Secure Hands-on

For those who would like to broaden their practical skills, on 24th October 2011 will take place four "SECURE Hands-on" parallel workshops blocks concerning variety of current security issues. The workshops will last the whole day and the registration for a workshop session is subject to availability of seats.

  Spyware analysis (SpyEye and Zeus)

Warsztaty z analizy złośliwego oprogramowania - spyware

Instructors

SPYWARE - (spy + software) is malicious software, whose main purpose is to spy on user actions, and monitoring information stored on the infected computer. These programs send information gathered without the knowledge or permision of user to the "author" of the program. Spyware is currently one of the greatest threats - taking into account the fact that more and more information are stored on computers. Newer versions of malicious software often are equipped with mechanisms allowing to modify data on pages viewed by the user, which - eg in the case of electronic banking - is a major threat to the confidentiality and reliability of transmitted data.

The workshop aims to present functionality of the malicious software used for information stealing. All the stages of infection, and installation of malicious software on computer will be discussed in details. The training includes presentation of mechanisms of obfuscation and hidding the true functions of the program and methods for their detection and avoidance. Also theere will be complex analysys of the basic functionality and characterization of the spyware. There is also a possibility to look at the process of infection and reporting data from both the victim and the person managing the botnet point of view.

Target group

Training is aimed mainly at people involved in the analysis of malware.
requirements for participants:
- basic knowledge of programming (C language recommended)
- basic knowledge of network protocols (TCP+HTTP)
- basic knowledge of Windows operating systems

Technical requirements

Attendees should have an own PC with any operational system, on which should be installed:

• Wireshark
• Virtualbox 4.0+ (with Windows XP SP2)
  - on this wirtual system following free software:
  • IDA
  • OllyDBG
  • Sysinternal Suite
  • PEexplorer
  • UPX
  • PEID
  • resourceHacker
  • hexEditor
  • Wireshark

  Anatomy of malicious PDF files

Instructors

PDF (Portable Document Format) files are widely used as a standard way of delivering content such as documents and forms. But from a security expert perspective PDF files are one of the most common and dangerous attack vector directing Internet users.

The workshop goal is to familiarize participants with methods of delivering malicious content inside a PDF file. Instructors will present some of the most useful tools for analysis of malicious PDF files. Also the most popular techniques of exploitation will be presented alongside with description of vulnerabilities and typical traps set for researchers.

Additionally, participants will be presented with some basic methods and tools for JavaScript analysis. The JavaScript code is usually embedded inside PDF files and used for injection of malicious shellcode.

Target group

The workshop is targeted mainly to IT security experts whose main field of expertise is malware analysis, incident handling and security systems administration.

Technical requirements

Participant must bring a laptop equipped with:
- USB 2.0 port,
- 802.11g WiFi card,
Software requirements:
- VirtualBox 3.2.12 or higher version,
- at least 4GB of free diskspace.

  Snort workshop

Instructors

Sourcefire, the creators of Snort, have the honour of inviting you to a one-day Snort workshop. The main topic of the workshop will be understanding of Snort detection rules syntax. Participants will have a chance to gain knowledge and practice in the following:

• Understanding how traffic analysis processes work in Snort
• Manual decoding of IP frames
• SRules language syntax (header and payload)
• WDiscovering events in unprocessed payload and traffic normalisation buffer
• Measuring efficiency and understanding negative impact of different methods of writing rules

Target group

Required is knowledge about IP networks and security basics. The targeted audience should have some experience with implementation and support of IDS/IPS systems and be interested in creating own attack detection rules.

Technical requirements

Attendants should bring their own laptops with network adapters and SSH clients.

  VoIP insecurity workshop

Instructors

This workshop will introduce common VoIP security vulnerabilities, mitigation and solutions. After describing the basics of the involved protocols and security concepts, we will cover attacking signaling protocols. This includes attacks on protocols such as SIP, SCCP and MGCP. Then we will also go through attacks on the media, i.e. the RTP stream which carries voice and video data. Finally we will talk about forensics and case studies of VoIP-based intrusions or fraud. We will have practical sessions focusing on both VoIP protocol specific attacks as well as product (i.e. both software and hardware phones / PBX servers) specific attacks.

Attendees will gain a valuable practical understanding of what threats surround VoIP systems from this workshop session in order to make better informed decisions on the technology.

Technical requirements

Target group

Organizers: