Course List
Course Content
Richard O Lindberg - "Secure Coding" (2 day)
Many of the common problems found in applications are caused because security concerns are put low on the to-do list, right after "Documentation". Getting a product out the door is usually the priority. However, management is becoming more aware of the cost of fixing security problems, especially if they result in the loss of private customer or corporate information. The truth is that security has virtually no added development cost if it is included with the very first line of code.
We will go through common application vulnerabilities and how to avoid them. At the same time we will be setting up the Windows development environment for PHP extensions. During the workshop we will be creating and maintaining some PHP extensions in Windows.
To get the most out of this workshop you will need to know C and/or PHP. PHP extensions are written in C. You will need a laptop with basic software already installed.
- Microsoft Visual C++ 6.0
- Apache, PHP and MySQL. An easy, free way to do this is to download FoxServ 3.0
|
Richard is a working programmer. Throughout his career he has worked in very security conscious industries, auditing, banking and insurance. During his time in the military, he held a 'Top Secret' clearance.
He was a fringe member of the Homebrew Computer Club in the 1970s. He has authored programming articles and wrote the monthly column entitled 'Softwareland' for two years. He soldered together his own PC that was later donated to a college.
Richard believes that most security problems are in applications and learning from the experience of others helps us all write better, more secure programs.
He is currently an independent contractor with NTObjectives Professional Services. Richard has spoken at Interz0ne and taught Secure Coding at GrayArea.
|
|
- Back to top - |
Michael Hamelin - "Information Warfare Level 1"
(1 day Thursday 3/9/06)
Security can no longer be a glancing thought for your corporate business systems. Whether you're in charge of external systems or internal B2B, or employee access systems you need to master the art of Hacking. A war has been waged against our privacy and security and this course is designed to equip you with the skills necessary to begin wining the battle. We have moved beyond the usefulness of perimeter firewalls and simple security designs. It is now up to you the Security Expert to keep your company's asserts intact.
This rapid delivery course will focus on the skills necessary to assess, hack, and then secure the most critical platforms found in today's corporate network. We will focus on Windows Server 2000/2003, Linux/Unix, and Cisco routers. We will be looking at network based attacks and denial of services, local privilege escalations, buffer overflows, and more. We will be looking at the most up-to-date tools used by Hackers for breaking in, and the common tools used by security experts in keeping the Hackers out.
The course will teach you these basic objectives:
Understanding the art of the Attack
Why the Perimeter falls
Scanning and Reconnaissance
Weakness of Microsoft Windows
Weakness of Unix/Linux
Why Intrusion Detection fails
OpenSource security tools
How to design for a Defense in Depth
This is a hands on course. Both days will be packed with up-to-date labs. Students are expected to come prepared. Everyone should have a good understanding of general networking and the TCP/IP protocols. Students should have a good working understanding of Linux and/or Windows.
There will be Security challenges run each night. The first challenge will present the students with an unknown network and challenge the skills leaned in class to assess and Hack the challenge network. The second challenge will divide the class into four teams who must secure an unknown system while attempting to break into their opponents system simultaneously. Students are expected to apply what they have learned in the class each night in these hands on group exercises.
|
Michael is the Security and Network Architect for a major cable company ISP where he oversees the design and integration of all network and security elements for the data centers. He has an extensive background in high availability system and network design. He
has 10+ years experience in network and system security specializing in firewalls, IDS, and
anonymously detection. He holds a deep real world understanding of security practices, and a very technical hands on knowledge of Sun, Linux, Cisco, Foundry, Alteon, Nokia, and Checkpoint.
Michael was the Practice Manager for Verisign's (previously SecureIT) security practice, where he managed the world wide consulting practice. Before manging the team he was part of the FIRE Team (Forensics, Intrusion, Response, and Engineering Team). He has performed security assessment and penetration studies around the world for both private and public corporations, and well as government organizations both domestic and foreign
After leaving Verisign, Michael helped build Vigilar as their Security Evangelist. He gave many talks around the country leading to a course titled 'Why Good Companies Get Hacked'.
Michael has co-authored several highly successfully courses including:
- Applied Hacking and Countermeasures
- Open Source Security Methods
- Why Good Companies Get Hacked
- Check Point Firewall-1 (the unofficial guide)
Michael holds the following certifications:
CISSP, NSA IAM, CCSA NG, CCSE NG, CCSI, NSA
|
|
- Back to top - |
Scott Moulton, CCFS - "Enterprise Forensics" (2 day)
A DEAD MAN WAS DISCOVERED IN A room in Orange County, California. The
body was slumped over a keyboard in front of his computer where the
cursor was still blinking. A small web camera was pointing at the
victim as his lifeless body sat staring at the computer screen. After
the Orange County Public Defenders office heard the roommate's story,
they decided they needed to know what evidence existed on that computer.
If you would like to know what evidence was revealed, join Mr. Scott
Moulton for an in depth look at computer forensics and how you can have
a career investigating computer artifacts.
Forensics is a growing field where training with hands-on experience is essential for continued success.
With a deft blend of high-tech FLASH and true crime stories, Mr. Moulton's presentations are always lively and informative.
He demonstrates how computer forensics works to recover seemingly lost
evidence that can help establish guilt - or innocence - without a shadow
of doubt.
"Mr. Moulton's speeches are the most interesting I've ever seen," says
Reid Trego, who wants to pursue his education. "Everyone enjoys it."
In the real world, forensic investigators have fingerprints and physical
evidence as clues, but in the digital world the evidence lives as
artifacts on hard drives. Scott Moulton is one of the few independent
forensics investigators that pursue those artifacts. Mr. Moulton has
handled many complex cases that include but are not limited to homicide,
embezzlement, theft, divorce, child pornography and corporate fraud.
This class focuses on collecting and preparing evidence where a personal
computer contains data that may be useful as legal proof in a case. It
will include case studies, evidence handling, tools and tricks of the
trade, reviews and demos of hardware and software, operating system
platforms, documenting the case and presentation of that material.
IF you would like HANDS-ON training and are planning a career in computer forensics, first responder or corporate
investigations, you need to ACQUIRE a seat in this class.
Class requirements : Windows XP installed Laptop Computer w/ 20G free harddrive space.
|
In the emerging field of computer forensics, few people have the
expertise to understand not only how to recover missing or corrupted
information from computer equipment and other media, but also how to
administer painstaking precautions so the recovered evidence remains
applicable in an audit or admissible in court. Scott Moulton, president
of Forensic Strategy Services, LLC, is one of those experts. With a
deft blend of high-tech FLASH and true crime stories, Mr. Moulton's
presentations are always lively and informative. He demonstrates how
computer forensics works to recover seemingly lost evidence that can
help establish guilt - or innocence - without a shadow of doubt.
|
|
- Back to top - |
|
|