POINT OF ORIGIN HACKING WORKSHOPS - Day-Con XIII · VMware ESX • Attacks from the guest against the hypervisor • Typical operational problems • The problem of “Rogue Machines”

POINT OF ORIGIN HACKING WORKSHOPSM e s h c O , I n c . P r e s e n t s E x t r e m e T r a i n i n g • I m p o r t e d F o r Y o u r E d u c a t i o n O c t o b e r 9 t h - 1 1 t h , 2 0 1 2 • D a y t o n O h i o • 9 3 7 - 9 3 8 - 9 0 6 6 • P o w e r e d b y S k 1 l l z

WHAT YOU DON’T KNOW CAN HURT YOU“Ignorance and sloth are the enemies of effective security. So which is it? Are you stupid, lazy or both?”Angus Blitter 2012

POINT OF ORIGIN HACKING (POOH)What is POOH? It’s not the honey grubbing bear from your youth or stuff you might need to clean off of your shoe. It’s a core tenet of our field-proven methodology. The tenet dictates that organizations should consider theoretical vulnerabilities as part of their risk and trust management practices. We seek a pragmatic approach to isolating the most relevant threat vectors and proactively insulating the organization from negative impact, should that threat vector become exploitable.

This approach is very effective when introducing new technologies, procedures or implementing policy changes. We use the term “Exposure Index” (EI) to express the relative confidence in the security effectiveness of a protocol, system or control. Your EI is directly related to the motivation of an attacker to develop a capability in order to exploit a vulnerability. Is anyone motivated to attack you? How would they do it? How should you respond?

We bring the best practitioners from around the world together for interactive workshops focused on real and theoretical risks associated with the most relevant technologies. Arm yourself with the tools to predict and prevail in the modern world!

M e s h c O , I n c . P r e s e n t s E x t r e m e T r a i n i n g • I m p o r t e d F o r Y o u r E d u c a t i o n O c t o b e r 9 t h - 1 1 t h , 2 0 1 2 • D a y t o n O h i o • 9 3 7 - 9 3 8 - 9 0 6 6 • P o w e r e d b y S k 1 l l z

EXTREMET R A I N I N GPOOH WorkshopsAll presenters are real practitioners with much of the content being presented by the original researchers and innovators.

PAY BY THE DAYPricing uses a sliding scale based on the number of days you want to attend.

FREE Day-Con VI PassIf you sign-up for a workshop you get a complimentary Day-Con VI pass.

Register NOWIf you want to attend POOH training, simply send an email to [email protected] with the subject line of POOH 2012.

WE HAVE TRAVELED THE WORLD seeking out the best and brightest security researchers and innovators so you don’t have to. Much of the course content is commissioned or otherwise unique. Our pricing represents a significant savings compared to what you normally pay to take this training in its country of origin (not to mention the exchange rates, hotel pricing and language barriers). All presenters are real practitioners with much of the content being delivered by the original researchers.

World renowned experts teach you in an intimate setting to provide an extreme training experience you will never forget!


$900 $600$500

1st Day2nd Day3rd Day

$250 Value

mailto:[email protected]


IPV6 SECURITY

AGENDACurrent state of IPv6 security in LANs

• Attack trends and tools• Best practices for network stability and security• RA guard and similar technologies

Choosing the right addressing approach• Some notes on the ULA discussion• Link local addresses from a security perspective

Privacy extensions• Advantages & disadvantages from a security &

privacy perspective• Default behavior of desktop and smartphone technology• Practical implications (e.g. reverse DNS)

Filtering IPv6 traffic• Best practices and sample configurations• Overview of IPv6 support in common security devices• NAT in the IPv6 world - the endless debate

ENNO REYEnno Rey is a seasoned information security professional working as the consulting right hand for a number of CISOs. He has vast experience in designing, operating and securing large environments and has passed the typical transformation from a technology-centric to a process-oriented infosec guy. He was initially certified as a BS 7799 LA in 2001 and has been devoted to a risk based approach of steering information security as a supporting process for more than ten years. His current research focus is on trust models, policies and their interaction with real-world infosec and risk analysis tools useful in practice. He's a regular speaker at events all over the world (including Black Hat several times and many other events) and has published a number of books, articles and white papers.

“The Insinuator” will lead this workshop. Don’t miss this unique opportunity.


WHAT KIND OF IPV6 TOOLS DO YOU HAVE IN YOUR KIT?

This workshop covers advanced security aspects of IPv6 in enterprise environments. We will focus on architecture and planning aspects and discuss the latest developments in the technology and standards space.

Our goal is to enable the participants to make well-informed decisions when it comes to deploying IPv6 in both, a secure and operationally feasible manner.

It is assumed that participants already possess some fundamental knowledge concerning IPv6’s inner workings and our actions for considering its use in their environment.

MOBILE SECURITY

Real world training from practitioners that know what works!

AGENDAMobile devices

• Differences between the new and old players

• What makes them the front-end of the future

Smartphone operating system overview

• iPhone OS: architecture, security features & attributes

• Google Android• Other devices

Corporate challenges• Do’s & Don’ts of mobile devices• Achieving security goals• Network integration• Mobile device management• Bring your own device• Private use of corporate devices• War stories from the wild

Mobile device information security management

• Standards & approaches• Threats & vulnerabilities

(with practical demos)• Rapid risk assessment• Required security controls


RENE GRAFRene Graf leads the Mobile Security team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.

Security controls for a secure integration

• Control categories• Structured approach to

select controls• User restrictions &

access policy• Mobile device management• Policies & guidelines• Available technical controls

Mobile device management• Requirements• iOS management• Configuration profiles• iTunes in business• Apple configuration utility• Over the air provisioning• Android management• Microsoft Exchange active sync• Third party management solutions

App approvement• Technical assessment• Assessment metric

Operations:• Important processes for

secure operation• Implementation hints• Mobile device security concept

If you can’t manage it you can’t secure it This workshop will include an introduction to mobile device security, a discussion on its risks for your organization and will provide you with possible solutions.

After discussing threats, vulnerabilities and risks of mobile device integration, the iOS and Android device specific features and vulnerabilities will be presented along with several attack scenarios, forensic methodologies and real life case studies.

We will demonstrate mobile device management solutions, along with other possible integration strategies, such as container solutions and hosted management solutions. We will also discuss technical controls and how to cover mobile devices within your organization’s IT security policy. During the workshop we will discuss different deployment scenarios as well as BYOD (Bring you own device).

This will be a practical workshop where you can test various skills in small, hands-on sessions. We will provide you with some devices or BYOD.

CLOUD & VIRTUALIZATION SECURITY

AGENDA• Well-known attacks and risks with an emphasis on

VMware ESX

• Attacks from the guest against the hypervisor

• Typical operational problems

• The problem of “Rogue Machines”

• Zone concepts in virtualized environments

• Role concepts (Roles and Responsibilities)

• Three layer computing: storage, network & adequate isolation procedures

• Risk evaluation as a basis for efficient security work

• Possible security problems & their relevancy in virtualization scenarios

• Approaches for the evaluation of consolidation of various security zones

• Amount of security is necessary for which data is classified

• Best security practices in virtualization scenarios

• Secure design hardening

• Secure operations

• Secure management

• Basic cloud concepts

• Threats & vulnerabilities in cloud environments

• Most relevant cloud risks

• Compliance, governance & risk management in cloud environments

• The ERNW Cloud Security Approach

• Cloud war stories

MATTHIAS LUFTMatthias Luft is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he has developed his own approach in evaluating and reviewing all kinds of applications, protocols and technologies. As one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention, he is a regular speaker at international security conferences and will happily share his knowledge with the audience.

Original research by world renowned cyber security experts


VIRTUAL CLOUDSThe use of virtualization technologies has a considerable impact on the security architecture in countless organizations. Existing concepts, which are based on network zones and physical separation of resources cannot be mapped in their entirety and often, are in contrast to the IT targets (key word: consolidation). The introduction of virtualization will lead to changing risks, either through a higher complexity (and unclear responsibilities/changing operating procedures) or through new attacks like "Cloudburst"against the hypervisor. In many environments, the next degree of abstraction is on the horizon: Cloud Computing

The goal is to achieve an adequate risk level in an increasingly abstract IT world. In order to achieve this you need to develop a deep understanding of the involved technologies, components and vendors and their security features.

This course will enable you to make well-founded decisions and to use virtualization and/or cloud architectures efficiently and safely.

DANIEL MENDEDaniel Mende is a German security researcher specialized in network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including CCC Easterhegg, IT Underground/Prague and ShmooCon. Usually he releases a new tool when giving a talk.

ADVANCED REVERSE ENGINEERING

AGENDAParticipants will be introduced to the reverse engineering of closed-source software on Windows and embedded platforms following a structured approach. All necessary tools and methods will be introduced. Their correct and efficient usage will be taught, including practical examples and exercises. The goal of this workshop is to enable participants to successfully conduct reverse engineering projects in a efficient and structured way. Success factors and alternate approaches will also be discussed.

• Reverse engineering basics• Introduction to the basic tools• Windows binary (Portable Executables) format• Disassembling basics & common problems• Decompiling basics• Rating of the reliability of results• Debugging & API monitoring introduction• Advantages of API monitoring• Adjusting debuggers for certain RE projects• Runtime vs. static analysis• Code coverage basics• Structured approach for reverse engineering• Advantages & disadvantages• Limitations & potential solutions• Important add-ons• Dissassembler and decompiler SDKs• Special requirements & considerations for

embedded systems• A variety of reversing exercises, including

embedded targets • Recommended readings

GRAEME NEILSONGraeme Neilson is a security consultant/researcher for Aura Information Security in Wellington. He has worked in security for over ten years with a focus on network infrastructure and reverse engineering. He has presented at Kiwicon (Wellington, New Zealand), Ruxcon (Sydney, Australia), BlackHat (Las Vegas, USA) and, of course, Day-Con.

This class will teach you how to think like a reverse engineer


PACKETWARS BOOT CAMP

WHAT IS PACKETWARS?PacketWars™ is a sport like nothing you have ever experienced! Games, known as “Battles”, pit individual players against each other in a race against time to achieve predefined objectives, win prizes and attain fame. Operating in the shadows of the Internet, beyond the rule of TCP/IP and devoid of compassion, a secret war rages. Sometimes spilling over into the real world, digital battles are waged to advance the will of the combatants.

OFFENSIVE & DEFENSIVE COMPUTINGThis workshop provides you with insights into a broad variety of hacking techniques. Experts will show you everything from basic principles to the latest advanced tactics of modern computer warfare.

It’s no secret that only well trained IT security experts are able to defend their assets. Even if you follow the industry “best practices” to protect your assets, the attacker only needs to exploit a single weakness in your defenses, making it seem impossible to prevail.

With this workshop we turn the tables: You’ll learn to think and act with the mindset of an attacker. Understanding their motivation, tools and logic will enable you to gain a new perspective of your security posture. You will learn the methodologies of a targeted attack and develop a kill-chain defense mindset. Join us and become a Cyber Warrior.

PACKETWARS INSTRUCTORS (Members of the X3 PacketWars™ Champions ERNW AllStars) This session is brought to you by seasoned experts from ERNW. With loads of experience in the field, pen testing is said to be their favorite discipline in the world of IT security. Bringing your own equipment is advised. Please let us know if you would prefer to work with our hardware.

ONE MORE THING:At some point you have to test your skills under real world conditions. The ultimate goal of this session is to assemble a strong team for the PacketWars™ competition on Saturday. But beware! With great power, comes great responsibility and therefore there is only one plausible goal to aim for: Victory.

Learn from the best in the business


HANDS ON TRAINING WORKSHOPThe combatants are as varied as they are skilled and motivated. Every engagement is unique. It is our duty to chronicle these events. Join us as we open a portal to extreme hacking. Do you have what it takes to survive? BYOL (Bring Your Own Laptop), if you want to join!

NEXT STEPS

All workshops will be held at the Crowne Plaza in beautiful downtown Dayton, Ohio

A special event rate of $82/night can be secured by calling 937-224-0800 and referencing Day-Con 2012.


Pricing is a sliding scale based on the number of days you want to attend. First day $900, $600 for the 2nd day and $500 for the 3rd day.

If you sign-up for a work shop, you get a complimentary Day-Con VI pass. This pricing represents a significant discount on the pricing you would pay to take this training in it’s native country (not to mention the exchange, hotel rates and language barriers).

All presenters are real practitioners with much of the content being presented by the original researchers.

SIGN UP FOR WORKSHOPS NOW

If you sign-up for a workshop you get a complimentary Day-Con VI pass.

http://day-con.org

IF YOU WANT TO ATTEND

simply send an email to [email protected] with the subject line of POOH 2012. Please include the name you want to register under and which workshop(s) you want to attend. Payment details will be sent back to you via email. Methods of payment include Paypal, certified check or money order.

DAY-CON VI TRAINING SCHEDULEDAY-CON VI TRAINING SCHEDULEDAY-CON VI TRAINING SCHEDULEDAY-CON VI TRAINING SCHEDULEDAY-CON VI TRAINING SCHEDULEOCTOBER 9TH-13TH, 2012 TUE 9, 2012

9 AM-5 PMWED 10, 2012

9 AM-5 PMTHU 11, 2012

9 AM-5 PMFRI & SAT

IPv6 Security DC VI

Mobile Security DC VI

Cloud & Virtualization Security DC VI

Advanced Reverse Engineering DC VI

Packetwars Boot Camp DC VI



Documents

POINT OF ORIGIN HACKING WORKSHOPS - Day-Con XIII · VMware ESX • Attacks from the guest against the hypervisor • Typical operational problems • The problem of “Rogue Machines”