Point of Origin Hacking Workshops

Point of Origin Hacking Workshops

POINT OF ORIGIN HACKING WORKSHOPS MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz WHAT YOU DON’T KNOW CAN HURT YOU “Ignorance and sloth are the enemies of effective security. So which is it? Are you stupid, lazy or both?” Angus Blitter 2012 POINT OF ORIGIN HACKING (POOH) What is POOH? It’s not the honey grubbing bear from your youth or stuff you might need to clean off of your shoe. It’s a core tenet of our field-proven methodology. The tenet dictates that organizations should consider theoretical vulnerabilities as part of their risk and trust management practices. We seek a pragmatic approach to isolating the most relevant threat vectors and proactively insulating the organization from negative impact, should that threat vector become exploitable. This approach is very effective when introducing new technologies, procedures or implementing policy changes. We use the term “Exposure Index” (EI) to express the relative confidence in the security effectiveness of a protocol, system or control. Your EI is directly related to the motivation of an attacker to develop a capability in order to exploit a vulnerability. Is anyone motivated to attack you? How would they do it? How should you respond? We bring the best practitioners from around the world together for interactive workshops focused on real and theoretical risks associated with the most relevant technologies. Arm yourself with the tools to predict and prevail in the modern world! MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz EXTREME TRAINING POOH Workshops PAY BY THE DAY FREE Day-Con VI Pass Register NOW All presenters are real Pricing uses a sliding scale If you sign-up for a workshop If you want to attend POOH practitioners with much of based on the number of days you get a complimentary training, simply send an email to the content being presented you want to attend. Day-Con VI pass. [email protected] with by the original researchers 1st Day $900 $250 Value the subject line of POOH 2012. and innovators. 2nd Day $600 3rd Day $500 WE HAVE TRAVELED THE WORLD seeking out the best and brightest security researchers and innovators so you don’t have to. Much of the course content is commissioned or otherwise unique. Our pricing represents a significant savings compared to what you normally pay to take this training in its country of origin (not to mention the exchange rates, hotel pricing and language barriers). All presenters are real practitioners with much of the content being delivered by the original researchers. World renowned experts teach you in an intimate setting to provide an extreme training experience you will never forget! MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz IPV6 SECURITY AGENDA Current state of IPv6 security in LANs • Attack trends and tools • Best practices for network stability and security • RA guard and similar technologies Choosing the right addressing approach • Some notes on the ULA discussion • Link local addresses from a security perspective Privacy extensions • Advantages & disadvantages from a security & privacy perspective • Default behavior of desktop and smartphone technology • Practical implications (e.g. reverse DNS) WHAT KIND OF IPV6 TOOLS DO YOU HAVE IN YOUR KIT? Filtering IPv6 traffic • Best practices and sample configurations This workshop covers advanced security aspects of IPv6 in • Overview of IPv6 support in common security devices enterprise environments. We will focus on architecture and planning aspects and discuss the latest developments in • NAT in the IPv6 world - the endless debate the technology and standards space. Our goal is to enable the participants to make well-informed decisions when it comes to deploying IPv6 in both, a secure and operationally feasible manner. It is assumed that participants already possess some fundamental knowledge concerning IPv6’s inner workings and our actions for considering its use in their environment. ENNO REY Enno Rey is a seasoned information security professional working as the consulting right hand for a number of CISOs. He has vast experience in designing, operating and securing large environments and has passed the typical transformation from a technology-centric to a process-oriented infosec guy. He was initially certified as a BS 7799 LA in 2001 and has been devoted to a risk based approach of steering information security as a supporting process for more than ten years. His current research focus is on trust models, policies and their interaction with real-world infosec and risk analysis tools useful in practice. He's a regular speaker at events all over the world (including Black Hat several times and many other events) and has published a number of books, articles and white papers. “The Insinuator” will lead this workshop. Don’t miss this unique opportunity. MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz MOBILE SECURITY AGENDA Mobile devices Security controls for a • Differences between secure integration the new and old players • Control categories • What makes them the • Structured approach to front-end of the future select controls • User restrictions & Smartphone operating access policy system overview • Mobile device management • Policies & guidelines • iPhone OS: architecture, • Available technical controls security features & attributes If you can’t manage it you can’t secure it • Google Android Mobile device management • Other devices This workshop will include an introduction to mobile • Requirements device security, a discussion on its risks for your • iOS management Corporate challenges organization and will provide you with possible • Configuration profiles solutions. • Do’s & Don’ts of mobile devices • iTunes in business After discussing threats, vulnerabilities and risks of • Achieving security goals • Apple configuration utility mobile device integration, the iOS and Android • Network integration • Over the air provisioning device specific features and vulnerabilities will be • Mobile device management • Android management presented along with several attack scenarios, • Bring your own device • Microsoft Exchange active sync forensic methodologies and real life case studies. • Private use of corporate devices • Third party management solutions We will demonstrate mobile device management • War stories from the wild solutions, along with other possible integration App approvement strategies, such as container solutions and hosted management solutions. We will also discuss Mobile device information • Technical assessment technical controls and how to cover mobile devices security management • Assessment metric within your organization’s IT security policy. During • Standards & approaches the workshop we will discuss different deployment Operations: scenarios as well as BYOD (Bring you own device). • Threats & vulnerabilities • Important processes for This will be a practical workshop where you can (with practical demos) secure operation test various skills in small, hands-on sessions. We • Rapid risk assessment • Implementation hints will provide you with some devices or BYOD. • Required security controls • Mobile device security concept RENE GRAF Rene Graf leads the Mobile Security team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs. Real world training from practitioners that know what works! MeshcO, Inc. Presents Extreme Training • Imported For Your Education October 9th-11th, 2012 • Dayton Ohio • 937-938-9066 • Powered by Sk1llz CLOUD & VIRTUALIZATION SECURITY AGENDA • Well-known attacks and risks with an emphasis on VMware ESX • Attacks from the guest against the hypervisor • Typical operational problems • The problem of “Rogue Machines” • Zone concepts in virtualized environments • Role concepts (Roles and Responsibilities) • Three layer computing: storage, network & adequate isolation procedures • Risk evaluation as a basis for efficient security work • Possible security problems & their relevancy in virtualization scenarios VIRTUAL CLOUDS • Approaches for the evaluation of consolidation of The use of virtualization technologies has a considerable various security zones impact on the security architecture in countless organizations. Existing concepts, which are based on network zones and • Amount of security is necessary for which data is classified physical separation of resources cannot be mapped in their • Best security practices in virtualization scenarios entirety and often, are in contrast to the IT targets (key word: consolidation). The introduction of virtualization will lead to • Secure design hardening changing risks, either through a higher complexity (and • Secure operations unclear responsibilities/changing operating procedures) or through new attacks like "Cloudburst"against the hypervisor. • Secure management In many environments, the next degree of abstraction is on the horizon: Cloud Computing • Basic cloud concepts • Threats & vulnerabilities in cloud environments The goal is to achieve an adequate risk level in an increasingly abstract IT world. In order to achieve this you need to develop • Most relevant cloud risks a deep understanding of the involved technologies, • Compliance,

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us