Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7


Washington, DC | Fri, Jun 14 - Sat, Jun 22, 2013
This event is over,
but there are more training opportunities.

Offensive Countermeasures: The Art of Active Defenses

Presented by Black Hills Information Security

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

In this class you will learn how to force an attacker to take more moves to attack your network. Moves that can increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy's system. And most importantly, you will find out how to do the above legally.

The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you and, finally, attack the attackers.

This class is based on the DARPA funded Active Defense Harbinger Distribution live Linux environment. This VM is built from the ground up for defenders to quickly implement Active Defenses in their environments. This class is also very heavy with hands-on labs. We won't just talk about Active Defenses. We will be doing hands-on labs, and through them in a way that can be quickly and easily implemented in your environment.


  • Why Offensive Countermeasures?
  • Legal Issues
  • Core Security Concepts most People are Missing
  • Why Current Security Strategies are Failing
  • Layers of Defense for the Bad Guy
  • Observe Orient Decide Act
  • The Three A's of Offensive Countermeasures (Annoyance, Attribution and Attack)
  • Fuzzing Attack Tools
  • DOM-Hanoi
  • SpiderTrap
  • Web Labyrinth
  • DNS Servers from Hell
  • Honeypots
  • Dynamic Blacklists from the Command Line for Windows and for Linux
  • Dealing with Attackers using TOR
  • Proxychains and TORProxy
  • How Nmap Really Works with TOR
  • Metasploit Decloak
  • Word Web Bugs
  • Web Application Street Fighting
  • Browser Exploitation Framework
  • Evil Java Applications
  • Social Engineering Toolkit and OCM
  • Bypassing AV... To Attack the Attackers
  • Honey Claymores (or, Why did I open that file?)



SANS Hosted are a series of classes presented by other educational providers to complement your needs for training outside of our current course offerings.

Course Syllabus

Additional Information

  • Host system with at least 2 Gig of memory.
  • VMware Player, Workstation or Fusion
  • Windows XP, Windows 7, or OS X

If you have additional questions about the laptop specifications, please contact

Security Professionals and Systems Administrators who are tired of playing catch-up with attackers.

Basic OS understanding of Windows and Linux and a basic understanding of TCP/IP