Black Hat Digital Self Defense Europe 2006
Trainiing

Note: if the class is overfilled, then you will be wait-listed. You will be contacted should this occur.

training

Black Hat Europe Training 2006
Grand Hotel Krasnapolsky • 28 February-1 March

Course Length: 2 days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Early Bird: before
1 February 2006
1500 EUR
1800 USD
Regular: after 1
February 2006
1665 EUR
2000 USD

REGISTER NOW

Two Day Course
28 February-1 March

Invisible Network, Invisible Risk

Adam Laurie
What to bring:
Students should bring their own laptop, with WIFI and network capability. During the course, network sniffing and wireless discovery tools will be installed. Students that do not wish to install tools or do not have a suitable laptop available will be able to follow the process on the trainer's demonstration system.

Students should be familiar with installing software and device drivers on Windows or Linux, and have a basic working knowledge, at application/port level, of TCP/IP and networking in general.

Overview:
The explosion of wireless networking has given rise to a parallel explosion of increased risk, due to the ease with which out of box deployments can be compromised, and the lack of expertise required to get them up and running in the first place. Recent studies have shown that despite being well known, the problem of open and insecure network deployments is on the increase, and even highly publicised 'war driving' efforts have done little to curb their growth.

This course will cover the best paractice procedures for deploying wireless networks securely, as well as the tools available for both auditing penetration testing. During the course, you will learn the history of the problems associated with wireless networking, the measures and counter measures taken along the way, and some of the more interesting phenomena surrounding the technology, such as war-driving and 'free' community network projects, like Consume in the UK and BAWUG in the USA.

We will also look at some of the less well known, but increasingly prevelant technologies, such as Bluetooth, Infra-red, RF and RFID which carry with them some suprising, unexpected and interesting risks.

Subjects covered:

  • Wireless access points.
  • Standards: 802.11a/b/g
  • 10 golden rules for running a wireless network
  • Range considerations
  • End to End encryption on insecure networks

Security and encryption:

  • WEP, WPA, AES, VPNs

Authentication:

  • 802.1x, EAP, Radius, Chap, PAP

Tools:

  • Wardriving
  • WEP Cracking
  • Network discovery
  • Network sniffing

Bluetooth:

  • Fundamentals - hordware, network layer, application layer
  • Linux/BSD tools
  • Known exploits & vulnerabilities: Bluejacking, Bluesnarfing, Bluebugging, Bluekissing, Bluebumping
  • Range considerations

Infra-red:

  • Tools
  • Known exploits
  • Future exploits?

RF/RFID:

  • Tools
  • Known exploits
  • Future exploits?

Learning Objectives:

  • Familiarity with Wireless network standards
  • Familiarity with Wireless network vulnerabilities
  • Learn to deploy Wireless networks securely
  • Learn to audit Wireless networks for security
  • Learn to use insecure networks securely
  • Familiarity with Bluetooth components
  • Awareness of risks associated with Bluetooth
  • Awareness of other potentially risky technologies

By the time you have completed this course, you will be confident that you can deploy a wireless network and/or check that your network is secure. You will also learn how to use completely insecure and untrusted networks without compromising your own security. Just think—you'll be able to attend DEFCON and *still* be able to remotely manage your office firewall over the free wireless network at the Alexis Park! :)

What to expect:
This course is a mixture of lecture and hands-on. Students will have the opportunity to see wireless auditing and hacking tools in use, as well as installing and trying them out for themselves, and there will be plenty of question and answer sessions throughout.

As well as the course notes and slides, students will leave with a CD containing all the tools and drivers used during the course.

Who Should Attend:

  • Network Managers
  • System Administrators
  • Road warriors

ISC2 CISSP/SCCP CPE Credits
Students are eligible to receive 16 Continuing Professional Education (CPE) credits upon completion of class. Black Hat will automatically forward your information to ISC2.

Course Length: 2 days All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Early Bird: before 1 February 2006
1500 EUR
1800 USD
Regular: after 1 February 2006
1665 EUR
2000 USD
Trainer:

Adam Laurie is Chief Security Officer and Technical Director of The Bunker Secure Hosting Ltd., and has been involved in the compter industry since the Eighties. In the late Nineties, he and his brother, Ben Laurie, published the secure web server package 'Apache-SSL', which went on to become the leading secure web server software worldwide, and set the de-facto standard. This, in turn, led to a focus on computer security, and the founding of 'The Bunker', a hosting facility dedicated to highly secure hosting. Adam has been responsible, since it's inception, for the recruitment and training of all of the security and sysadmin staff at The Bunker, and continues to provide the framework for ongoing and future training. He is also a long time member of the DEFCON 'goon' staff, and was involved in the initial years of setting up the Black Hat conferences. In his spare time (what little of it there is), he likes to make small (usually round) holes in things, preferably from a great distance.

Black Hat Logo
(c) 1996-2007 Black Hat