Forwarded from: B.K. DeLong <bkdelongat_private> For Immediate Release Contacts B.K. DeLong pressat_private +1.617.877.3271 BLACK HAT WINDOWS SECURITY BRIEFINGS & TRAINING 2002 IN NEW ORLEANS ADDRESS WINDOWS 2K, XP FLAWS & SOLUTIONS Special focus on SQL vulnerabilities http://www.blackhat.com/ -- 21 December 2001 -- Black Hat Inc. announced today over 18 different speakers for this spring's Black Hat Windows Security Briefings and Training 2002, the annual conference and workshop designed to help computer professionals better understand the security risks to their Microsoft Windows systems and information infrastructures by potential threats. Speaker presentations will cover Protocol Attacks, Voice-over-IP, Oracle vulnerabilities, Windows Group Policy, and NTLMv2 Authentication as well as General Windows Exploits, Data Recovery, Incident Investigation & Response, and Better Protection Practices. There is also a special focus on Microsoft SQL vulnerabilities and how to both exploit and fix them. Black Hat Windows will be held at the Radisson Hotel in the heart of New Orleans, 5 through 6 February, 2002. Top-notch speakers will deliver to the conference's core audience of IT & network security experts, consultants and administrators the newest developments on the security problems and vital issues facing organizations using Windows-centric networks. "Our goal was to find speakers who could identify and explain security vulnerabilities in some of the newer Microsoft products," says Jeff Moss, founder of Black Hat Inc. "We've chosen some of the top speakers in the world of Windows security who's talks should offer great insight into even the most-recent vulnerabilities in Windows XP, Oracle and other Windows-based software." The lineup of Black Hat Windows Security Briefings presenters for 2001 include: -- FX, leader of the German Phenoelit group and a Security Solution Consultant at n.runs GmbH. He will be covering "Routing and Tunneling Protocol Attacks". -- Chip Andrews, Software Security Architect for the Clarus Corporation. Andrews has been a software developer and an independent computer security consultant for more than 16 years and specializes in applying the skills obtained through security consulting to every aspect of product development. Chip maintains the www.sqlsecurity.com web site that focuses on SQL Server security issues and will be presenting "MS SQL Server Security Mysteries Explained". -- Ofir Arkin, Managing Security Architect for @stake. With extensive knowledge in the information security field, Ofir Arkin has worked as a consultant for several European finance institutes where he played the rule of Senior Security Analyst, and Chief Security Architect in major projects. Prior to joining @stake Ofir acted as chief security architect for a 4th generation telecom company, were he designed the overall security scheme for the company. Arkin will be speaking about "VoIP: The Next Generation of Phreaking". -- Jay Beale, founder of JJB Security Consulting and Training, and Lead Developer of the Bastille Linux Project which creates a hardening program for Linux and HP-UX. Beale will cover "Attacking and Defending DNS". -- Erik Pace Birkholz, a Principal Consultant for Foundstone. Erik's prime area of concentration is assessing Internet and Intranet security architectures and their components. Erik has performed nearly a hundred of attack & penetration tests since he began his career in 1995. Erik also instructs Foundstone's "Ultimate Hacking: Hands On" and "Ultimate NT/2000 Security: Hands On" courses. Birkholz will be detailing "How to Fix A Broken Window". -- Harlan Carvey, Information Security Consultant. Conducting vulnerability assessments and penetration tests of NT led to a growth in his use of Perl, in order to prototype both offensive and defensive security tools. Performing incident response and forensics investigations at a large telecomm presented him with many interesting challenges and learning experiences. Harlan has had articles published on SecurityFocus.com, as well as in the Information Security Bulletin. He holds a BSEE from the Virginia Military Institute, and an MSEE from the Naval Postgraduate School. Carvey will be looking into "NT/2K Incident Response and Mining for Hidden Data: Post Mortem of a Windows Box". -- Halvar Flake, Reverse Engineer, Black Hat Consulting. Originating in the fields of copy protection and digital rights management, Flake gravitated more and more towards network security. Over time he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their primary reverse engineer. Flake will be exposing "Third Generation Exploits on NT/Win2k Platforms". -- Raymond Forbes (aka Rooster) has been involved with security for over 15 years. An expert in network security and infrastructure design, Raymond has dealt with security both on a product level, and on an IT level. Currently, he is doing security evaluations and design for a large content provider. Forbes will be covering "Active Directory & Group Policy in Windows 2000". -- JD Glaser and Saumil Shah, Security Consultants for Foundstone. Glaser specializes in Windows NT system software development and COM/DCOM application development. His most recent achievement was the successful formation of NT OBJECTives, Inc., a software company exclusively centered on building NT security tools. Saumil has had over 6 years of experience with system administration, network architecture, integrating heterogeneous platforms and information security, and has performed numerous ethical hacking exercises for many significant companies in the IT arena. Both will be speaking about "One-Way SQL Hacking: Futility of Firewalls in Web Hacking". -- Jim Harrison, Microsoft tester with the Subscription Products Group. As a known authority of ISA Server's vast enterprise configuration options, Jim consults for various Microsoft groups on proper deployment and installation of the product. Currently, Jim is engaged in different test projects designing integrated solutions for Microsoft's intra- and extranets. He will be reviewing the art of "Deploying and Securing Microsoft Internet Security and Acceleration Server". -- David Litchfield, Managing Director & Co-Founder, Next Generation Security Software. Known as the UK's NT Guru by ZDNet, David is a world-renowned security expert specializing in Windows NT and Internet security. His discovery and remediation of over 100 major vulnerabilities in products such as Microsoft's Internet Information Server and Oracle's Application Server have lead to the tightening of sites around the world. Litchfield will be looking into "Oracle Vulnerabilities" including the two security issues in the Oracle Apache Module he announced yesterday. -- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com. AnchorIS.com is a developer of secure enterprise-based accounting solutions. Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles. He will be giving a presentation about "Web Vulnerability and SQL Injection Countermeasures: Securing Your Servers From the Most Insidious of Attacks". -- Laura Robinson, Independent Consultant and Trainer. Robison is a Microsoft Certified Trainer and Systems Engineer on both NT and Windows 2000; a Certified Lotus Professional Systems Administrator, Application Developer and Instructor; and an instructor for Real World Security's @ctive Defense education series. She will be speaking on "The Devil Inside: Planning Security in Active Directory Design". -- Eric Schultz, Senior Technologist, Microsoft Security Strategies Group. Schultz has memorized every security hotfix ever released by Microsoft in a security bulletin. In his spare time, he maintains the Microsoft hotfix XML database and designs new features for HFNetChk. Eric is a former Founder of Foundstone, co-creator of the Extreme/Ultimate Hacking training classes, and technical editor for the Hacking Exposed: Windows 2000 book. Schultz will tell attendees "How to keep up with all those frickin security patches". -- Roelof Temmingh, Technical Director and Founding Member, SensePost. After obtaining his degree in electronic engineering in 1995, he started his career working as a programmer at a cutting edge development company specializing in data encryption devices. Establishing SensePost along with some of South Africa's leading IT security minds Roelof is currently involved in the coding of proof of concept code, and the practical realization of complex security concepts. Temmingh will cover "Bi-directional Communications in a Heavily Protected Environment". -- Jonathan Wilkins, Security Tool Developer. Wilkins has been active in the security community since the early 1990's. He worked for Secure Networks Inc developing Ballista (now Network Associate's CyberCop Scanner) and at Zero Knowledge on the Freedom privacy suite. He has released several security tools including NTCrack and has been publishing security research since 1996. Wilkins will introduce attendees to "Taranis", a security research tool that "redirects traffic on switch hardware by sending spoofed ethernet traffic". -- Hidenobu Seki (aka Urity), Network Security Specialist, SecurityFriday.com. Seki has a deep interest in the authentication system of MS Windows and will show the details of "Cracking NTLMv2 Authentication". Black Hat Windows Training includes 7 different sessions and will occur prior to the Briefings portion of the conference 5 through 6 February, 2002. Workshops will primarily focus on the Windows 2000 platform and also touch upon Windows NT, general Windows Web applications and ICMP scanning. Courses include: -- Advanced Scanning with ICMP -- Auditing Binaries: Reverse Engineering Windows 2000 -- Complete Windows 2000 Security -- NT Network Intrusion -- Secure Development of Data-Driven Web Applications -- NSA InfoSec Assessment Methodology Course -- Foundstone's Ultimate Hacking: Black Hat Edition For more details, check the conference Web site at http://www.blackhat.com. Other special features of this year's Black Hat Windows Security conference include that the dates are just after the Super Bowl XXXVI being held at the nearby Louisiana Superdome two days before the show, and in the days following the conference, attendees can experience New Orleans' Mardi Gras -- where the main parade goes right past the hotel (special negotiations occurred to allow attendees to book their hotel rooms as early as Feb. 1st all the way through Mardi Gras on Feb. 12th). Attendees will also have access to a wireless network during the show. To register for BlackHat Windows Security Briefings and Training, visit the Web site at http://www.blackhat.com. Direct any conference-related questions to infoat_private For press registration information, visit http://www.blackhat.com/html/bh-link/pressreg.html. Contact B.K. DeLong at +1.617.877.3271 or via email at pressat_private About Black Hat Inc. Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need for computer security professionals to better understand the security risks and potential threats to their information infrastructures and computer systems. Black Hat accomplishes this by assembling a group of vendor-neutral security professionals and having them speak candidly about the problems businesses face and their solutions to those problems. Black Hat Inc. produces 5 briefing & training events a year on 3 different continents. Speakers and attendees travel from all over the world to meet and share in the latest advances in computer security. For more information, visit their Web site at http://www.blackhat.com ### -- B.K. DeLong Press Coordinator Black Hat Briefings +1.617.877.3271 bkdelongat_private http://www.blackhat.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 24 2001 - 06:11:14 PST