The official hash tag for HITBSecConf2010 - Amsterdam is #HITB2010AMS
Come see your tweets fly around our on-site Twitter wall!

TT2 – Network Endpoint Visibility: Digging Deeper

Trainers: Meling Mudin (Founder, & Lee Chin Sheng (CTO, IntersecuTech)
Capacity: 25 pax

Duration: 2 days
Cost: (per pax) EUR1499 (early bird) / EUR1899 (non early-bird)


How do you make your network security monitoring smarter? How do you detect targeted attacks? How do you know if data has been stolen or intentionally leaked outside your organization? How confident are you that the IDPS that you’ve installed is doing its job? How good are your vendors? What are your defenses against targeted attacks? Does your security infrastructure understands software applications that runs on client systems?

If you have no clear answer to the questions above, then you’re in luck. “Endpoint Visibility: Digging Deeper” is a brand new training created by the trainers of “Structured Network Threats Analysis and Forensics” and “The Art of Network Forensics”. This in-depth hands-on technical training helps you to understand, among others, the dynamic behaviors of the group of people that keep you awake at night: legitimate users of your system, and attackers – all using infiltration and extraction of data from network streams.

Combining advanced concepts from the two previous courses, and introducing new network forensics and data analysis methods, we’ll show you what’s your NSM vendor lacks, teach you retrospective network event tracing and auditing, data leakage detection, and how endpoint visibility can facilitate and enhance current network-based forensics technology.

Who should attend / Target audience

- Forensics investigator/analyst
- Network security analyst
- Network security administrator
- Firewall & IDS/IPS administrator
- Anyone that uses Wireshark/tcpdump on a daily basis

Laptop Requirements

- Windows XP/Vista, OSX or Linux
- Working installation of VMPlayer (or VMWare Workstation) or VMWare
- Administrator/root access on the laptop
- Enough RAM (~2Gb) and free hard disk (~4Gb) for running VMware
- OpenOffice or Microsoft Powerpoint for presentation
- NOTE: Only VMWare image will be provided, so please ensure that you
have working installation of VMWare for your respective
operating systems

About the trainers
Meling Mudin

Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian government’s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.

Lee Chin Sheng

C.S.Lee is currently working as the CTO of InterSecuTech Malaysia. He has been in the network security industry for the past 7 years and was previously CEH trainer on wireless hacking and pentesting. Recently his focus has been one the art of detection and network Security Monitoring (NSM) concepts. He is an NSM practitioner who believes in using Open Source tools to complete his task. He has written papers on dissecting and perform packet analysis and has been involved in projects involving vulnerability assessment, network incident handling and response as well as network based forensics. Right now his free time is mostly spent on enriching network security operation using visualization/correlation techniques and multilevel taxonomy based dissection analysis.