Black Hat USA Training 2008

Caesars Palace Las Vegas • August 2-7

Defend the Flag

Microsoft, iSEC Partners, Immunity

Overview:

In educating the next generation of windows defenders, Microsoft has put together Defend The Flag training. Defend the Flag (DTF) is a unique opportunity for students to learn about defense in an interactive, hands-on environment. Students will be trained to use attack tools and through training and experimentation learn how to defend themselves against the real threats they face.

Day One
Attacking Windows

• The attacker mindset - what are they thinking?
• Techniques and methodology of attack.
• Mapping target networks and identifying vulnerable systems.
• Labs on using an exploit framework - so easy your grandmother might already be doing it.

Defending Windows

• Preparing for an attack
• Hardening Network protocols, system services, DCOM
• Setting ACLs on file objects and on the registry
• Security-relevant registry settings
• User rights assignments
• Audit and event logs
• Account and password policies
• Group Policy Settings
• During the attack
• How to find out that a system is under attack or has been compromised
• How to stop the attack
• After the attack
• Basic forensics
• How to prevent recurrence

Day Two
All-day melee-style competition, where each team has both attackers to disrupt the other teams, and defenders to try to keep their own systems up.
Prerequisite working knowledge

• Basic Windows administration for servers and workstations
• No previous hands-on attack experience necessary

Equipment
Laptops will be provided for the students pre-configured for the class

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Black Hat Certificate of Completion will be offered.

Trainers:

Brad Hill:

Brad Hill (Seattle, WA) is a Principal Security Consultant with iSEC Partners, a strategic digital security organization, where he leads assessment teams, conducts architectural reviews of large-scale systems and develops and delivers technical training. With a background in the financial services sector, he brings practical experience with software engineering and distributed applications to his current research work on Web Services, SOA and Windows platform and application security. Brad has presented original research and tools at conferences including Black Hat, SyScan, and OWASP events, been an invited speaker at top software companies and a workshop participant with the W3C XML Security Working Group. His extensive experience with Windows platform security includes participating at Microsoft as a member of the final security review teams for Windows Vista and Server 2008.

Alex Stamos:

Alex Stamos is a founding partner of iSEC Partners, Inc, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec. He holds a BSEE from the University of California, Berkeley.

Andrew Becherer

Andrew Becherer is a Security Consultant with iSEC Partners, a strategic digital security organization. He has a diverse skill set developed in the financial, education and non-profit sectors. Mr. Becherer received a B.S. in Computing and Software Systems from the University of Washington, Tacoma and holds a B.A. in Sociology with a minor in History from the University of Kentucky.

Chris McKinley

Chris McKinley is a Security Consultant with iSEC Partners, Inc. Chris is an experienced software developer with a diverse background developing everything from highly scalable web applications to embedded systems to desktop applications in a wide variety of languages. Applications he has worked on process credit cards, book airline tickets, monitor servers, and some of them even know how to update themselves. Chris has sometimes built and maintained the servers which run those applications.

Immunity Security

DTF users will be using Immunity CANVAS attack software, with hands on training by Bas Alberts and Dave Aitel. Bas is Immunity's senior CANVAS exploit and engine developer and is the person responsible for CANVAS's most advanced features. Bas is the author of several articles and published papers related to offensive computer security research and industry analysis, and is a regular trainer and speaker at industry conferences. Dave is the founder and CTO of Immunity. Prior to starting Immunity Dave was a consultant with @stake and a research scientist with the National Security Agency

Early: Ends May 1	Regular: Ends July 1	Late: Ends July 31	Late/Onsite: Aug 1 on
USA 2200	USD 2400	USD 2600	USD 2900