2) on

          > And by the way how many bugs those awesome automatic tools found from OpenBSD?

          Not sure how many "bugs" are found, but if you look at the CVS commit logs, you'll see a very large number of them credit lint(1). From my understanding, coverity pushes a mutant super lint(1).

          Theo and the gang seem to use them a lot.

          Comments
          1. By Anonymous Coward (128.171.90.200) on

            > Not sure how many "bugs" are found, but if you look at the CVS commit logs, you'll see a very large number of them credit lint(1).
            > From my understanding, coverity pushes a mutant super lint(1).
            > Theo and the gang seem to use them a lot.

            I think Chad Loder was doing a lot of work on lint recently

        3. By Anonymous Coward (128.171.90.200) on

          Thats not an insult to your freedoms, this is an insult to your freedoms

          "You're freedoms are free, as in freedom fries"

  3. By Anonymous Coward (69.70.207.240) on

    If I could afford $450.00 to attend, I would in a heart beat!

    Comments
    1. By Jim (68.250.26.213) on

      Total registration cost $2150 + tax.

      Knowledge Gained, Priceless.?.?.

      Comments
      1. By Anonymous Coward (128.171.90.200) on

        > Total registration cost $2150 + tax.
        > Knowledge Gained, Priceless.?.?.

        I feel a MasterCard commercial coming on ....

      2. By Anonymous Coward (85.240.90.49) on

        > Total registration cost $2150 + tax.
        >
        > Knowledge Gained, Priceless.?.?.
        >
        >

        ya it sucks!

  4. By Anonymous Coward (66.131.194.17) on

    Please note that the exchage rate has continued to equalize between USD and CAD. I saw it dip to the 1.099 mark today for a while -- this may have a heavy influence on those from the US who are/were considering attendance as their dollar just will not stretch as far as it used to north of the border.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]