|
TECHNICAL
TRAINING
TRACK
1 - SPAM
ATTACKS
AND
HOW
TO
DEAL
WITH
THEM |
BY: John
Draper (aka Captain Crunch)
-
Date:
4th & 5th October 2004
-
Venue:
The Westin Kuala Lumpur
-
Duration:
2-days
-
Capacity: 30 pax - CLASS IS FULL
-
Cost:
RM1,500 per person.
This course will examine and
discover the methods deployed by spammers, hackers, and other
insurgents in their never ending quest to fill as many mailboxes
with spam and smut as possible.
Participants will get a hands
on experience in how to interpret spam mail headers, identify mail
sending points, extract domain ownership information on who really
owns these spam promoted web sites, and how to track them.
The course is based on analysis
of the tools spammers use to control large amounts of infected
machines for their deeds, whatever they are.
This includes the use of Honey
pots for the purpose of deliberately infecting a machine, then
“sniffing” the network for anomalous behavior.
These sniffed logs are then
examined to determine their protocol, examine payload, and identify
unique “patterns” which are used to construct Snort IDS rules for
the detection of any communication protocol the virus or Trojan may
be using.
During the course, the
participants will be introduced to the following methods, code, and
tools for the identification of these viruses, as well as the
following disciplines.
-
Examining spam mail to identify it’s source
-
Using
network tools to identify the organization the spam came from
-
Setting up an IDS and network analysis system
-
Sniffing and identification of virus or Trojan communication
protocols.
-
Examining methods of acting on IDS events in real time.
-
Network tracing to identify upstream providers
-
Examining how viruses and worms are spread.
Participants would have access to UNIX and
Windows OS machines, with access to Python programming language,
used to write specialized programs and tools.
Key Learning Objectives:
-
How to
manage and deal with the large volume of spam
-
How to
protect your network from hostile attacks from inside or outside
threats
-
How to
write Snort rules in almost “real time” to detect new threats as
they come in
-
Identification of 'Phishing' schemes, and Email tracking.
-
Tracking down spammers
-
Spam
reporting techniques.
-
Basic
Python programming
General
Learning Objectives:
-
How to
protect you and your network from outside threats
-
How to
develop a spam managed Email system
-
How to
report spam, and what ISP’s want in their reports.
Who should Attend:
-
Network and System administrators
-
CTO’s
and technical management
-
John Q
Public
-
Students
-
Law
Enforcement
-
Attorneys
-
Lawmakers
-
Anyone
interested in a spam free internet experience.
Trainer
Founder and CEO of Shopip Inc,
now involved in a new venture dedicated to promoting a spam free
internet experience for all internet users. His focus as been with
analyzing spam, it’s sources, how it’s sent, and how to deal with it
on a larger more global scale.
John also provides custom
consulting services, training, and other means of spreading
important information on how we all can protect the fragile internet
infrastructure by developing real time reactionary tools for dealing
with these kinds of threats.
Previously, John has developed
the Crunchbox, an IPS (intrusion prevention system) using stealth
means of hiding and protecting important internet assets while still
allowing these assets to be used by outside users, and yet keeping
unauthorized users totally in the dark to even the existence of such
a protected network. “You can’t hack what you can’t see” is his
motto.
John Graduated from College in
Silicon Valley, the high tech mecca where most of this technology
was developed, then went on to develop EasyWriter, the first word
processor Program ported to the popular Apple II, putting
sophisticated word processing in the hands of the masses.
John has appeared on nationwide
TV in numerous interviews, relating to telecommunications and
internet security, and has traveled all over the word to give talks
and training sessions on this important subject.
A few years ago, when spammers
shut down his popular web hosting and Email service, John took this
as a personal attack, and got actively involved in the anti-spam
movement, and is now shutting down more then 150,000 infected hosts
per month through his aggressive spam reporting system.
REGISTER NOW ! |
***
TECHNICAL
TRAINING
TRACK
2 - WEB
APPLICATION
ATTACKS
|
BY:
Net-Square
Consulting and MIMOS Consulting Group (MCG)
This course is
an intense two-day journey into the innards of web application
security. Brought to you by the authors of “Web Hacking: Attacks
and Defense”, the class is based on case studies of real-life web
applications riddled with security problems. Participants are given
a hands-on experience in performing thorough application security
reviews, as well as secure coding and application deployment
techniques.
The course is
based on a highly proven application testing methodology,
encompassing black box and white box testing techniques, application
security principles and practices, and real world examples.
During the
course, the participants are introduced to a web application, which
they have to secure by the end of the training class. The
application lockdown exercise takes the participants through various
concepts such as:
-
Understanding application security issues
-
Application
testing methodologies
-
Secure
application deployment
-
Secure
coding techniques
-
Security by
design.
The “Web
Applications: Attacks and Defense” class features web applications
written using ASP or PHP, encompassing security issues such as:
-
Exception
handling
-
SQL
injection
-
Remote
command execution
-
Data
tampering
-
Cross site
scripting
The advanced
edition of the “Web Applications: Attacks and Defense” class
features a more complex web application, written using ASP, PHP,
ASP.NET or Java/JSP. In addition to the regular class, the advanced
edition class includes security issues such as:
-
Authentication
-
Preventing
session hijacking
-
Privilege
escalation
-
Advanced SQL
security with stored procedures
This class
involves rigorous hands-on exercises.
Key Learning
Objectives:
-
Problems
that occur when developing a web application.
-
Security
issues when deploying a web application.
-
Web
application security testing
-
Securely
configuring web servers
-
Secure
coding techniques
-
Spotting
basic errors in web application code
-
Basic error
handling techniques
General
Learning Objectives:
-
Developing
procedures to test and maintain the security of a web application.
-
Source code
review procedures.
-
Proficiency
with security testing tools and procedures
Who Should
Attend:
-
Developers:
Learn what can go wrong with badly written application code, and
how to prevent such errors.
-
Web site
administrators: Learn how to securely configure a web server and
an application server, without compromising on functionality.
-
Application
security analysts: Learn how to systematically analyze and audit a
web application.
-
Project
managers / IT managers: Learn how to be effective in maintaining a
secure web application, going ahead.
Trainers
Saumil Udayan Shah
Founder and Director,
Net-Square
Solutions Pvt. Ltd.
Saumil continues
to lead the efforts in e-commerce security research at Net-Square.
His focus is on researching vulnerabilities with various e-commerce
and web based application systems. Saumil also provides information
security consulting services to Net-Square clients, specializing in
ethical hacking and security architecture. He holds a designation of
Certified Information Systems Security Professional. Saumil has had
more than nine years experience with system administration, network
architecture, integrating heterogeneous platforms, and information
security and has performed numerous ethical hacking exercises for
many significant companies in the IT area. Saumil is a regular
speaker at security conferences such as BlackHat, RSA, etc.
Previously, Saumil
was the Director of Indian operations for Foundstone Inc, where he
was instrumental in developing their web application security
assessment methodology, the web assessment component of FoundScan -
Foundstone's Managed Security Services software and was instrumental
in pioneering Foundstone's Ultimate Web Hacking training class.
Prior to joining
Foundstone, Saumil was a senior consultant with Ernst & Young, where
he was responsible for the company's ethical hacking and security
architecture solutions. Saumil has also worked at the Indian
Institute of Management, Ahmedabad, as a research assistant and is
currently a visiting faculty member there.
Saumil graduated
from Purdue University with a master's degree in computer science
and a strong research background in operating systems, networking,
information security, and cryptography. At Purdue, he was a research
assistant in the COAST (Computer Operations, Audit and Security
Technology) laboratory. He got his undergraduate degree in computer
engineering from Gujarat University, India. Saumil is a co-author of
"Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the
author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)
Shreeraj Shah
Director,
Net-Square
Solutions Pvt. Ltd.
Shreeraj founded Net-Square in January 2000, to establish the
company as a strong security research and security software
development company. Net-Square has been instrumental in developing
and exporting web security components companies such as Foundstone
and NT OBJECTives. He leads research and development arm of Net
Square. He has over 5 years of experience with system security
architecture, system administration, network architecture, web
application development, security consulting and has performed
network penetration testing and application evaluation exercises for
many significant companies in the IT arena. In the past Shreeraj
worked with Chase Bank and IBM in area of web security.
Shreeraj graduated from Marist College with a Masters in Computer
Science, and has a strong research background in computer
networking, application development, and object-oriented
programming. He received his graduate degree in Computer Engineering
from Gujarat University, and an MBA from Nirma Institute of
Management, India. Shreeraj has also authored a book titled "Web
Hacking: Attacks and Defense" published by Addison Wesley.
REGISTER NOW ! |
***
BUSINESS
TRAINING
- HACKERS
INSIGHT
FOR
CIOS |
BY:
E-Security Gulf
Group (ESGulf)
Information
security is critically important to today’s organizations. You
business may depend on the future of an eBanking. Esgulf has
developed a comprehensive practical course that introduces you to
information security and protection from the Hackers perspective.
This one-day intensive course prepares you to understand your
organization information protection needs in the new age of the
Internet.
We will cover
practical topics of information security. We expose the participants
to the nature of vulnerabilities and how they are being exploited by
hackers today. We will highlight the state-of-the-art technologies
to defend and manage the risk against these threats. We will build
real awareness about today’s dangers in information security. We
provide a practical view of the real dangers your organization faces
from Hackers and understand the requirements to develop effective
protection standard, policies and monitoring systems for their own
business. This course is based 100% on practical and real world
examples.
Key Learning Objectives:
Web Security Basics
-
Security in
the News, Attacks and their nature
-
Threats,
Vulnerabilities, Methodology for Security
Hacker’s Viewpoint
-
Information
gathering techniques
-
Penetration,
Exploiting weaknesses and vulnerabilities
-
Gaining
access, Pilfering
-
Covering tracks, Creating back doors, Denial of Service
-
Google as a
search tool
-
Downloading
and Installing
-
Scanning,
Penetrating
Wireless Security
Social Engineering
-
Weakest
Link, Human Element
-
Security Awareness,
Beyond
traditional infosec
-
Protection,
Detection, Response
Key elements of Infosec
-
Policy
-
2x7x365
-
Security
Awareness, Training, Education
-
Incidence
Response
-
BCP/DRP
Hacking Workshops
-
Using Google
-
Hacking
Passwords
-
Stealing
Emails
-
Hacking WWW
sites
Who Should Attend:
-
Upper
Management and key decision makers.
-
Technical
managers
-
Trainer
Jorge Sebastiao
(CISSP,
ISP)
President and CEO,
E-Security Gulf
Group
With over
nineteen years of IS experience and six years of security
experience, Mr. Sebastiao brings experience, creativity, structure
and innovation to the “E-Business computing”.
As CEO at
E-Security Gulf Group; he architects business focused security
solutions. Previously at Computer Associates Middle East and
Computer Associates Canada he implemented leading Enterprise
Management, Security Management and Information Management solutions
for mission critical business applications.
He has guided
clients in the integration of current technologies and migration of
legacy applications to newer computing paradigms which make use
of--object orientation, distributed systems, client/server,
multi-tier as well as E-technologies. Mr. Sebastiao also
co-authored a consumer credit and information book titled "La Face
Cachée du Credit".
REGISTER
NOW ! |
|
|