TREINAMENTOS

 

Detection and operational cryptanalysis of weakly implemented or trapped encryption systems

Instrutor: Eric Filiol

Idioma: Ingles

Duração: 8 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 10

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 500,00

 

Treinamento Criptografia (Até dia 20/10/2011)
R$ 500,00

 

Metasploit Framework

Instrutor: Jonathan Brossard

Idioma: Português

Duração: 16 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 18

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 950,00

 

 

Secure Coding

Instrutor: Filipe Balestra e Rodrigo Branco

Idioma: Português

Duração: 16 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 18

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 950,00

 

 

Exploração de Vulnerabilidades de Corrupção de Memória

Instrutor: Ygor da Rocha Parreira

Idioma: Português

Duração: 16 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 11

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 950,00

 

Treinamento Exploiting (Até dia 20/10/2011)
R$ 950,00

 

Hacking IPv6 Networks

Instrutor: Fernando Gont

Idioma: Inglês

Duração: 16 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 18

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 950,00

 



 

Windows Malware Reverse Engineering

Instrutor: Pedro Drimel

Idioma: Portugues

Duração: 16 horas

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 18

Minimo de Estudantes para realizar o curso: 07

Investimento: R$ 550,00

 



 Detection and operational cryptanalysis of weakly implemented or trapped encryption systems
 Eric Filiol
 

TRAGAM LAPTOPS!

The session duration includes some theory, 1h of algorithmic presentation/implementation and the remaining is devoted to practice on 128-bit key real cases (the attendees have a large of cryptograms and they must detect the weak ones and decrypt them). Attendess will receive a free CDROM (slides, source codes, samples...).

Cryptographic algorithm are evaluated/certified (Common criteria) in a static environment. Most of the times only the cryptographic strength is checked against known cryptanalysis. As far as implementation is concerned, only limited analyses are performed mainly to check whether software flaws are present or key entropy reduction (at encryption system setup) occurs. But it is possible to modify the cryptosystem and its environment on-the-fly and in in such a way it is possible to break it operationnally. Moreover this modification is non permanent and can remain undetected. We are presenting in this talk the different techniques we have explored, implemented and tested. They all rely on sophisticated, undetectable malware. Includes demos and pratice (two)
 Eric Filiol is the head of the Operational Cryptology and Virology at ESIEA a French Engineer School in Computer Science, Electronics and Control Science. He has spent 21 years in the French Army mainly as a ICT security expert (cryptanalysis, computer virology,cyberwarfare). He is also senior officer reservist in the French DoD. He holds a Engineer diploma in Cryptology, a PhD in applied mathematics and computer science and a Habilitation Thesis in Computer Science. His main research interest are Symmetric Cryptosystems analysis (especially from a combinatorial point of view), Computer virology (theoretical and experimental study of new form of malware and anti-malware technologies), Computer warfare techniques. He is also the Scientific Director of the European Institute in Computer Antivirus Research (EICAR) in Germany and the Editor-in-chief of the Journal in Computer Virology. He likes playing Bass Guitar (Jazz), running (marathon and half marathon) and good wine/food.

More than 50 papers and international conferences including hacking conferences (Black Hat Europe [3 times], Black Hat Las Vegas, Brucon, Hack.lu, PacSec, SSTIC)
 Secure Coding
 Filipe Balestra and Rodrigo Rubira Branco
 

TRAGAM LAPTOPS!

Overview

O treinamento tem como objetivo mostrar para desenvolvedores, especialistas em segurança, auditores e profissionais de TI, os principais erros cometidos durante o processo de desenvolvimento e que levam a problemas de segurança, causando alto impacto na imagem de seus produto diante dos cliente, além de colocar em risco possíveis informações sensíveis.

O treinamento abordará as principais classes de problemas de segurança durante todo o ciclo de desenvolvimento, e visa mostrar os principais cuidados que devem ser tomados durante o desenvolvimento de um software seguro, desde o processo de design até os procedimentos de teste.

Para passar tais informações para os usuários, utilizaremos exemplos de códigos e suas correções, bem como demonstrações práticas dos problemas, e em alguns casos, formas de exploração. Também serão passados formas de se testar aplicações, que irá de técnicas de auditoria de código até técnicas de fuzzing.

Para atender aos itens do PCI-DSS, trataremos todos os itens do OWASP Top 10, bem como outras classes de vulnerabilidades não menos importantes, mas particulares em linguagens como C/C++, PHP e Java.

Itens do OWASP Top 10:

A1: Injection (SQL Injection, Blind SQL Injection, Command Injection, LDAP Injection)
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards

Outras categorias de falhas a serem apresentadas durante o treinamento:

- Buffer Overflow
- Stack Overflow
- Heap Overflow
- Format String Bugs
- PHP Remote File Inclusion
- PHP Local File Inclusion
- Integer Overflow
- Widthness overflows
- Arithmetic overflows
- Signedness bugs
 Rodrigo Rubira Branco is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is the maintainer of the StMichael/StJude projects (www.sf.net/projects/stjude), the developer of the SCMorphism (www.kernelhacking.com/rodrigo), and an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, HITB, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.

Filipe Alcarde Balestra is one of the organizers of H2HC and the head of Penetration Testing in a famous consulting company in Brazil.
 Windows Malware Reverse Engineering
 Pedro Drimel
 

TRAGAM LAPTOPS!

Overview

Objetivo do curso:
Ensinar aos alunos técnicas de análise estática em malware focado no sistema operacional Windows, mais comumente encontrado.

Metodologia:
Após cada parte teórica, os alunos farão exercícios práticos aplicando o conhecimento adquirido.
Para fazer os exercícios serão utilizadas ferramentas como o IDA Pro (Disassemblers) e OllyDBG (Debugger).

Resumo:
O curso está dividido em quatro partes:
Introdução à engenharia reversa, revisão da arquiterua x86 e instruções assembly, com vários exercícios e terminando com um desafio para que os alunos possam resolver um crackme;
Após a primeira parte, será apresentada uma introdução ao formato dos arquivos binários do Windows e algumas funções do sistema que são comumente utilizada por malwares;
A terceira parte será apresentada ao aluno técnicas comumente utilizada por malwares para dificultar a sua análise como anti-disassembly, anti-debugging e o uso de packers, em cada seção desta parte haverá exercícios práticos;
Na última parte, o aluno irá aprender as técnicas utilizadas por malwares que ocultam a presença do malware no sistema, essa seção também terá exercício prático;

Conhecimentos requeridos:
Conhecimento básico em programação.
Conhecimento intermediário em Windows e redes TCP/IP.

Material
: Será entregue apostila do curso.
É necessário que cada aluno tenha seu laptop e máquina virtual VM previamente configurada, após inscrição serão passados mais detalhes.

Programa do curso:
Introdução à Engenharia Reserva de Software;
Arquitetura x86;
Instruções Assembl
Desafio (resolução de um crackme);
Formato dos arquivos binários Windows;
Importantes APIs do Windows;
Anti-Disassembly;
Anti-Debugging;
Packers;
Análise de malwares ocultos (Hook Injection, DLL Injection, Direct Injection);


Importante:
O curso não aborda análise dinâmica de malwares (análise do tráfego de rede, alteração no registro do sistema, alteração no sistema de arquivos, etc).
 Pedro Drimel is a Security Researcher working with reverse engineering of malwares in the Qualys Vulnerability & Malware Research Labs (VMRL).

 Hacking IPv6 Networks
 Fernando Gont
 

TRAGAM LAPTOPS!

Overview

The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. The imminent exhaustion of the IPv4 address space has resulted in the deployment of IPv6 in a number of production environments, with many other organizations planning to deploy IPv6 in the short or near term. There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when the protocols are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS.s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security measures in unexpected ways.

The imminent global deployment of IPv6 has created a global need for security professionals with expertise in the field of IPv6 security, such that the aforementioned security issues can be mitigated. While there exist a number of courses and trainings about IPv6 security, they either limit themselves to a high-level overview of IPv6 security, and/or fail to cover a number of key IPv6 technologies (such as transition/co-existence mechanisms) that are vital in all real IPv6 deployment scenarios.

Learning Objectives

This course will provide the attendee with an in-depth training on IPv6 security, such that the attendee is able to evaluate and mitigate the security implications of IPv6 in production environments. The attendee will be given an in-depth explanation of each topic covered in this course, and will learn how each feature can be exploited for malicious purposes. Subsequently, the attendee will be presented with a number of alternatives to mitigate each of the identified vulnerabilities. This course will employ both existing and previously-unreleased tools to evaluate the security of IPv6 networks, and to provide live demos of many IPv6 vulnerabilities. Additionally, the attendee will be given the chance to experiment with these tools in a network laboratory (with the assistance of the trainer), such that the concepts and techniques learned during this course are reinforced with hands-on exercises.

Who Should Attend

Network Engineers, Network Administrators, Security Administrators, Penetration Testers, and Security Professionals in general. Participants Are Required To Participants are required to have a good understanding of the IPv4 protocol suite (IPv4, ICMP, etc.) and of related components (routers, firewalls, etc.). Additionally, the attendee is expected to knowledge about basic IPv4 troubleshooting tools, such as: ping, traceroute, and network protocol analyzers (e.g., tcpdump)

What to bring

Attendees willing to perform the hands-on exercises are expected to bring a laptop, and an empty memory stick (of at least 4 GB). The minimum requirements for the laptop are: Intel Core Duo, 1.66 GHz. 1GB of RAM. CD/DVD drive. Ethernet and WI-FI network interface cards.

Course Length

2 days

Topics covered by this course

. Introduction to IPv6
. IPv6 Addressing Architecture
. IPv6 Header Fields
. IPv6 Extension Headers
. IPv6 Options
. IPsec
. Internet Control Message Protocol version 6 (ICMPv6)
. Neighbor Discovery for IPv6
. Multicast Listener Discovery
. Stateless Address Auto-configuration (SLAAC)
. Dynamic Host Configuration Protocol version 6 (DHCPv6)
. DNS support for IPv6
. IPv6 firewalls
. Transition/co-existence technologies (6to4, Teredo, ISATAP, etc.)
. Network reconnaissance in IPv6
. Security Implications of IPv6 on IPv4-only networks
. IPv6 deployment considerations
 Fernando Gont is a recognized expert in the field of communications protocols security, working for private and governmental organizations both in Argentina Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite. Gont is currently working on the security assessment of communications protocols on behalf of the United Kingdom's Centre for the Protection of National Infrastructure. Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published a number of IETF RFCs (Request For Comments) and Internet-Drafts. He currently leads the first IETF effort to improve the security of the TCP and the IPv4 protocols and their implementations. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, BSDCan 2005, BSDCan 2009, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, IETF 64, IETF 67, IETF 73, IETF 76, LACNIC X, LACNIC XI, LACNIC XII, and LACNOG 2011. More information about Fernando Gont is available at his web site: http://www.gont.com.ar

  Exploração de Vulnerabilidades de Corrupção de Memória
 Ygor da Rocha Parreira
 

TRAGAM LAPTOPS!

* Introdução:

- Processo de compilação/montagem;
- Linkedição;
- Loader;
- Formato de binários;
-- .dtors;
-- GOT (Global Offset Table);
-- Variáveis de ambiente;
- Trocas de contexto;
-- Jumps;
-- Calls;
- Alocação de memória na stack;
-- Stack Frames;

* Shellcodes:

- Interface de chamadas de sistema (system call);
- Disassemblers;
- NOP Sleed;
- Bad Chars;
- Alinhamento de memória;
- Problemas com endereços absolutos e uso de endereços relativos;
- Findsock;

* Stack Overflow:

- Sobrescrita de dados na stack;
- Controle do fluxo de execução;
- Problemas com offsets;
- Exploração com variáveis de ambiente;
- Return-to-lib;
- Exploração remota;
- Integer Overflow;
- Estrutura de um exploit;

* Format String:

- Funções e strings de formatação;
- Lendo dados da memória (leak information);
- Escrevendo dados na memória;
- Controlando o fluxo de execução de código;
-- Sobrescrita de .dtors;
-- Problemas com sobrescrita de .dtors;
-- Sobrescrita da GOT;
- Proteções de compilador;

* Null Pointer Dereference;

- Memória virtual;
-- Virtual Address Space;
-- Address Space separados vs. Address Space dividido;
-- Paginação de memória;
-- Tradução de endereços de memória e segmentação;
- Modelos de memória e o modelo Flat;
- User-Space vs. Kernel Space:
-- Níveis de privilégios do processador;
-- Separação de Privilégios;
- Troca de contexto entre processos;
- Lendo informações sensíveis;
- Negando serviço;
- Executando código;

Obs:
Arquitetura: IA32 + Linux + ELF.
Nível: Básico à Intermediário.
 Ygor da Rocha Parreira é consultor da Security Labs e um dos criadores originais do H2HC!

 

 

  ORGANIZAÇÃO

 

 

 

 

 PATROCINADORES PLATINUM

 

 

 

 

 

 PATROCINADORES GOLD

 

 

 

 PATROCINADORES SILVER

 

 

 

 

 

 APOIO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 MIDIA