1 - SPAM
Draper (aka Captain Crunch)
4th & 5th October 2004
The Westin Kuala Lumpur
- CLASS IS FULL
Capacity: 30 pax
RM1,500 per person.
This course will examine and
discover the methods deployed by spammers, hackers, and other
insurgents in their never ending quest to fill as many mailboxes
with spam and smut as possible.
Participants will get a hands
on experience in how to interpret spam mail headers, identify mail
sending points, extract domain ownership information on who really
owns these spam promoted web sites, and how to track them.
The course is based on analysis
of the tools spammers use to control large amounts of infected
machines for their deeds, whatever they are.
This includes the use of Honey
pots for the purpose of deliberately infecting a machine, then
“sniffing” the network for anomalous behavior.
These sniffed logs are then
examined to determine their protocol, examine payload, and identify
unique “patterns” which are used to construct Snort IDS rules for
the detection of any communication protocol the virus or Trojan may
During the course, the
participants will be introduced to the following methods, code, and
tools for the identification of these viruses, as well as the
Examining spam mail to identify it’s source
network tools to identify the organization the spam came from
Setting up an IDS and network analysis system
Sniffing and identification of virus or Trojan communication
Examining methods of acting on IDS events in real time.
Network tracing to identify upstream providers
Examining how viruses and worms are spread.
Participants would have access to UNIX and
Windows OS machines, with access to Python programming language,
used to write specialized programs and tools.
Key Learning Objectives:
manage and deal with the large volume of spam
protect your network from hostile attacks from inside or outside
write Snort rules in almost “real time” to detect new threats as
they come in
Identification of 'Phishing' schemes, and Email tracking.
Tracking down spammers
protect you and your network from outside threats
develop a spam managed Email system
report spam, and what ISP’s want in their reports.
Who should Attend:
Network and System administrators
and technical management
interested in a spam free internet experience.
Founder and CEO of Shopip Inc,
now involved in a new venture dedicated to promoting a spam free
internet experience for all internet users. His focus as been with
analyzing spam, it’s sources, how it’s sent, and how to deal with it
on a larger more global scale.
John also provides custom
consulting services, training, and other means of spreading
important information on how we all can protect the fragile internet
infrastructure by developing real time reactionary tools for dealing
with these kinds of threats.
Previously, John has developed
the Crunchbox, an IPS (intrusion prevention system) using stealth
means of hiding and protecting important internet assets while still
allowing these assets to be used by outside users, and yet keeping
unauthorized users totally in the dark to even the existence of such
a protected network. “You can’t hack what you can’t see” is his
John Graduated from College in
Silicon Valley, the high tech mecca where most of this technology
was developed, then went on to develop EasyWriter, the first word
processor Program ported to the popular Apple II, putting
sophisticated word processing in the hands of the masses.
John has appeared on nationwide
TV in numerous interviews, relating to telecommunications and
internet security, and has traveled all over the word to give talks
and training sessions on this important subject.
A few years ago, when spammers
shut down his popular web hosting and Email service, John took this
as a personal attack, and got actively involved in the anti-spam
movement, and is now shutting down more then 150,000 infected hosts
per month through his aggressive spam reporting system.
REGISTER NOW !
2 - WEB
Consulting and MIMOS Consulting Group (MCG)
This course is
an intense two-day journey into the innards of web application
security. Brought to you by the authors of “Web Hacking: Attacks
and Defense”, the class is based on case studies of real-life web
applications riddled with security problems. Participants are given
a hands-on experience in performing thorough application security
reviews, as well as secure coding and application deployment
The course is
based on a highly proven application testing methodology,
encompassing black box and white box testing techniques, application
security principles and practices, and real world examples.
course, the participants are introduced to a web application, which
they have to secure by the end of the training class. The
application lockdown exercise takes the participants through various
concepts such as:
Understanding application security issues
Applications: Attacks and Defense” class features web applications
written using ASP or PHP, encompassing security issues such as:
edition of the “Web Applications: Attacks and Defense” class
features a more complex web application, written using ASP, PHP,
ASP.NET or Java/JSP. In addition to the regular class, the advanced
edition class includes security issues such as:
security with stored procedures
involves rigorous hands-on exercises.
that occur when developing a web application.
issues when deploying a web application.
application security testing
configuring web servers
basic errors in web application code
procedures to test and maintain the security of a web application.
with security testing tools and procedures
Learn what can go wrong with badly written application code, and
how to prevent such errors.
administrators: Learn how to securely configure a web server and
an application server, without compromising on functionality.
security analysts: Learn how to systematically analyze and audit a
managers / IT managers: Learn how to be effective in maintaining a
secure web application, going ahead.
Saumil Udayan Shah
Founder and Director,
Solutions Pvt. Ltd.
to lead the efforts in e-commerce security research at Net-Square.
His focus is on researching vulnerabilities with various e-commerce
and web based application systems. Saumil also provides information
security consulting services to Net-Square clients, specializing in
ethical hacking and security architecture. He holds a designation of
Certified Information Systems Security Professional. Saumil has had
more than nine years experience with system administration, network
architecture, integrating heterogeneous platforms, and information
security and has performed numerous ethical hacking exercises for
many significant companies in the IT area. Saumil is a regular
speaker at security conferences such as BlackHat, RSA, etc.
was the Director of Indian operations for Foundstone Inc, where he
was instrumental in developing their web application security
assessment methodology, the web assessment component of FoundScan -
Foundstone's Managed Security Services software and was instrumental
in pioneering Foundstone's Ultimate Web Hacking training class.
Prior to joining
Foundstone, Saumil was a senior consultant with Ernst & Young, where
he was responsible for the company's ethical hacking and security
architecture solutions. Saumil has also worked at the Indian
Institute of Management, Ahmedabad, as a research assistant and is
currently a visiting faculty member there.
from Purdue University with a master's degree in computer science
and a strong research background in operating systems, networking,
information security, and cryptography. At Purdue, he was a research
assistant in the COAST (Computer Operations, Audit and Security
Technology) laboratory. He got his undergraduate degree in computer
engineering from Gujarat University, India. Saumil is a co-author of
"Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the
author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)
Solutions Pvt. Ltd.
Shreeraj founded Net-Square in January 2000, to establish the
company as a strong security research and security software
development company. Net-Square has been instrumental in developing
and exporting web security components companies such as Foundstone
and NT OBJECTives. He leads research and development arm of Net
Square. He has over 5 years of experience with system security
architecture, system administration, network architecture, web
application development, security consulting and has performed
network penetration testing and application evaluation exercises for
many significant companies in the IT arena. In the past Shreeraj
worked with Chase Bank and IBM in area of web security.
Shreeraj graduated from Marist College with a Masters in Computer
Science, and has a strong research background in computer
networking, application development, and object-oriented
programming. He received his graduate degree in Computer Engineering
from Gujarat University, and an MBA from Nirma Institute of
Management, India. Shreeraj has also authored a book titled "Web
Hacking: Attacks and Defense" published by Addison Wesley.
REGISTER NOW !
security is critically important to today’s organizations. You
business may depend on the future of an eBanking. Esgulf has
developed a comprehensive practical course that introduces you to
information security and protection from the Hackers perspective.
This one-day intensive course prepares you to understand your
organization information protection needs in the new age of the
We will cover
practical topics of information security. We expose the participants
to the nature of vulnerabilities and how they are being exploited by
hackers today. We will highlight the state-of-the-art technologies
to defend and manage the risk against these threats. We will build
real awareness about today’s dangers in information security. We
provide a practical view of the real dangers your organization faces
from Hackers and understand the requirements to develop effective
protection standard, policies and monitoring systems for their own
business. This course is based 100% on practical and real world
Key Learning Objectives:
Web Security Basics
the News, Attacks and their nature
Vulnerabilities, Methodology for Security
Exploiting weaknesses and vulnerabilities
Covering tracks, Creating back doors, Denial of Service
Google as a
Link, Human Element
Key elements of Infosec
Awareness, Training, Education
Who Should Attend:
Management and key decision makers.
President and CEO,
nineteen years of IS experience and six years of security
experience, Mr. Sebastiao brings experience, creativity, structure
and innovation to the “E-Business computing”.
As CEO at
E-Security Gulf Group; he architects business focused security
solutions. Previously at Computer Associates Middle East and
Computer Associates Canada he implemented leading Enterprise
Management, Security Management and Information Management solutions
for mission critical business applications.
He has guided
clients in the integration of current technologies and migration of
legacy applications to newer computing paradigms which make use
of--object orientation, distributed systems, client/server,
multi-tier as well as E-technologies. Mr. Sebastiao also
co-authored a consumer credit and information book titled "La Face
Cachée du Credit".