Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: SANS London

SANS EMEA Webcasts 2011

In a break from what seems to have become a yearly tradition for me, I won’t be able to make it to the SANS London event this year. As sad as it is not to catchup with old friends and make new ones, I’m taking on another challenge this year (more on that another time) and there just wasn’t enough time to make both happen. However, that doesn’t mean that you readers get off without my regular post on what the great SANS EMEA team are up to in the build-up to the conference taking place in December.

As is customary for the month or so prior to the conference , SANS EMEA have arranged a number of regular Tuesday webcasts to talk about interesting and topical themes that might be interesting for readers of the blog. As much as the webcasts are designed to enthuse about the SANS classes, they also have great content and I feel stand alone even for people who don’t/can’t attend the training themselves. Another plus is that as these are EMEA focused webcasts, you don’t have to stay up till 2AM to watch/listen live (like the US-based webcasts).

I’ll leave it up to you, the reader, wether or not you find them interesting… This year is a good mix of technicaland audit content, with a little Social Engineering thrown in for good measure. Enjoy!

Tuesday October 4th 2pm BST 3pm CEST
Defending Against APT: IT Audit Techniques In Action with David Hoelzer

Are you already compromised?  It can be really hard to know unless you really know your systems.  Sign up and tune in for a one hour fast paced discussion of how to merge some simple continuous monitoring controls together to identify signs of Advanced Persistent Threat malware for which there are no signatures.  David Hoelzer, faculty fellow and well known security lecturer will give you actionable techniques that you can put into practice immediately following the webcast!

Tuesday October 11th 3pm BST 4pm CEST
Attacking the Human: A Look at Client and Customer-side Attack Vectors with Stephen Sims

During this one hour talk, live client-side hacking techniques will be performed, demonstrating the impact of using such attack vectors. How easy or common is it to incorporate social engineering into a client-side attack? We will look at scenarios where this is applicable, as well as some social engineering techniques used on a grander scale. How are attackers stealing money these days? We’ll look at some real-world examples. The low-hanging fruit has dwindled in many instances, forcing attackers to become more clever, or attack with more traditional techniques like physical theft. Gone are the days of simple remote exploits, and lessening are the number of web-based attack vectors. There are only so many 0-day exploits available…

Tuesday October 18th 2pm BST 3pm CEST
The Intersection of Cool Mobility and Corporate Protection: Practical Steps for Assessing the Security of Mobile Devices with James Tarala

Cool Mobility in business terms is mobile productivity. It enables a workforce to have instant access to information through mobile applications anywhere, anytime. People are fundamentally changing the way they work, and in order to remain competitive, organizations are making enterprise applications accessible through mobile devices. But, what about the confidential data? How do we audit those mobile devices? This presentation will provide a streamline approach to auditing endpoint security on mobile devices.

Tuesday October 25th 2pm BST 3pm CEST
Scapy, Packets, Fun: IPv4 and other dead protocols with Johannes Ullrich PhD

IPv4 has been around the block a few times, and attackers have poked at hit whenever it past them along the way. Needless to say that IPv4 of today isn’t the same protocol we got to know and love 30 years ago. Since conception and birth, IPv4 has had its good and bad times and all is visible in the conglomeration of standards defining a protocol that is now a lot more saggy and heavy then the slick and slim streaker defined initially. We will go over some of the realities of modern IP networking. Why did it change? what are some of the issues you may not know about? How do real networks affect how the protocol actually works vs. how it was supposed to work. Buffering, Layer 9 switches, ubiquitous proxies and non compliant firewalls can have interesting affects on network performance, intrusion detection and security controls. We will use scapy as a tool to experiment with these affects.

SANS European Webcasts

In the buildup to the SANS London conference, the nice folks over at SANS Europe are running a few interesting Webcasts especially for us EU folks. It’s nice to have some interesting content that doesn’t involve staying up till midnight to watch 😉

Some of the content sounds interesting… If you’re headed to SANS London make sure to say hi (I’ll be attending the SEC660 and SEC580 classes).

UPDATE: New Advanced Penetration Testing Class from SANS

I posted a few weeks back about the new SANS SEC:660 class coming to the SANS London conference at the end of November. Last week I managed to get Stephen Sims (one of the authors of the new class) on the line to chat about what the new 6-day course is all about, and what it provides over and above the SANS SEC:560 class. We also talked about the fate of his SEC:709 “Developing Exploits for Penetration Testers and Security Researchers” class and how advanced exploit classes are a niche offering.

You can download the audio of my chat to Stephen through the Eurotrash Security Podcast feed (iTunes | XML Feed) or directly from here.

Stephen Sims will also be giving a SANS@night presentation at SANS London discussing “Microsoft Patch Analysis and Exploitation”.

If you’re looking for more information about the course or have any additional questions please feel free to checkout the course overview here or contact Stephen Sims directly through email (stephen@deadlisting.com)

Note: The new SANS SEC:580Metasploit Kung Fu for Enterprise Pen Testing” will also be running at SANS London… look for a review of the SEC:660 and SEC:580 courses once the conference concludes.

New Advanced Penetration Testing Class from SANS

Back in 2008, SANS released their Network Penetration Testing and Ethical Hacking class (SEC560). At the time it was listed as “SANS Security 560 is one of the most technically rigorous courses offered by the SANS Institute”. I had the pleasure of taking the class with John Strand back in 2008 and it was a great class, with a lot of great pointers for a penetration tester getting into the business. It was certainly head and shoulders above the other classes on offer.

Since then, the industry has been all about certification. New certs and classes have popped up all over the place. Just over 2 years later, and SANS have just released their new Advanced Penetration Testing, Exploits, and Ethical Hacking class (SEC660). Incorporating new techniques that build on the previous class. The new class will be given boot camp style (with evening sessions), to maximize the content.

SANS will be running the SEC660 class with Stephen Sims at the December SANS London event… Make sure to book early, if the SEC560 class is anything to go by, then this ones going to be popular!

Links :