Title: Web Application – Attacks and Defense
Trainer: Shreeraj Shah Director Net-Square Consulting
Capacity: 30 pax
Seats left: CLASS IS FULL
Duration : 2 days
Cost: (per pax) RM1800 (early bird) / RM2200 (non early-bird)

REGISTER NOW

Content:

Beginning with an introduction to Web applications and Web Services, the participants will be offered an insight into web hacks and their resulting effects, followed by thorough assessment methodologies and defense strategies for varying environments.

Introduction to web applications

1. Components of a web application
2. Basics of web technologies and protocol information
3. Evolution of technologies and impact on security
4. Understanding other basic web security-related concepts
5. Learning tools like netcat, achilles etc. to understand its usage and
6. Application. (Hands on for the group)

Web Hacking – Areas of attack

Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

1. Cross-site scripting attacks
2. SQL Query Injection
3. Session Hijacking
4. Buffer Overflows
5. Java Decompilation
6. HTTP brute forcing
7. Trojan Horses and Malware products
8. Form Manipulation, Query Poisoning
9. Input Validation,Parameter Tampering
10. Authentication
11. Information leakage
12. File operations
13. Client-side manipulations
14. Cryptography
15. Error/Exception handling

Attack and Defense strategies

1. Impact of attacks
2. Risk analysis
3. Countermeasures
4. Defense strategies and methods

Assessment Methodology and Defending Applications

1. Footprinting and Discovery
2. Reconnaissance – Profiling a web application
3. Black-box and White-box testing
4. Exploiting vulnerabilities
5. Defending applications
6. Secure coding strategies

Web Services Assessment

1. Footprinting
2. Discovery
3. Technology Identification
4. Attack vector for web services
5. Defense methods
6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

---

About Shreeraj:

Shreeraj Shah is founder and director of Net-Square. He has five years of experience in the field of security with a strong academic background. He has experience in system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his Bachelor’s degree in Engineering, Instrumentation and Control from Gujarat University, and an MBA from Nirma Institute of Management, India.

Shreeraj is the co-author of “Web Hacking: Attacks and Defense” published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, Bellua, CII, NASSCOM etc. You can find his blog at http://shreeraj.blogspot.com/.

Title: Exploiting & Defending Networks
Trainer: Nish Bhalla VP Consulting Solutions, Security Compass
Capacity: 30 pax
Seats left: 15
Duration : 2 days
Cost: (per pax) RM1800 (early bird) / RM2200 (non early-bird)

REGISTER NOW

Overview

The purpose of this course is to provide tech leads, testers, administrators, network administrators, help desk support and all other participants detailed security techniques and knowledge as applied to UNIX, Windows and Network security. It goes from the very basic concepts of understanding of Operating Systems (UNIX & Windows), learning the concepts of attacking and protecting Operating Systems, Networks & Network Devices. Participants would also learn how to take advantages of vulnerabilities that might exists in an environment. The training will not only show the latest techniques for exploiting the environment, but also how to defend the organization infrastructure against those weaknesses. Hands-on lab exercises reinforce the course material in a real world environment.

Understanding TCP/IP, Windows, and Unix
• TCP/IP
o Understanding the 3-way handshake
o Understanding UDP
o Understanding ICMP

• Windows
o Understanding Domains and Workgroups
o Domain Trust relationships
o Enumeration
o Understanding SIDs and RIDs
o Registry and sam files
o Common Services (Netbios, Web servers, IIS)
• UNIX
o DIG / nslookup
o Users and Groups (Understanding Unix file Permissions, User, Group)
o Common services (FTP, Telnet, SSH, TFTP, RPC, NFS)

Introduction Attack & Penetration

• A&P Methodology
o Foot-printing
o Scanning
o Enumeration
o Exploiting Vulnerabilities
o Installing Rootkits and Backdoors
o Cleaning up

• Foot-printing
o whois
o Search engines
o Google hacking
o News-groups
o Corporate Websites
o EDGAR

• Scanning
o Finding Live Hosts
o Port scanning (Connect, SYN, FIN)
o Passive network monitoring

• Enumeration
o OS Fingerprinting
o Detailing network service information (Banner Grabbing, DNS information)
o Obtaining list of valid users and resources
o Passive network monitoring
o OS Specific Enumeration

o Unix
• User enumeration via Apache
• User enumeration via Finger
• User enumeration via r-services
• Obtaining user info using NIS

o Windows
• Enumerating windows users and shares (net, nete, enum, local, global, nltest, dumpsec, getmac, epdump, ldp)

• Source sifting web portals
o Mirroring web sites (wget, Black Widow, Offline explorer)

• Brute forcing authentication
o Brutus
o Hydra
o Extending Hydra to Brute Force Custom Protocols
o MS-SQL Brute forcing (sqldict, shell script)
o Mysql / Oracle
o TS-Grind

• Mis-configurations
o TFTP
o NFS (nfsshell)
o X Vulnerabilities (xscan)

• Buffer Overflows (metasploit)

• Obtaining and Cracking password files
o Windows (sam, pwdump3, LSA Secrets)
o Unix ( /etc/shadow, NIS (ypcat))
o Cracking passwords ( l0phtcrack, john)

Exploiting Network Specific Vulnerabilities
• Sniffing (Promiscous mode)
• ARP Spoofing
• Hijacking TCP connections
• 802.11
o Quick Overview
o Kismet
o Aircrack

• Owning Network Devices
o Cisco router password cracking
o Attacking services (Telnet, SNMP, HTTP, Obtaining config files)

• Firewalls
o Fingerprinting Firewalls.

Auditing
• Windows cleanup
o disabling audit logs (Evenviewer)
o Web Server Logs

• UNIX Cleanup
o Xinet revisited & /etc/syslog.conf
o utmp and wtmp
o xferlog
o maillog
o lastlog
o shell histories

Installing Backdoors and Rootkits
• Port redirection techniques

• Windows backdoors and rootkits
o Fake Gina
o Winvnc
o Hiding files in windows
o Keyloggers

• Back-dooring Unix
o Installing a Remote Shell Service using xinted
o Setting SETUID and SETGID on executable files
o .rhosts
o Loki2
o Trojanized commonly used commands

• Linux Rootkits
o LKM based
• Covert Channels
o Reverse shell
o Msn-shell
o XML-shell

---

About Nish:

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews and IDS architecture design and deployments. He is the VP of Consulting Services at Security Compass providing consulting services for major software companies & Fortune 500 companies. He is writing the section on writing exploits for an upcoming title “Buffer Overflow Attacks: Detect, Exploit & Prevent” and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”, he was also the tech editor for “Exploiting Software: How to Break Code”.

Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written for security focus.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he not only helped develop the “Secure Coding” class but also taught the Ulimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Apart from working for Foundstone, some of the other companies Nish has worked for include TD Waterhouse, The Axa Group and Lucent. Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Title: War Driving Kuala Lumpur
Trainer: Anthony Zboralski (Gaius) & Jim Geovedi
Capacity: 22 pax
Seats left: 11
Duration : 2 days
Cost: (per pax) RM2000 (early bird) / RM2400 (non early-bird)

REGISTER NOW

Note: Participants are required to bring their own laptops. Wireless enabled laptops aren’t required as students will connect to the Kismet Server using a network hub in the training room as well as in the bus.

Overview

This class will involve a war drive around Kuala Lumpur on the first day and as such is limited to 8 participants only. This two day hands-on workshop will cover wireless/mobile environments intrusion detection, secure wireless protocols, denial of service, privacy and anonymity, prevention of traffic analysis, wireless networking, monitoring and surveillance…

Wireless Technology is ubiquitous: hand phones, cordless phones, Wi-Fi LANs Bluetooth are everywhere. While wireless technology may be desirable to corporations because of the mobility and cost-saving it offers, wireless security has been elusive.

By default, most wireless networks are insecure and present a number of threats:

• Loss of Confidentiality (atm transactions, emails, confidential documents, etc.)
• Denial of Service, business interruption
• Theft of Service
• Internal networks may be exposed to outsiders and hackers may propagate via wireless to your network, partners and clients
• Corporate network could be used to launch stealth attacks against other targets or to transit spam

The 2-day course will cover:

• Introduction to Bluetooth and WiFi Security
• War Driving in Kuala Lumpur
• Analysing and mapping wireless networks.
• Attacking Wireless Networks and Bluetooth Devices
• Defending Wireless Networks
• Intrusion Detection and Monitoring

---

About Anthony:

Anthony Zboralski leads Bellua Asia Pacific, an Information Security consulting company based In Jakarta, Indonesia. He has more than 9 years of experience performing penetration tests, assessments, forensics and related services for some of the largest banks in Asia and a dozen Fortune 500 companies including Aerospatiale, Air France, Allianz, AXA, Electricite de France, Lagardere-Matra…

He is also known as Gaius, one of HERT cofounders and wrote some articles for phrack and hert.org (tunnelx, ciscogdb, procx, etc.). Anthony has been involved into hacking and security community since 1989 (started on x25 with otosync and bayernpower [Matthias]). He is 29 now, living in Indonesia with wife and two kids.

About Jim:

Jim Geovedi is HERT’s new evil thinker. While most of his time goes towards providing information security advisory and training services to private enterprises and government in Indonesia through Bellua Asia Pacific, in his spare time Jim amuses himself by working on open-source security software and
operating system development projects.

Title: Packet Mastering The Monkey Way
Trainers: Dr. Jose Nazario (Arbor Networks) & Marius Eriksen (Google.com)
Capacity: 22 pax
Seats left: 21
Duration : 2 days
Cost: (per pax) RM1800 (early bird) / RM2200 (non early-bird)

REGISTER NOW

Overview

In this course you will learn how to code in C using libpcap, libdnet, libnids, and drive it all with libevent. The main language will be C, but we will also cover python bindings to these techniques.

Day 1

a) TCP/IP and ethernet networking overview
b) Packet capture with libpcap
c) Packet construction with libdnet
d) Libnids and stream reconstruction techniques

Day 2

a) Recap and questions from day 1
b) Event driven programming (signals, read, write, timers), libevent
c) Common tool classes: scanners, snifers, and tracers
d) Bringing it all together:
e) A simple stream sniffer (illustrating the use of libnids and libevent)
f) A simple port scanner (illustrating libpcap, libevent, libdnet)
g) Questions and other things you can do.

---

About Jose:

Dr. Jose Nazario is a worm researcher and senior software engineer at Arbor Networks. Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet events such as DDoS attacks and worms, source code analysis methods and datamining. He routinely writes and speaks on Internet security in forums that include NANOG, USENIX Security, BlackHat Briefings, CanSecWest and SANS. Dr. Nazario holds a Ph.D. in biochemistry from Case Western Reserve University.

Dr. Nazario is also the author of the ground-breaking book entitled “Defense and Detection Strategies against Internet Worms” which offers insight into worm trends and behavior, while providing practical protection techniques. Dr. Nazario was also co-author on the book “Secure Architectures with OpenBSD”.

About Marius

Marius Eriksen is a software engineer at Google, Inc. and is an OpenBSD developer. He has developed and maintained many open source projects and has failed to release many more. Marius has mostly been involved with systems security, distributed filesystems, networking middleware and security and general operating systems kernel development. Marius’ recent open source work include work on transparent end-to-end networking portability and contextual user interfaces.

Presentation Title: Phishing Attacks: A guide to self assessment
Presentation Details:

This is not another presentation about identifying phishing attacks and other scams. Phishing Attacks, a guide to self assessment aims to answer all the political and technical questions in planning and executing a phishing exercise for your own organization.

The audience will learn how to organize a phishing attack and leverage it into an exercise that will test user awareness and IT’s procedures to phishing incident response. Technical topics will include:

1.) How to word a compelling, believable phishing email scenario
2.) How to build the phishing web server
3.) How to mass mail the phishing scam to bypass potential mail filters
4.) How to safely collect the data of those who fall for the scam

The presentation will also cover the non-technical considerations that need to be thought of before and after the attack. If the phishing attack was planned right, the email and firewall team will be better prepared to respond to this threat, and more importantly, the recipient will gain valuable security awareness training that will help them at work and at home. With proper planning and execution, the victims actually thank you when it’s over.

About Aaron:

Aaron Higbee is a principal consultant for Foundstone, a division of McAfee. Prior to Foundstone, Aaron was a network abuse investigator for Earthlink Network and Roadrunner and has witnessed every type of Internet abuse since its inception. Aaron draws on his consulting experience building phishing exercises for Foundstone’s clients.

Presentation Title: Hacking Internet Banking Applications
Presentation Details:

The general public sentiment is that the banks, having always been the guardians of our money, are expert at safeguarding it. Unfortunately, internet corporate banking and personal banking applications are usually ridden with bugs. Internet Banking Applications development is nowadays out-sourced to third party software vendors that have poor understanding of security, and incomplete quality management processes. Most of the time the applications are extremely insecure before they get audited by security professional third-parties.

This presentation will demonstrate the various attacks that almost always work (and those that do not), on your “bank-next-door” internet banking application, illustrated with real life statistics. We will outline the regular technical attacks and will focus on a hit parade of business logic attacks. We will steal money from other customers, buy shares for free, and spy on other customers bank records among many other frauds.

This demonstration will highlight the solutions to some of the challenges the banks will face online to ensure that their data handling practices are compliant with their country’s privacy regulations and banking regulations among others.

About Fabrice:

Fabrice is the manager of FMA-RMS, a small dedicated security consulting firm based in Singapore. Developer by trade for many years, he has been involved in the information security field for over 6 years. His interests are in secure programming, cryptography, open source and firewalling techniques. For the last few years he has been breaking mostly bank and telecom web applications in the Asia Pacific region, as well as performing penetration tests for them. Originally from France, Fabrice has been staying in Singapore for the last 5 years.

Presentation Title: Exploiting Microsoft Services For Unix
Presentation Details:

Microsoft Services for Unix is a new component in the Windows suite which lets you run UNIX based applications on a win32 platform with very little effort. Microsoft has ported a number of utilities and packages to make the transition an easy task and to eliminate the need to have a dedicated UNIX platform. This presentation will cover the weakness in such a deployment and further cover all security issues including design flaws of the subsystem internals and will focus on different exploitation techniques.

About Swaraj:

Swaraj works for suresec as a senior security researcher, he enjoys code auditing and writing exploits for fun, he also works for debian linux distribution as a member of the security audit group which proactively fixes security vulnerabilities.He goes by an alias called jaguar ,in the past has found a number of vulnerabilities and has contributed to the debian project.

Presentation Title: VoIPhreaking: How to make free phone calls and influence people
Presentation Details:

The recent explosion in internet telephony has led to the exposure of the (previously) closed Public Service Telephone Network (PSTN) to the wilds of the internet. Voice over IP (VoIP) technology presents new and interesting security challenges, many of which are completely ignored until after deployment. These security issues, such as new avenues for fraud, present serious risks to tradition telephony companies. This talk explores the technologies behind VoIP infrastructures, focusing on their weaknesses and faults. LIVE DEMOS will help illustrate that attacks which violate VoIP system security are not only practical, but are already here. The era of VoIPhreaking has begun.

About The Grugq:

The grugq has been researching anti-forensics for almost 5 years. Grugq has worked to secure the networks and hosts of global corporations, and hes also worked for security consultanting companies. Currently, he slaves for a start-up, designing and writing IPS software and also as a freelance security consultant. Grugq has presented to the UK’s largest forensic practioner group where he scared the police. In his spare time, grugq likes to drink and rant.

Presentation Title: Web hacking Kung-Fu and Art of Defense
Presentation Details: Web attacks are on the rise and new methods of hacking are evolving. This presentation will cover new methodologies for web application footprinting, discovery and information gathering with a new range of tools.

Web applications are getting exploited using various new injection techniques like advanced SQL injection, LDAP query, XPATH goofing etc. All these new exploit methods will be discussed. The HTTP stack is changing in application frameworks like .NET. The stack can be utilized for defense using HTTP interfaces. Defense methodology for web applications are required to combat new threats emerging in the field.

This will be a deep-knowledge presentation that will be full of live demos, examples and new tools!

About Shreeraj:

Shreeraj Shah is founder and director of Net-Square. He has five years of experience in the field of security with a strong academic background. He has experience in system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his Bachelor’s degree in Engineering, Instrumentation and Control from Gujarat University, and an MBA from Nirma Institute of Management, India.

Shreeraj is the co-author of “Web Hacking: Attacks and Defense” published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, Bellua, CII, NASSCOM etc. You can find his blog at http://shreeraj.blogspot.com/.

Presentation Title: Hacking Windows CE
Presentation Details:

The network features of PDAs and mobiles are becoming more and more powerful, so their related security problems are attracting much more attention. This paper will show a buffer overflow exploitation example in Windows CE. It will cover knowledge about the ARM architecture, memory management and the features of processes and threads of Windows CE. It will also shows how to write a shellcode in Windows CE including knowledge about decoding shellcode of Windows CE.

1 - Windows CE Overview
2 - ARM Architecture
3 - Windows CE Memory Management
4 - Windows CE Processes and Threads
5 - Windows CE API Address Search Technology
6 - The Shellcode for Windows CE
7 - System Call
8 - Windows CE Buffer Overflow Exploitation
9 - About Decoding Shellcode
10 - Conclusion

About San:

San is a security researcher, who has been working in the Research Department of NSFocus Information Technology (Beijing) Co., Ltd for more than three years. He’s also the key member of XFocus Team. His focus is on researching and analysing application security, and he’s also the main author of “Network Penetration Technology” (Chinese version book).