NT/2K/XP Incident Response Training

From: H C (keydet89@yahoo.com)
Date: 02/20/02

Date: Wed, 20 Feb 2002 10:20:21 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: incidents@securityfocus.com

To all,

Over the years, as I've performed consulting work, or
worked as a security manager, one of the very
prevalent issues I've identified is that many NT/2K
admins aren't able to properly deal with incidents.

Look at the lists, for example. In the week prior to
BlackHat, we all saw two posts on the SF lists in
which a Unix admin had to respond to an incident. In
both cases, the actions of the admin included port
scanning the 'victim' system, and then comparing those
results with a list of known, default trojan ports.

Is this effective incident response? What should the
response have been? What could have been done head of
time to prevent the incident from happening?

In order to help educate anyone who administers
NT/2K/XP systems, I've created a Incident Response
course. The course is 2 days long, and is very
intensive, with hands-on labs, discussions, and
scenarios. The whole spectrum of incident response is
covered, from why policies and procedures are needed,
to incident preparation, data hiding (very heavy on
NTFS alternate data streams), and freeware tools that
can be used in incident response activities.

Specifics about the course can be seen here:


I've taught this course several times already, and
presented a trimmed-down version at the recent
BlackHat Windows Security conference. It's been very
well received, and everyone (including myself) has
learned a lot.

This course is taught at your site. That means that
instead of sending up to 16 people away to a remote
site, and paying their course fees, travel and
lodging, I come to your site and teach the course.

Anyone interested in learning more about the course
can contact me at keydet89@yahoo.com.



Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: [Full-Disclosure] Reacting to a server compromise
    ... Incident Response Procedures ... Computer security incidents are occurring at an ever-increasing rate on the ... Since we, Company XYZ, depend on the Internet for our livelihood, ...
  • RE: [Full-Disclosure] Reacting to a server compromise
    ... "Computer Security Incident Handling Step-by-Step," ... Incident Response Procedures ... Since we, Company XYZ, depend on the Internet for our livelihood, ...
  • Incident Koordinator / Hessen
    ... Aufgabe: Incident Koordinator ... Standort in Hessen. ... konzeptionellen Ausbau des Computer Security Incident Response Teams. ...
  • nbc Another non-terrorist attack nbc
    ... Another terrorist incident in the US. ... Passengers on the plane described a series ... York, the ranking Republican on the House Homeland Security Committee, ... Northwest Airlines Flight 253, bearing Delta’s name — and the plane ...
  • Latest web hacking incidents
    ... Following are the latest addition to the Web Hacking Incidents Database ... (WHID), a Web Application Security Consortium project. ... WHID 2007-48: MSU investigating hacking incident ... Incident Type: Security Breach ...