Sunday, Nov 23rd

You are here: Home HH 2012 Security360 Workshop Series

Security360 Workshop Series

An intensive and technical training that focuses on attacking and defending highly secured environments. Here you will have the opportunity to learn and apply methods of attacking new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers.

This workshop provides penetration testers the training needed to perform advanced pen testing against known or unknown applications, services, and network systems which are patched and hardened with both Network and Host-based Intrusion Detection/Preventions Systems (IDS/IPS) in place. The learning curve for this program is extremely steep, but the rewards are astronomical where students are presented with the opportunity to learn what it REALLY takes to hack into some of the most secure networks and applications in the world.

Views shared will include what it takes to hack and defend some of the most secured networks and applications around today under the guidance and support of a world renowned advanced pen testing expert.

Who should attend:

Information Security Professionals, Penetration Testers, IT Managers, IT Auditors, Government & Intelligence Agencies interested in real world attack and defense in today’s complex IT environments.


How protect your web applications from attacks by those who wish to do you harm by mastering the components of weapons and the way hackers think currently.

Learn how to prop up authentication and authorization, plug holes in popular browsers, prop-up defenses against injection attacks, and fortify Web 2.0 features. See how adding security into the Web (Software) Development Lifecycle (SDLC) and into the overall enterprise information security program is key but is often overlooked.

This workshop will cover: hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster. Even see new exploits platforms of Java System Web Server and Oracle’s WebLogic. See and comprehend how attackers defeat commonly used Web authentication technologies. See and observe how real-world session attacks leak sensitive data and how to harden your applications.

Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments safety deploy XML, social networking, cloud computing, and Web 2.0 services.

Defend against RIA, Ajax, UGC, and browser-based, client-side exploits. Understand and implement scalable threat modeling, the forgotten code review and how to implement and provide a methodology for application scanning, fuzzing, and security testing procedures.

Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques and what stops them cold!

Who should attend:

Web Programmers, Web Developers and those who are responsible for designing and building secure Windows/Web based applications with .NET/Java frameworks.


Mobile hacking and forensics is fast becoming a lucrative and constantly evolving field. This is no surprise as the mobile phone industry has been witnessing some unimaginable growth, some experts say it may even replace computers for those only wishing to send and receive emails.

As this area of digital forensics grow in scope and size due to the prevalence and proliferation of mobile devices. As the use of these devices grows, more evidence and information important to investigations will be found on them. To ignore examining these devices would be negligent and will result in incomplete investigations. This growth has now presented new and growing career opportunities for interested practitioners in corporate, enforcement, and military settings.

Mobile hacking and forensics are certainly here to stay as every mobile device is different and different results will occur based on that device requiring unique expertise. This course was put together to focus on what today’s mobile security practitioner requires. Some of the advanced areas this course will be covering are the intricacies of manual acquisition (physical vs. logical) & advanced analysis using reverse engineering , understanding how popular Mobile OS are hardened to defend against common attacks and exploits.

Who should attend:

Risk Assessment Professionals, Digital Forensics Investigators, Information Security Professionals, Mobile Developers, Penetration Testers - CEH Professionals, Law Enforcement Officers and Government Agencies, Attorneys, Paralegals and First Responders, Accountants and Financial Personnel and anyone who deals with implementation, testing, security hardening of mobile devices.


The idea of Cyberwar has officially made its way into to the main stream media. Thoughts, ideas and opinions on the topic are everywhere. With this elevated attention has come with a certain level of confusion. Facts and technical details around incidents are either not known, reported inaccurately or simply don’t exist. At the same time, a large number of breaches will never see the light of the public eye. In addition to this, the elevated attention has propelled a whole new set of players into the game.

Through those lenses, it would prove to be very difficult to gain a solid understanding of Cyberwar. For this reason, we will take a different approach. Instead, we will look to a military treatise written between 771 and 476 BC, Sun Tzu’s The Art of War. We will look at lessons from the manuscript and how they apply to Cyberwar.

Workshop overview and introduction:
This is a comprehensive technical workshop providing in-depth understanding of networks from an offensive and defensive point of view. We will look at common but effective network based attacks and then into complicated targeted attacks. From a defensive perspective we will review traditional perimeter based approaches and look at how these are combined with advanced techniques to give you a unique and effective defensive posture. This will be done as an extension of the ideas described in Sun Tzu’s The Art of War and will contain a number of hands on lab exercises.

Who should attend:

Penetration Testers, Auditors, Digital Forensics Specialists, Information Security Professionals, Security Software Vendors, Security Architects/Analysts/Engineers.


In this workshop participants will learn how to prepare for and manage diverse rules and regulations associated with Governance Risk and Compliance — from an industry-specific perspective as well as international trends.

In today’s business world, more and more organizations are recognizing the increased costs, wastes and higher risks due to a hodgepodge of technologies and processes working in silos. This workshop will present the common trends for managing risk and complying with industry regulations and international laws.

Who should attend:
Information managers and senior level executives who want a fundamental understanding of GRC and how it may or may not affect their business and their bottom line.

Position level:
Executives and anyone who is considered the point-person for security policy management, as well as anyone responsible for authoring a security policy for their business.

Industry:
Government agencies, health care and businesses that rely heavily on web-based revenues.

Prerequisite:
People who understand (or need to create) operational and infrastructure policies. Part of this workshop will include an in-class policy review with participants, with an additional (pre-pay) option of policy consulting on a business-by-business basis (schedule one-hour follow-ups for additional reviews, if that's possible). A key to the success of this workshop will be for participants to bring their security policies and implement a self-assessment as part of the workshop.


Note: All times and topics are tentative and subject to change.