[ISN] Black Hat Windows Security 2002 Speakers Announced

From: InfoSec News (isnat_private)
Date: Mon Dec 24 2001 - 00:05:04 PST

  • Next message: InfoSec News: "[ISN] 2pg article - Who Needs Hackers? We've Got Microsoft!"

    Forwarded from: B.K. DeLong <bkdelongat_private>
    For Immediate Release
    B.K. DeLong
    Special focus on SQL vulnerabilities
    http://www.blackhat.com/ -- 21 December 2001 -- Black Hat Inc. announced 
    today over 18 different speakers for this spring's Black Hat Windows 
    Security Briefings and Training 2002, the annual conference and workshop 
    designed to help computer professionals better understand the security 
    risks to their Microsoft Windows systems and information infrastructures by 
    potential threats. Speaker presentations will cover Protocol Attacks, 
    Voice-over-IP, Oracle vulnerabilities, Windows Group Policy, and NTLMv2 
    Authentication as well as General Windows Exploits, Data Recovery, Incident 
    Investigation & Response, and Better Protection Practices. There is also a 
    special focus on Microsoft SQL vulnerabilities and how to both exploit and 
    fix them. Black Hat Windows will be held at the Radisson Hotel in the heart 
    of New Orleans, 5 through 6 February, 2002.
    Top-notch speakers will deliver to the conference's core audience of
    IT & network security experts, consultants and administrators the
    newest developments on the security problems and vital issues facing
    organizations using Windows-centric networks.
    "Our goal was to find speakers who could identify and explain security
    vulnerabilities in some of the newer Microsoft products," says Jeff
    Moss, founder of Black Hat Inc. "We've chosen some of the top speakers
    in the world of Windows security who's talks should offer great
    insight into even the most-recent vulnerabilities in Windows XP,
    Oracle and other Windows-based software."
    The lineup of Black Hat Windows Security Briefings presenters for 2001 include:
              -- FX, leader of the German Phenoelit group and a Security 
    Solution Consultant at n.runs GmbH. He will be covering "Routing and 
    Tunneling Protocol Attacks".
             -- Chip Andrews, Software Security Architect for the Clarus 
    Corporation. Andrews has been a software developer and an independent 
    computer security consultant for more than 16 years and specializes in 
    applying the skills obtained through security consulting to every aspect of 
    product development. Chip maintains the www.sqlsecurity.com web site that 
    focuses on SQL Server security issues and will be presenting "MS SQL Server 
    Security Mysteries Explained".
             -- Ofir Arkin, Managing Security Architect for @stake. With 
    extensive knowledge in the information security field, Ofir Arkin has 
    worked as a consultant for several European finance institutes where he 
    played the rule of Senior Security Analyst, and Chief Security Architect in 
    major projects. Prior to joining @stake Ofir acted as chief security 
    architect for a 4th generation telecom company, were he designed the 
    overall security scheme for the company. Arkin will be speaking about 
    "VoIP: The Next Generation of Phreaking".
             -- Jay Beale, founder of JJB Security Consulting and Training, and 
    Lead Developer of the Bastille Linux Project which creates a hardening 
    program for Linux and HP-UX. Beale will cover "Attacking and Defending DNS".
             -- Erik Pace Birkholz, a Principal Consultant for Foundstone. 
    Erik's prime area of concentration is assessing Internet and Intranet 
    security architectures and their components. Erik has performed nearly a 
    hundred of attack & penetration tests since he began his career in 1995. 
    Erik also instructs Foundstone's "Ultimate Hacking: Hands On" and "Ultimate 
    NT/2000 Security: Hands On" courses. Birkholz will be detailing "How to Fix 
    A Broken Window".
             -- Harlan Carvey, Information Security Consultant.  Conducting 
    vulnerability assessments and penetration tests of NT led to a growth in 
    his use of Perl, in order to prototype both offensive and defensive 
    security tools. Performing incident response and forensics investigations 
    at a large telecomm presented him with many interesting challenges and 
    learning experiences. Harlan has had articles published on 
    SecurityFocus.com, as well as in the Information Security Bulletin. He 
    holds a BSEE from the Virginia Military Institute, and an MSEE from the 
    Naval Postgraduate School. Carvey will be looking into "NT/2K Incident 
    Response and Mining for Hidden Data: Post Mortem of a Windows Box".
             -- Halvar Flake, Reverse Engineer, Black Hat Consulting. 
    Originating in the fields of copy protection and digital rights management, 
    Flake gravitated more and more towards network security. Over time he 
    realized that constructive copy protection is more or less fighting 
    windmills. After writing his first few exploits he was hooked and realized 
    that reverse engineering experience is a very handy asset when dealing with 
    COTS software. With extensive experience in reverse engineering, network 
    security, penetration testing and exploit development he recently joined 
    BlackHat as their primary reverse engineer. Flake will be exposing "Third 
    Generation Exploits on NT/Win2k Platforms".
             -- Raymond Forbes (aka Rooster) has been involved with security 
    for over 15 years. An expert in network security and infrastructure design, 
    Raymond has dealt with security both on a product level, and on an IT 
    level. Currently, he is doing security evaluations and design for a large 
    content provider. Forbes will be covering "Active Directory & Group Policy 
    in Windows 2000".
             -- JD Glaser and Saumil Shah, Security Consultants for Foundstone. 
    Glaser specializes in Windows NT system software development and COM/DCOM 
    application development. His most recent achievement was the successful 
    formation of NT OBJECTives, Inc., a software company exclusively centered 
    on building NT security tools. Saumil has had over 6 years of experience 
    with system administration, network architecture, integrating heterogeneous 
    platforms and information security, and has performed numerous ethical 
    hacking exercises for many significant companies in the IT arena. Both will 
    be speaking about "One-Way SQL Hacking: Futility of Firewalls in Web Hacking".
             -- Jim Harrison, Microsoft tester with the Subscription Products 
    Group. As a known authority of ISA Server's vast enterprise configuration 
    options, Jim consults for various Microsoft groups on proper deployment and 
    installation of the product. Currently, Jim is engaged in different test 
    projects designing integrated solutions for Microsoft's intra- and 
    extranets. He will be reviewing the art of "Deploying and Securing 
    Microsoft Internet Security and Acceleration Server".
             -- David Litchfield, Managing Director & Co-Founder, Next 
    Generation Security Software. Known as the UK's NT Guru by ZDNet, David is 
    a world-renowned security expert specializing in Windows NT and Internet 
    security. His discovery and remediation of over 100 major vulnerabilities 
    in products such as Microsoft's Internet Information Server and Oracle's 
    Application Server have lead to the tightening of sites around the world. 
    Litchfield will be looking into "Oracle Vulnerabilities" including the two 
    security issues in the Oracle Apache Module he announced yesterday.
             -- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com. 
    AnchorIS.com is a developer of secure enterprise-based accounting 
    solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus 
    section, and a regular contributor of InFocus technical articles. He will 
    be giving a presentation about "Web Vulnerability and SQL Injection 
    Countermeasures: Securing Your Servers From the Most Insidious of Attacks".
             -- Laura Robinson, Independent Consultant and Trainer. Robison is 
    a Microsoft Certified Trainer and Systems Engineer on both NT and Windows 
    2000; a Certified Lotus Professional Systems Administrator, Application 
    Developer and Instructor; and an instructor for Real World Security's 
    @ctive Defense education series. She will be speaking on "The Devil Inside: 
    Planning Security in Active Directory Design".
             -- Eric Schultz, Senior Technologist, Microsoft Security 
    Strategies Group. Schultz has memorized every security hotfix ever released 
    by Microsoft in a security bulletin. In his spare time, he maintains the 
    Microsoft hotfix XML database and designs new features for HFNetChk. Eric 
    is a former Founder of Foundstone, co-creator of the Extreme/Ultimate 
    Hacking training classes, and technical editor for the Hacking Exposed: 
    Windows 2000 book. Schultz will tell attendees "How to keep up with all 
    those frickin security patches".
             -- Roelof Temmingh, Technical Director and Founding Member, 
    SensePost. After obtaining his degree in electronic engineering in 1995, he 
    started his career working as a programmer at a cutting edge development 
    company specializing in data encryption devices. Establishing SensePost 
    along with some of South Africa's leading IT security minds Roelof is 
    currently involved in the coding of proof of concept code, and the 
    practical realization of complex security concepts. Temmingh will cover 
    "Bi-directional Communications in a Heavily Protected Environment".
             -- Jonathan Wilkins, Security Tool Developer. Wilkins has been 
    active in the security community since the early 1990's. He worked for 
    Secure Networks Inc developing Ballista (now Network Associate's CyberCop 
    Scanner) and at Zero Knowledge on the Freedom privacy suite. He has 
    released several security tools including NTCrack and has been publishing 
    security research since 1996. Wilkins will introduce attendees to 
    "Taranis", a security research tool that "redirects traffic on switch 
    hardware by sending spoofed ethernet traffic".
             -- Hidenobu Seki (aka Urity), Network Security Specialist, 
    SecurityFriday.com. Seki has a deep interest in the authentication system 
    of MS Windows and will show the details of "Cracking NTLMv2 Authentication".
    Black Hat Windows Training includes 7 different sessions and will occur 
    prior to the Briefings portion of the conference 5 through 6 February, 
    2002. Workshops will primarily focus on the Windows 2000 platform and also 
    touch upon Windows NT, general Windows Web applications and ICMP scanning.
    Courses include:
    -- Advanced Scanning with ICMP
    -- Auditing Binaries: Reverse Engineering Windows 2000
    -- Complete Windows 2000 Security
    -- NT Network Intrusion
    -- Secure Development of Data-Driven Web Applications
    -- NSA InfoSec Assessment Methodology Course
    -- Foundstone's Ultimate Hacking: Black Hat Edition
    For more details, check the conference Web site at http://www.blackhat.com.
    Other special features of this year's Black Hat Windows Security conference 
    include that the dates are just after the Super Bowl XXXVI being held at 
    the nearby Louisiana Superdome two days before the show, and in the days 
    following the conference, attendees can experience New Orleans' Mardi Gras 
    -- where the main parade goes right past the hotel (special negotiations 
    occurred to allow attendees to book their hotel rooms as early as Feb. 1st 
    all the way through Mardi Gras on Feb. 12th).
    Attendees will also have access to a wireless network during the show.
    To register for BlackHat Windows Security Briefings and Training, visit the 
    Web site at http://www.blackhat.com. Direct any conference-related 
    questions to infoat_private
    For press registration information, visit 
    http://www.blackhat.com/html/bh-link/pressreg.html. Contact B.K. DeLong at 
    +1.617.877.3271 or via email at pressat_private
    About Black Hat Inc.
    Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need 
    for computer security professionals to better understand the security risks 
    and potential threats to their information infrastructures and computer 
    systems. Black Hat accomplishes this by assembling a group of 
    vendor-neutral security professionals and having them speak candidly about 
    the problems businesses face and their solutions to those problems. Black 
    Hat Inc. produces 5 briefing & training events a year on 3 different 
    continents. Speakers and attendees travel from all over the world to meet 
    and share in the latest advances in computer security. For more 
    information, visit their Web site at
    B.K. DeLong
    Press Coordinator
    Black Hat Briefings
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Dec 24 2001 - 06:11:14 PST