Workshops
Note: Workshops will be booked on the day in a first come first basis. The format is small so to give the opportunity to get close and personal with a guru in the subject.
11am - 13:00pm - Security Testing (A.K.A PenTesting) for the non-Specialist Meet the expert(s): Marion & Rory Mccune Directors of ScotSTS Ltd - professional Security Testers The Workshop: This workshop is aimed at IT professionals who are responsible for security and who would like to learn more about the security testing process and how to identify and fix common issues before getting a specialist testing company in. It will cover how to run a basic 'Pentest' or as it would better be termed an 'External Network Infrastructure Security Review'. It will be suitable for an audience of 8 people and will last two hours. Note that the audience should be reasonably technical but should NOT be professional pentesters. The workshop will open with a brief review of a typical Pentest report produced for the imaginary 'Univeral Widget Company'. This will illustrate the flaws typically identified in this type of review, and indicate the amount of time the tester has spent documenting things which could easily be fixed in advance by a non-specialist - thus either cutting down the time needed for the test, or giving the tester time to focus on more serious issues. We will then go over the tools that are available either for free or for nominal amounts of money, and illustrate how they can be used (nmap, OpenVAS, nikto, etc). There will then be the opportunity for the audience to try some of the tools for themselves using the new Linux pentesting distribution 'Kali'. This will be supplied on a USB stick on the day and can be kept by the attendees. Finally we will see the new test report prepared for Universal Widgets. With all the rubbish removed, we will see that the report is shorter and has far fewer low and medium priority findings. Takeaways from the workshop would be a USB key containing a) Kali with test tools installed b) Slides from the workshop including the 'before' and 'after' reports c) Documentation on common flaws and how to fix them Requirements to attend: Laptop capable of booting off USB with either a physical Ethernet port, or a USB to Ethernet adaptor is mandatory
11am - 12pm - Custom Dradis Framework plugins Meet the expert(s): Daniel Martin (creator of the Dradis Framework) Daniel has been in the industry for the last ten years. He created Dradis in Dec'07 and has been working on it every day since. He has presented in DC4420 and DEFCON and has been a webapp security trainer in BlackHat. Last year he authored CPNI's Development and implementation of secure web applications Technical Note. He's found bugs in software like Microsoft Sharepoint and Oracle BPEL. He's also a Principal with the NCC Group. The Workshop: Learn how to create custom Dradis Framework plugins to connect Dradis to your other tools or parse the output of any tool. Dradis is an open-source framework to enable you to work efficiently by gathering information from different tools and presenting it in a variety of formats. We currently support Burp Scanner, Nessus, NeXpose, Nikto, Nmap, OpenVAS, OSVDB, Retina, SureCheck, VulnDB HQ, w3af, wXf and Zed Attack Proxy but with what you'll learn in this workshop you'll be able to connect Dradis to any other tool and present the information in any way you need. Dradis is written in Rails so this is a great chance to learn a bit about Rails and how Rails apps work under the covers. Existing ideas of plugins to implement during the workshop include: CSV export PDF export Security Focus / Secunia / RiskDB import Depending on time constraints and attendee preferences additional plugins will be developed. Fire any ideas over to us at @dradisfw on Twitter so we can decide what you guys want to work on. Requirements to attend: Laptop running BackTrack VM
12:30pm - 1:30pm - Show me the honey! Meet the expert(s): Leon van der Eijk My name is Leon I work for a Dutch CERT team and deploy honeypots to learn from attacks/attackers. I am 43 years old and my first computer was a Sinclair zx81. I am member of the honeynet project. And I also take care for the Facebook chapter publishing stuff that might be of interest for the other chapter. Oh, yeah, although i am Dutch there isn't a Dutch chapter. So I am part of the South African chapter. thanks to Professor Barry Irwin. The Workshop: In this workshop attendees will go through a step-by-step "how to" install and configure a basic kippo ssh honeypot, how to configure it and show the results with the kippo graph project. Requirements to attend: A laptop with linux installed (Preferred ubuntu like) Basic linux (command) skills and overall Basic (tcp/ip) networking knowledge
2:00pm - 3:30pm - Visualising AppSensor behaviour via O2 Platform WebAutomation Scripts Meet the expert(s): (OWASP) Dinis Cruz and Colin Watson Dinis Cruz is a Security Consultant based in London and specialising in: ASP.NET/ J2EE application security, application security audits and .NET security curriculum development. Colin Watson is an application security specialist based in London who has a particular interest in defensive techniques. Both Colin and Dinis are long-standing OWASP volunteers and project leaders. The Workshop: OWASP AppSensor describes a concept and methodology for real-time attack detection and automated response in software applications. The OWASP O2 Platform has been used to demonstrate behavioural patterns in real code. Requirements to attend: This workshop will comprise of a presentation and live code demonstrations. No equipment is required by participants. Some knowledge of web application vulnerabilities would be beneficial.
2:00pm - 4:00pm - Fun and Games with OSINT Meet the expert(s): Glenn Wilkinson & Daniel Cuthbert Glenn Wilkinson is SensePost's resident Zimbabwean, functioning mostly as a lead security analyst. He is active in the SensePost research labs, having had his work presented at BlackHat Vegas, UnCon, and ITWeb ZA. As a Rhodes scholar he holds two Masters degrees from the University of Oxford. Daniel Cuthbert is COO for SensePost and has been involved in the offensive area since the mid 90's. He used to be tech (as everyone keeps on reminding him) and is the original author of the OWASP Testing guide. The Workshop: The Internet: A source of rich and juicy OSINT, if you know how to spot the wood through the trees. In this workshop, Glenn and Daniel will show you methods to stalk your victim, understand as much as you can about them and then use tools like Maltego and Snoopy to perform intelligent Social Engineering attacks against them. Requirements to attend: Bring a laptop, ideally having Paterva's Maltego installed would be a plus and Snoopy installed and familiar with how it works.
4:00pm - 5:00pm - Peeling the Layers of your Network with Security Onion Meet the expert(s): Mark Hillick Specialties:I have extensive experience in troubleshooting, system administration, ssl, http, smpt, tcp/ip, troubleshooting, network & system analysis, dns, incident handling, security policy/risk assessment, load-balancing, application delivery, network acceleration, MongoDB and oh yeah, troubleshooting. The Workshop: In this workshop, I'm going to demonstrate how easy the Security Onion distro makes Network Security Monitoring (NSM). As many folk in the security industry know, traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, may not provide all the capabilities that you need to defend your network and frequently end up as a doorstop in your datacentre. In the early noughties, the craze was to install IDS hardware because the Big-4 auditor had said so whilst then in the late noughties, research analysts were saying there was no need for dedicated IDS solutions because devices were collapsing and everything was going to be on your firewall, oh yeah that silver bullet :) NSM is different because it provides with visibility like never before, it combines traditional IDS alerts with additional data to give you a more complete picture of what's really happening on your network. This workshop will demonstrate a NSM solution, called Security Onion, running on commodity hardware, can be used to detect real attacks and help give you a view like never before. Requirements to attend: Laptop with virtualisation software for the Sec Onion VM. For further information/instructions visit HERE
4:30pm - 5:00pm - Intro to the Wifi Pineapple Meet the expert(s): Robin Wood Between us we created the Wifi Pineapple and made it what it is today. The Workshop: A beginner and intermediate guide to using the Wifi Pineapple from Hak5. Also some history, future plans and maybe an unveiling of the next itteration. Requirements to attend: A Wifi Pineapple(if you have one already) A laptop