Date Item Duration Trainer / Speaker
October 4th & October 5th Technical Training Track 1 2 Days John T. Draper
October 4th & October 5th Technical Training Track 2 2 Days Saumil Shah & Shreeraj Shah
October 5th Business Training 1 Day Jorge Sebastiao



BY: John Draper (aka Captain Crunch)

  • Date: 4th & 5th October 2004

  • Venue: The Westin Kuala Lumpur

  • Duration: 2-days

  • Capacity: 30 pax

  • Cost: RM1,500 per person.

This course will examine and discover the methods deployed by spammers, hackers, and other insurgents in their never ending quest to fill as many mailboxes with spam and smut as possible.

Participants will get a hands on experience in how to interpret spam mail headers, identify mail sending points, extract domain ownership information on who really owns these spam promoted web sites, and how to track them.

The course is based on analysis of the tools spammers use to control large amounts of infected machines for their deeds, whatever they are.

This includes the use of Honey pots for the purpose of deliberately infecting a machine, then “sniffing” the network for anomalous behavior.

These sniffed logs are then examined to determine their protocol, examine payload, and identify unique “patterns” which are used to construct Snort IDS rules for the detection of any communication protocol the virus or Trojan may be using.

During the course, the participants will be introduced to the following methods, code, and tools for the identification of these viruses, as well as the following disciplines.

  • Examining spam mail to identify it’s source
  • Using network tools to identify the organization the spam came from
  • Setting up an IDS and network analysis system
  • Sniffing and identification of virus or Trojan communication protocols.
  • Examining methods of acting on IDS events in real time.
  • Network tracing to identify upstream providers
  • Examining how viruses and worms are spread.

Participants would have access to UNIX and Windows OS machines, with access to Python programming language, used to write specialized programs and tools.

Key Learning Objectives:


  • How to manage and deal with the large volume of spam
  • How to protect your network from hostile attacks from inside or outside threats
  • How to write Snort rules in almost “real time” to detect new threats as they come in
  • Identification of 'Phishing' schemes, and Email tracking.
  • Tracking down spammers
  • Spam reporting techniques.
  • Basic Python programming

General Learning Objectives:

  • How to protect you and your network from outside threats
  • How to develop a spam managed Email system
  • How to report spam, and what ISP’s want in their reports.

Who should Attend:

  • Network and System administrators
  • CTO’s and technical management
  • John Q Public
  • Students
  • Law Enforcement
  • Attorneys
  • Lawmakers
  • Anyone interested in a spam free internet experience.


John T Draper,

Founder and CEO, ShopIP Inc.

Founder and CEO of Shopip Inc,  now involved in a new venture dedicated to promoting a spam free internet experience for all internet users.  His focus as been with analyzing spam, it’s sources, how it’s sent, and how to deal with it on a larger more global scale.

John also provides custom consulting services, training, and other means of spreading important information on how we all can protect the fragile internet infrastructure by developing real time reactionary tools for dealing with these kinds of threats.

Previously, John has developed the Crunchbox, an IPS (intrusion prevention system) using stealth means of hiding and protecting important internet assets while still allowing these assets to be used by outside users,  and yet keeping unauthorized users totally in the dark to even the existence of such a protected network.   “You can’t hack what you can’t see” is his motto.

John Graduated from College in Silicon Valley, the high tech mecca where most of this technology was developed, then went on to develop EasyWriter, the first word processor Program ported to the popular Apple II, putting sophisticated word processing in the hands of the masses.

John has appeared on nationwide TV in numerous interviews, relating to telecommunications and internet security,  and has traveled all over the word to give talks and training sessions on this important subject.

A few years ago, when spammers shut down his popular web hosting and Email service, John took this as a personal attack, and got actively involved in the anti-spam movement, and is now shutting down more then 150,000 infected hosts per month through his aggressive spam reporting system.




BY: Net-Square Consulting and MIMOS Consulting Group (MCG)

  • Date: 4 & 5th October 2004

  • Venue: The Westin Kuala Lumpur

  • Duration: 2-days

  • Capacity: 30 pax

  • Cost: RM1,500 per person

This course is an intense two-day journey into the innards of web application security.  Brought to you by the authors of “Web Hacking: Attacks and Defense”, the class is based on case studies of real-life web applications riddled with security problems.  Participants are given a hands-on experience in performing thorough application security reviews, as well as secure coding and application deployment techniques.

The course is based on a highly proven application testing methodology, encompassing black box and white box testing techniques, application security principles and practices, and real world examples.

During the course, the participants are introduced to a web application, which they have to secure by the end of the training class. The application lockdown exercise takes the participants through various concepts such as:

  • Understanding application security issues
  • Application testing methodologies
  • Secure application deployment
  • Secure coding techniques
  • Security by design.

The “Web Applications: Attacks and Defense” class features web applications written using ASP or PHP, encompassing security issues such as:

  • Exception handling
  • SQL injection
  • Remote command execution
  • Data tampering
  • Cross site scripting

The advanced edition of the “Web Applications: Attacks and Defense” class features a more complex web application, written using ASP, PHP, ASP.NET or Java/JSP.  In addition to the regular class, the advanced edition class includes security issues such as:

  • Authentication
  • Preventing session hijacking
  • Privilege escalation
  • Advanced SQL security with stored procedures

This class involves rigorous hands-on exercises.

Key Learning Objectives:

  • Problems that occur when developing a web application.
  • Security issues when deploying a web application.
  • Web application security testing
  • Securely configuring web servers
  • Secure coding techniques
  • Spotting basic errors in web application code
  • Basic error handling techniques

General Learning Objectives:

  • Developing procedures to test and maintain the security of a web application.
  • Source code review procedures.
  • Proficiency with security testing tools and procedures

Who Should Attend:

  • Developers: Learn what can go wrong with badly written application code, and how to prevent such errors.
  • Web site administrators: Learn how to securely configure a web server and an application server, without compromising on functionality.
  • Application security analysts: Learn how to systematically analyze and audit a web application.
  • Project managers / IT managers: Learn how to be effective in maintaining a secure web application, going ahead.


Saumil Udayan Shah
Founder and Director,
Net-Square Solutions Pvt. Ltd.

Saumil continues to lead the efforts in e-commerce security research at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web based application systems. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogeneous platforms, and information security and has performed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan - Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's Ultimate Web Hacking training class.

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, information security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)

Shreeraj Shah

Director, Net-Square Solutions Pvt. Ltd.

Shreeraj founded Net-Square in January 2000, to establish the company as a strong security research and security software development company. Net-Square has been instrumental in developing and exporting web security components companies such as Foundstone and NT OBJECTives. He leads research and development arm of Net Square. He has over 5 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled "Web Hacking: Attacks and Defense" published by Addison Wesley




BY: E-Security Gulf Group (ESGulf)

  • Date: 5th October 2004

  • Venue: The Westin Kuala Lumpur

  • Duration: 1-day

  • Capacity: 15 pax

  • Cost: RM1,500 per person.

Information security is critically important to today’s organizations. You business may depend on the future of an eBanking. Esgulf has developed a comprehensive practical course that introduces you to information security and protection from the Hackers perspective. This one-day intensive course prepares you to understand your organization information protection needs in the new age of the Internet.

We will cover practical topics of information security. We expose the participants to the nature of vulnerabilities and how they are being exploited by hackers today. We will highlight the state-of-the-art technologies to defend and manage the risk against these threats. We will build real awareness about today’s dangers in information security. We provide a practical view of the real dangers your organization faces from Hackers and understand the requirements to develop effective protection standard, policies and monitoring systems for their own business. This course is based 100% on practical and real world examples.

Key Learning Objectives:

Web Security Basics

  • Security in the News, Attacks and their nature
  • Threats, Vulnerabilities, Methodology for Security

Hacker’s Viewpoint

  • Information gathering techniques
  • Penetration, Exploiting weaknesses and vulnerabilities
  • Gaining access, Pilfering
  • Covering tracks, Creating back doors, Denial of Service
  • Google as a search tool
  • Downloading and Installing
  • Scanning, Penetrating

Wireless Security

  • Basics
  • Bluetooth
  • Wifi

Social Engineering

  • Weakest Link, Human Element
  • Security Awareness, Beyond traditional infosec
  • Protection, Detection, Response

Key elements of Infosec

  • Policy
  • 2x7x365
  • Security Awareness, Training, Education
  • Incidence Response

Hacking Workshops

  • Using Google
  • Hacking Passwords
  • Stealing Emails
  • Hacking WWW sites

Who Should Attend:

  • Upper Management and key decision makers.
  • Technical managers


Jorge Sebastiao (CISSP, ISP)
President and CEO, E-Security Gulf Group

With over nineteen  years of IS experience and six years of security experience, Mr. Sebastiao brings experience, creativity, structure and innovation to the “E-Business computing”.

As CEO at E-Security Gulf Group; he architects business focused security solutions. Previously at Computer Associates Middle East and Computer Associates Canada he implemented leading Enterprise Management, Security Management and Information Management solutions for mission critical business applications.

He has guided clients in the integration of current technologies and migration of legacy applications to  newer computing paradigms which make use of--object orientation, distributed systems, client/server, multi-tier as well as E-technologies.  Mr. Sebastiao also co-authored a consumer credit and information book titled "La Face Cachée du Credit".



Our Sponsors

Our Speakers are Supported By:

Supporting Organizations:

Malaysian Communications and Multimedia Commission

Special Interest Group in Security & Information InteGrity Singapore


Zone-H - IT Security Information Network

Wireless Security Monitored By


HITB Partner


Media Partners

Official Media Partner


© 2004 Hack In The Box (M) Sdn. Bhd.
HTML and PHP by spoonfork (mel at hackinthebox dot org)