Point of Origin Hacking Workshops

POINT OF ORIGIN HACKING WORKSHOPS

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz WHAT YOU DON’T KNOW CAN HURT YOU

“Ignorance and sloth are the enemies of effective security. So which is it? Are you stupid, lazy or both?” Angus Blitter 2012

POINT OF ORIGIN HACKING (POOH) What is POOH? It’s not the honey grubbing bear from your youth or stuff you might need to clean off of your shoe. It’s a core tenet of our ﬁeld-proven methodology. The tenet dictates that organizations should consider theoretical vulnerabilities as part of their risk and trust management practices. We seek a pragmatic approach to isolating the most relevant threat vectors and proactively insulating the organization from negative impact, should that threat vector become exploitable. This approach is very effective when introducing new technologies, procedures or implementing policy changes. We use the term “Exposure Index” (EI) to express the relative conﬁdence in the security effectiveness of a protocol, system or control. Your EI is directly related to the motivation of an attacker to develop a capability in order to exploit a vulnerability. Is anyone motivated to attack you? How would they do it? How should you respond? We bring the best practitioners from around the world together for interactive workshops focused on real and theoretical risks associated with the most relevant technologies. Arm yourself with the tools to predict and prevail in the modern world!

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz EXTREME TRAINING

POOH Workshops PAY BY THE DAY FREE Day-Con VI Pass Register NOW All presenters are real Pricing uses a sliding scale If you sign-up for a workshop If you want to attend POOH practitioners with much of based on the number of days you get a complimentary training, simply send an email to the content being presented you want to attend. Day-Con VI pass. [email protected] with by the original researchers 1st Day $900 $250 Value the subject line of POOH 2012. and innovators. 2nd Day $600 3rd Day $500

WE HAVE TRAVELED THE WORLD seeking out the best and brightest security researchers and innovators so you don’t have to. Much of the course content is commissioned or otherwise unique. Our pricing represents a signiﬁcant savings compared to what you normally pay to take this training in its country of origin (not to mention the exchange rates, hotel pricing and language barriers). All presenters are real practitioners with much of the content being delivered by the original researchers.

World renowned experts teach you in an intimate setting to provide an extreme training experience you will never forget!

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz IPV6 SECURITY

AGENDA

Current state of IPv6 security in LANs • Attack trends and tools • Best practices for network stability and security • RA guard and similar technologies

Choosing the right addressing approach • Some notes on the ULA discussion • Link local addresses from a security perspective

Privacy extensions • Advantages & disadvantages from a security & privacy perspective • Default behavior of desktop and smartphone technology • Practical implications (e.g. reverse DNS) WHAT KIND OF IPV6 TOOLS DO YOU HAVE IN YOUR KIT? Filtering IPv6 trafﬁc • Best practices and sample conﬁgurations This workshop covers advanced security aspects of IPv6 in • Overview of IPv6 support in common security devices enterprise environments. We will focus on architecture and planning aspects and discuss the latest developments in • NAT in the IPv6 world - the endless debate the technology and standards space. Our goal is to enable the participants to make well-informed decisions when it comes to deploying IPv6 in both, a secure and operationally feasible manner. It is assumed that participants already possess some fundamental knowledge concerning IPv6’s inner workings and our actions for considering its use in their environment.

ENNO REY Enno Rey is a seasoned information security professional working as the consulting right hand for a number of CISOs. He has vast experience in designing, operating and securing large environments and has passed the typical transformation from a technology-centric to a process-oriented infosec guy. He was initially certiﬁed as a BS 7799 LA in 2001 and has been devoted to a risk based approach of steering information security as a supporting process for more than ten years. His current research focus is on trust models, policies and their interaction with real-world infosec and risk analysis tools useful in practice. He's a regular speaker at events all over the world (including Black Hat several times and many other events) and has published a number of books, articles and white papers.

“The Insinuator” will lead this workshop. Don’t miss this unique opportunity.

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz MOBILE SECURITY

AGENDA Mobile devices Security controls for a • Differences between secure integration the new and old players • Control categories • What makes them the • Structured approach to front-end of the future select controls • User restrictions & Smartphone operating access policy system overview • Mobile device management • Policies & guidelines • iPhone OS: architecture, • Available technical controls security features & attributes If you can’t manage it you can’t secure it • Google Android Mobile device management • Other devices This workshop will include an introduction to mobile • Requirements device security, a discussion on its risks for your • iOS management Corporate challenges organization and will provide you with possible • Configuration profiles solutions. • Do’s & Don’ts of mobile devices • iTunes in business After discussing threats, vulnerabilities and risks of • Achieving security goals • Apple configuration utility mobile device integration, the iOS and Android • Network integration • Over the air provisioning device specific features and vulnerabilities will be • Mobile device management • Android management presented along with several attack scenarios, • Bring your own device • Microsoft Exchange active sync forensic methodologies and real life case studies. • Private use of corporate devices • Third party management solutions We will demonstrate mobile device management • War stories from the wild solutions, along with other possible integration App approvement strategies, such as container solutions and hosted management solutions. We will also discuss Mobile device information • Technical assessment technical controls and how to cover mobile devices security management • Assessment metric within your organization’s IT security policy. During • Standards & approaches the workshop we will discuss different deployment Operations: scenarios as well as BYOD (Bring you own device). • Threats & vulnerabilities • Important processes for This will be a practical workshop where you can (with practical demos) secure operation test various skills in small, hands-on sessions. We • Rapid risk assessment • Implementation hints will provide you with some devices or BYOD. • Required security controls • Mobile device security concept

RENE GRAF Rene Graf leads the Mobile Security team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.

Real world training from practitioners that know what works!

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz CLOUD & VIRTUALIZATION SECURITY

AGENDA • Well-known attacks and risks with an emphasis on VMware ESX • Attacks from the guest against the hypervisor • Typical operational problems • The problem of “Rogue Machines” • Zone concepts in virtualized environments • Role concepts (Roles and Responsibilities) • Three layer computing: storage, network & adequate isolation procedures • Risk evaluation as a basis for efﬁcient security work • Possible security problems & their relevancy in virtualization scenarios VIRTUAL CLOUDS • Approaches for the evaluation of consolidation of The use of virtualization technologies has a considerable various security zones impact on the security architecture in countless organizations. Existing concepts, which are based on network zones and • Amount of security is necessary for which data is classiﬁed physical separation of resources cannot be mapped in their • Best security practices in virtualization scenarios entirety and often, are in contrast to the IT targets (key word: consolidation). The introduction of virtualization will lead to • Secure design hardening changing risks, either through a higher complexity (and • Secure operations unclear responsibilities/changing operating procedures) or through new attacks like "Cloudburst"against the hypervisor. • Secure management In many environments, the next degree of abstraction is on the horizon: Cloud Computing • Basic cloud concepts • Threats & vulnerabilities in cloud environments The goal is to achieve an adequate risk level in an increasingly abstract IT world. In order to achieve this you need to develop • Most relevant cloud risks a deep understanding of the involved technologies, • Compliance, governance & risk management in components and vendors and their security features. cloud environments This course will enable you to make well-founded decisions and to • The ERNW Cloud Security Approach use virtualization and/or cloud architectures efficiently and safely. • Cloud war stories

MATTHIAS LUFT Matthias Luft is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he has developed his own approach in evaluating and reviewing all kinds of applications, protocols and technologies. As one of the ﬁrst researchers who revealed major design ﬂaws and vulnerabilities in the approach of Data Leakage Prevention, he is a regular speaker at international security conferences and will happily share his knowledge with the audience.

Original research by world renowned cyber security experts

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz ADVANCED REVERSE ENGINEERING

AGENDA Participants will be introduced to the reverse engineering of closed-source software on Windows and embedded platforms following a structured approach. All necessary tools and methods will be introduced. Their correct and efﬁcient usage will be taught, including practical examples and exercises. The goal of this workshop is to enable participants to successfully conduct reverse engineering projects in a efﬁcient and structured way. Success factors and alternate approaches will also be discussed.

• Reverse engineering basics • Introduction to the basic tools • Windows binary (Portable Executables) format • Disassembling basics & common problems • Decompiling basics • Rating of the reliability of results DANIEL MENDE • Debugging & API monitoring introduction Daniel Mende is a German security researcher • Advantages of API monitoring specialized in network protocols and technologies. • Adjusting debuggers for certain RE projects He’s well known for his Layer2 extensions of the SPIKE • Runtime vs. static analysis and Sulley fuzzing frameworks and has presented on • Code coverage basics protocol security at many occasions including CCC Easterhegg, IT Underground/Prague and ShmooCon. • Structured approach for reverse engineering Usually he releases a new tool when giving a talk. • Advantages & disadvantages • Limitations & potential solutions • Important add-ons • Dissassembler and decompiler SDKs • Special requirements & considerations for embedded systems • A variety of reversing exercises, including embedded targets • Recommended readings

GRAEME NEILSON Graeme Neilson is a security consultant/researcher for Aura Information Security in Wellington. He has worked in security for over ten years with a focus on network infrastructure and reverse engineering. He has presented at Kiwicon (Wellington, New Zealand), Ruxcon (Sydney, Australia), BlackHat (Las Vegas, USA) and, of course, Day-Con.

This class will teach you how to think like a reverse engineer

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz PACKETWARS BOOT CAMP

WHAT IS PACKETWARS? PacketWars™ is a sport like nothing you have ever experienced! Games, known as “Battles”, pit individual players against each other in a race against time to achieve predeﬁned objectives, win prizes and attain fame. Operating in the shadows of the Internet, beyond the rule of TCP/IP and devoid of compassion, a secret war rages. Sometimes spilling over into the real world, digital battles are waged to advance the will of the combatants.

OFFENSIVE & DEFENSIVE COMPUTING This workshop provides you with insights into a broad HANDS ON TRAINING WORKSHOP variety of hacking techniques. Experts will show you everything from basic principles to the latest advanced The combatants are as varied as they are skilled and tactics of modern computer warfare. motivated. Every engagement is unique. It is our duty to chronicle these events. Join us as we open a portal to It’s no secret that only well trained IT security experts are extreme hacking. Do you have what it takes to survive? able to defend their assets. Even if you follow the industry BYOL (Bring Your Own Laptop), if you want to join! “best practices” to protect your assets, the attacker only needs to exploit a single weakness in your defenses, making it seem impossible to prevail. With this workshop we turn the tables: You’ll learn to think and act with the mindset of an attacker. Understanding their motivation, tools and logic will enable you to gain a new perspective of your security posture. You will learn the methodologies of a targeted attack and develop a kill-chain defense mindset. Join us and become a Cyber Warrior.

PACKETWARS INSTRUCTORS (Members of the X3 PacketWars™ Champions ERNW AllStars) This session is brought to you by seasoned experts from ERNW. With loads of experience in the ﬁeld, pen testing is said to be their favorite discipline in the world of IT security. Bringing your own equipment is advised. Please let us know if you would prefer to work with our hardware. ONE MORE THING: At some point you have to test your skills under real world conditions. The ultimate goal of this session is to assemble a strong team for the PacketWars™ competition on Saturday. But beware! With great power, comes great responsibility and therefore there is only one plausible goal to aim for: Victory.

Learn from the best in the business

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz NEXT STEPS

Pricing is a sliding scale based on the number of days you want to attend. First day $900, $600 for the 2nd day and $500 for the 3rd day. If you sign-up for a work shop, you All workshops will be held at the get a complimentary Day-Con VI Crowne Plaza in beautiful downtown pass. This pricing represents a Dayton, Ohio signiﬁcant discount on the pricing you would pay to take this training A special event rate of $82/night can in it’s native country (not to mention be secured by calling 937-224-0800 the exchange, hotel rates and and referencing Day-Con 2012. language barriers). All presenters are real practitioners with much of the content being presented by the original researchers.

If you sign-up for a workshop you get a complimentary Day-Con VI pass.

IF YOU WANT TO ATTEND simply send an email to [email protected] with the subject line of POOH 2012. Please include the name you want to register under and which workshop(s) you want to attend. Payment details will be sent back to you via email. Methods of payment include Paypal, certiﬁed check or money order.

http://day-con.org

DAY-CON VI TRAINING SCHEDULE

TUE 9, 2012 WED 10, 2012 THU 11, 2012 OCTOBER 9TH-13TH, 2012 FRI & SAT 9 AM-5 PM 9 AM-5 PM 9 AM-5 PM IPv6 Security DC VI

Mobile Security DC VI

Cloud & Virtualization Security DC VI

Advanced Reverse Engineering DC VI

Packetwars Boot Camp DC VI

MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz