Software Wydawnictwo

Event description

IT Underground is one of the biggest hacking conferences in Middle – East Europe. Series of events dedicated to information security have been held in Warsaw and Prague. The Conference is focused on IT security and the main aim of it is to provide participants how to defend them self and how to improve their security.

Most lectures will be conducted in BYOL (Bring Your Own Laptop) mode, aimed at participants who have brought their own computers and therefore will actively participate in sessions. Attendees will be able to boot their machines using a CD containing Hakin9Live distro as well as documentation and then hack into test networks using the techniques described by the lecturers or try to defend themselves against such attacks performed by others.

Our Programme Committe

1. Saumil Shah
2. Raoul “Nobody” Chiesa
3. Alessio “mayhem” L.R. Pennasilico

Workshops

WORKSHOP 1
Raoul “Nobody” Chiesa, Alessio “mayhem” L.R. Pennasilico
Part1: TITLE: Auditing the hacker’s mind: profiling hackers
Part2: TITLE: Social Engineering applied to Professional Penetration Testing, Release 2.0

WORKSHOP 2:
Oliver Roeschke and Christopher Werny
TITLE: VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

More information in Speeches Details

CFP
The purpose of IT UNDERGROUND is to have an open environment where people can discuss and test new technologies both in attack and defense strategies and new trends and research.

Submission Deadline: 20th of September 2009

Submission guideline
If you are interested in the participation in the conference fill form and send to the address: magdalena.siwek@itunderground.org
Our aim is to let attendees gain their knowledge in practice. That’s why BYOL (Bring Your Own Laptop) workshops are mostly wanted.

We assure:
- hotel accommodation and transfer,
- full support for your presentation, both before and during the conference,
- providing the necessary technical facilities for the presentation,
- assistance in acquiring and publishing presentation materials, information about your lecture in the conference brochure,
- supervising and directing the overall progress of the conference.

Scope
Topics of interest include, but are not limited to :
Application attacks (Unix/Linux)
Hacking techniques
Web service security
Network scanning and analysis
Security of networks
Security of databases
Security of workstations
Malware, spyware and worms analysis
Security certificates
Windows application attacks
Exploitation techniques
Binary Code, source code analysis
Network anonymity and privacy
Cryptography
Windows/Unix/Linux hardening
Forensics and anti-forensics of Unix/Linux/Windows
Wireless network security (Wi-Fi, Bluetooth)
Unix/Linux/Windows rootkits, backdoors
Covert channels and network stenography
Reverse engineering
Social engineering
Legal aspects of computer security

Sponsoring
If you want to support the initiative and gain visibility by sponsoring, please contact us by writing an e-mail.

Costs
You can pay in Polish Zloty or in Euro. For paying in Polish Zloty, please use the PDF Form for Registration.

*Registration till 20th of October 2009: *
Conference and workshop registration: 490 Euros (including tax)
Only conference registration: 345 Euros (including tax)
Only workshop registration: 265 Euros (including tax)

*Registration after 20th of October 2009: *
Conference and workshop registration: 570 Euros (including tax)
Only conference registration: 405 Euros (including tax)
Only workshop registration: 330 Euros (including tax)

*-10 % discount if you are: *- a former participant
- a hakin9 or linux+ subscriber
- a Student
- a group of two or more
Discounts do not sum up

We guarantee
- Certificate of attendance
- All lunch and coffee breaks
- Free access to internet

Don’t forget to bring your own laptop! It will allow you a full participation in workshop & lectures!

Cancellation Policy

Registration inquiries
Please direct all registration related questions to: magdalena.siwek@itunderground.org

We guaranty the total of refund for those who send their cancellation notice in writing to magdalena.siwek@itunderground.org no later then 14 days in advance. 13 days before the day of the conference the Cancellation will not be honoured. Those who do not cancel in time shall be charged even upon no attendance.

Contact

If any questions, please feel free to contact:

Magdalena Siwek
magdalena.siwek@itunderground.org
ph: +48 022 427 37 08
fax: +48 022 244 24 59

Speeches

1. Inauguration
   sala: A & B

   November 17, 2009 09:00 - November 17, 2009 09:15
2. Workshop 1 (a): Auditing the hacker's mind: profiling hackers

   ABSTRACT: This exciting, brand-new workshop will detail the results from HPP (Hackers Profiling Project) by ISECOM and the United Nations (UNICRI).

   Partecipants will be able to:
   - understanding the basic and details of Criminal Profiling;
   - understanding the Jargon, the HPP project and a general overview on Criminal Profiling;
   - running a deep analysis of the 9 Hacker’s Categories;
   - runnin a full analysis of the HPP questionnaires (psychological, criminological and hacking point of views);
   - obtain an overview of HPP questionnaire’s answers;

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   November 16, 2009 09:00 - November 16, 2009 10:45
3. Workshop 2 (a): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   Bio of speakers: Oliver and Christopher are seasoned pentesters with vast experience in corporate environments. Over the years they’ve developed their own approach and toolbox to attack all kinds of VoIP-Technologies. Both are frequent speakers at international security conferences and will happily share their knowledge with the audience.

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   November 16, 2009 09:00 - November 16, 2009 10:45
4. Workshop 1 (b): Auditing the hacker's mind: profiling hackers

   ABSTRACT: This exciting, brand-new workshop will detail the results from HPP (Hackers Profiling Project) by ISECOM and the United Nations (UNICRI).

   Partecipants will be able to:
   - understanding the basic and details of Criminal Profiling;
   - understanding the Jargon, the HPP project and a general overview on Criminal Profiling;
   - running a deep analysis of the 9 Hacker’s Categories;
   - runnin a full analysis of the HPP questionnaires (psychological, criminological and hacking point of views);
   - obtain an overview of HPP questionnaire’s answers;

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   November 16, 2009 11:10 - November 16, 2009 13:00
5. Workshop 2 (b): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   Bio of speakers: Oliver and Christopher are seasoned pentesters with vast experience in corporate environments. Over the years they’ve developed their own approach and toolbox to attack all kinds of VoIP-Technologies. Both are frequent speakers at international security conferences and will happily share their knowledge with the audience.

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   November 16, 2009 11:10 - November 16, 2009 13:00
6. Workshop 1 (c): Social Engineering applied to Professional Penetration Testing, II Edition

   ABSTRACT: This famous workshop has been updated, with new and exciting SE techniques, policies, etc.
   Speakers Raoul “Nobody” Chiesa (aka “the italian Kevin Mitnick”) and Alessio “mayhem” L.R. Pennasilico will bring the audience into this exciting world. SE gadgets will be shown to the audience as well (spypens, digital video recorders, voice changers, etc..).

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   November 16, 2009 14:00 - November 16, 2009 16:00
7. Workshop 2 (c): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   November 16, 2009 14:00 - November 16, 2009 16:00
8. Workshop 1 (d): Social Engineering applied to Professional Penetration Testing, II Edition

   ABSTRACT: This famous workshop has been updated, with new and exciting SE techniques, policies, etc.
   Speakers Raoul “Nobody” Chiesa (aka “the italian Kevin Mitnick”) and Alessio “mayhem” L.R. Pennasilico will bring the audience into this exciting world. SE gadgets will be shown to the audience as well (spypens, digital video recorders, voice changers, etc..).

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   November 16, 2009 16:15 - November 16, 2009 18:00
9. Workshop 2 (d): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   November 16, 2009 16:15 - November 16, 2009 18:00
10. PCI-DSS from an hacker’s perspective

    PCI-DSS from an hacker’s perspective: the (official) standard, the (untold) facts
    a.k.a. There are many ways to steal credit cards!

    Abstract:
    Introduction to the standard
    - PCI-DSS FAQs
    - Attacks to credit cards
    - The PCI-DSS defense model
    - Famous incidents
    - Subverting PCI-DSS: unconventional attack vectors
    - Conclusions

    sala: A & B

    • Raoul "Nobody" Chiesa

    November 17, 2009 09:15 - November 17, 2009 10:15
11. Beware hacker = protect data

    Organizations are relying more on web-based applications as a cost-effective way to communicate with customers and partners. However, these applications carry risks, and the volume of risks is increasing with the growing adoption of web-based applications. Application security is the process of identifying and correcting these vulnerabilities to protect applications from the risk of an internal or external attack in order to safely support business transactions. This process includes secure development practices, automated scanning and manual penetration testing to help ensure that personal or sensitive data cannot be accessed, modified, or stolen by malicious hackers. To help niche security experts who perform application audits, empowering development to integrate security testing alongside performance and functional testing is the logical next step to efficient and secure web application development.
    This lecture focuses on using IBM Rational Appscan family of tools on proactive preventing application against hacker attacks.

    sala: A & B

    • Zbigniew Zarzycki (IBM)

    November 17, 2009 10:45 - November 17, 2009 11:30
12. Bakeca.it DDoS: How evil forces have been defeated.

    Abstract:
    DDoS attacks are becoming even more frequent. Companies, governments, anyone can be hit by those disruptive actions: the real problem is that so often is very difficult to mitigate the attack.
    Countermeasures are not always applicable, often very expensive. This case history shows up how a small company (less than 100 employees) can be the target of a very sophisticated attack. The incredible side of the story is how this small company, without any help from the ISP, was able to eact and increase the number of customers, instead of loosing them. A story of an attack run 24/7 or several days, mitigated with ‘cheap’ hw/sw solution and how full disclosure saved the company image.

    sala: A & B

    • Alessio "Mayhem" Pennasilico

    November 17, 2009 11:30 - November 17, 2009 12:30
13. Real World security in a Virtual Infrastructure

    Subject: State of the art of security in the virtualization world

    Abstract: While virtualization technologies are becoming more and more pervasive, little is actually known about their security implications in the real world. High profile attacks have been developed, leveraging low-level vulnerabilities down to the CPU level. However, while most of these attacks are far beyond the grasp of the mast majority of the attackers, a lot of easier and equally dangerous threats lurk in the virtualization shadow. In this presentation, I will outline real world attacks to the most common virtualization environments, with brand new “try it at home” examples and long term strategies. I will demo attack vectors I have identified against various virtualization components, including management consoles, virtual appliances,
    vm memory and more.

    Audience will learn: Old and new, real world threats to virtualization environments

    sala: A & B

    • Claudio Criscione

    November 17, 2009 12:30 - November 17, 2009 13:15
14. Attack vectors against mobile devices

    Subject: Attacks faced by handset users today.

    Abstract: Introduction
    Attacking the hardware
    - Theft
    - How it could be eliminated technically
    - Why this hasn’t been done so far(qui bono)
    - Consequences for the victim
    Attacks on device data
    - Why?
    - Social engineering attacks
    - Device theft for data reasons(how to extract the data)
    - Memory card theft(and how to avoid it)
    - Viruses, etc
    Attacks on the user’s wealth
    - Dialers
    - Callback spam

    Audience will learn:What endangers mobile devices (smartphones) and how to keep them safe.

    sala: A & B

    • Tam Hanna

    November 17, 2009 13:15 - November 17, 2009 14:15
15. S60 code signing – analyzing mobile code security systems

    Subject: An analysis of the code signing and rights management system used by Symbian.
    Abstract: Symbian (formerly known as S60) is the most-deployed smartphone operating system which furthermore has the “dumbest” users.

    This led to a highly explosive situation, and brought us mass virus outbreaks in football stadiums (see hakin9 article for further info on this).
    In response, a very harsh rights management system for code was implemented into the OS. This is unique in the world IMHO, and is very well thought-out….but has still caused endless grief for developers.
    My presentation would look at both practical and theoretical aspects of code rights management in general and the S60 model in specific!

    Audience will learn:
    How mobile OS-level code rights management works.
    What must be kept in mind when designing these.

    sala: A & B

    • Tam Hanna

    November 17, 2009 15:00 - November 17, 2009 16:30
16. Panel discussion - Security Breaches in 2009: what happened and why?

    Panel discussion
    Security Breaches in 2009: what happened and why ?
    Keywords:
    Database Breaches
    PCI-DSS
    Mobile phones

    All the speakers are invited to attend !

    sala: A & B

    • Raoul "Nobody" Chiesa
    • Alessio "Mayhem" Pennasilico

    November 17, 2009 16:30 - November 17, 2009 17:30
17. Can Data Leakage Prevent Data Leakage

    Synopsis:
    Data Leakage Prevention (DLP) is a new approach to avoid any kinds of data leakage in corporate environments. The review of two DLP suites by big vendors revealed several vulnerabilities and design flaws. This talk will explain the DLP approach in details and point out which problems come with the implementation of a DLP solution. Additionally, conrete vulnerabilities will be presented and discussed.

    Bio of speakers: Matthias and Michael are seasoned pentester with vast experience in corporate environments. Over the years They focused on evaluating and reviewing all kinds of applications. We are one of the first researchteam who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention . Both are frequent speaker at international security conferences and will happily share his knowledge with the audience.

    sala: A

    • Matthias Luft

    November 18, 2009 09:00 - November 18, 2009 10:30
18. Backbone technologies aren’t secure: how to hack BGP and MPLS

    Synopsis:
    The talk is based on research work and some real live security projects we performed in carrier space.
    After some introduction into the main technologies (MPLS, Carrier Ethernet etc.) we will discuss vulnerabilities and types of attacks & attackers. It will turn out that the concept of a “trusted core” that is often postulated as a prerequisite for the security of this stuff does not hold in many cases. Furthermore the protocol basics and security implications of a bunch of current carrier technologies (VPLS, 802.1 QinQ, PBT) will be discussed. We will release a new (Linux based) tool suite automating some attacks and will demonstrate for example, how a BGP MD5 key can be bruteforced and how multiprocotol BGP can be manipulated to redirect MPLS VPN traffic on a large scale.

    Bio of speakers: Daniel is long time network geeks who love to explore protocols and to break flawed ones.

    sala: B

    • Oliver Roeschke

    November 18, 2009 09:00 - November 18, 2009 10:30
19. BYOL: Forensic investigation techniques: Data Carving

    Subject: Forensics: recovering data and investigate it for valuable information.

    Abstract: ‘File Carving‘ or sometimes simply carving, is the process of extracting a collection of data from a larger data set. Data carving techniques frequently occur during a digital investigation when the unallocated file system space is analyzed to extract files. The files are “carved” from the unallocated space using file type-specific header and footer values.
    File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing. Carving is also especially useful in criminal cases, where the use of carving techniques can recover evidence. In certain cases related to child pornography, Law Enforcement agents were able to recover more images from the suspect’s hard-disks by using carving techniques.
    During this presentation you will get information about forensic research and how data carving fits in.

    Hands-on: – testing tool(s) on some images to get grip
    Little forensic challenge that the audience needs to complete
    To support the audience, they will get a cd-rom with the necessary tools and images to complete the labs and final Challenge.

    Audience will learn: The basics of data carving, how to do a little forensic investigation and the tools used.

    sala: A

    • Christiaan Beek

    November 18, 2009 10:50 - November 18, 2009 13:20
20. BYOL: Endpoints: the hacker’s darling
    sala: B

    • Oliver Roeschke
    • Gunther Niehues

    November 18, 2009 10:50 - November 18, 2009 13:20
21. BYOL: Web Hacking Kung-Fu

    Subject: Join this track if you want to test your web security skills against the Hacking-Lab web application

    Abstract: Hacking-Lab has more than 50 wargames (BYOL) where individuals can learn and test their security skills. Ivan will bring the web security wargames to Warsaw and give the audience the chance actively to attack and defense against web security threats.

    Audience will learn: Learn more about web security – in a practical manner. Cases are organized after the OWASP Top 10 lists. Ivan will bring-in wargames for all and more OWASP security issues.

    sala: A

    • Ivan Buetler

    November 18, 2009 14:20 - November 18, 2009 17:00
22. BYOLs: "Cracking WEP & WPA" and "Lockpicking & Bumping"

    1) Cracking WEP & WPA: let’s do it together ! (BYOL, 1h30m)
    Subject: WiFi cracking is not a news, but let see together the different techniques that made it easier and quicker.

    Abstract: Wireless networks technologies are widely used today both from enterprises and end-users. An interesting part of these wireless networks are not properly protected because are not encrypted, are using weak encryption method) or are using weak passwords. There are many tools to exploit these weakness. We well see the state of the art of the difference techniques with some practical examples.

    Audience will learn: Some bases of cryptography. The different way of cracking a WEP-protected wireless network, based on the presence of traffic or clients. How to perform a smart brute-forcing of WPA passwords.

    Break, Q&A (10 minutes)

    2) Lockpicking & Bumping from the theory to your hands (BYOL, 1h)
    Subject: “Professional lockpickers” are not so different from you! With the right tools, and only a bit of training, anybody can do it.

    Abstract: Mechanical weakness of standard and security locks are a really serious problem. Most of the locks we are using today could be easily opened without any damage in few minutes/seconds. So, when we think about security on IT-applications, we have to consider also the logical security problems. The lockpicking tools or bump keys could be easily home-produced or bought on the internet, so anybody could be able to open your doors!

    Audience will learn: How a lock works. How a lock shouldn’t work. How to pick/bump a lock (small practical lab).

    sala: B

    • Paolo Ruggero

    November 18, 2009 14:20 - November 18, 2009 17:00

Speakers

• 

  Raoul "Nobody" Chiesa

  Raoul has been active in the field of computer security research at a high level since 1997, when as a member of a team of experts and researchers, he contributed to national and international Security R&D projects; before that year, beginning in 1986, he has been one of the most known european hackers, using the nickname “Nobody”.Mr. Chiesa and @ Mediaservice.net’s team work with research institutes, multinational companies, finance & banking operators, Public Administration and Public Health services,telcos and LEAs, all asking for top-level and vendor-independent consultancy and/or training services. Moreover, Raoul Chiesa has committed himself to a campaign of “technological diplomacy”, we may say, according to which he has been fostering the purest ethical hacking spirit and IT Security in Italy and Europe, far from mere trade and brand interests, in order to support his own vision of Open Source. Raoul belongs to the Board of Directors Members at ISECOM, OWASP Italian Chapter, Telecom Security Task Force (TSTF.net) and Italian Computer Security Association.

• 

  Alessio "Mayhem" Pennasilico

  Mr. Alessio L.R. Pennasilico, a.k.a. mayhem, 30 years, lives and works in Verona (Italy) as a Security Evangelist for Alba S.T. s.r.l.

  His personal and working interests are into Information Technology, focusing on security issues, OpenSource and Digital Rights. That’s why he soon became a member of many independent organizations, such as AIPSI, AIP, CLUSIT, Italian Linux Society, OpenBeer, VoIPSA, Metro Olografix, Sikurezza.org, ISAC-IT, Recursiva.org, Thawte, ISECOM’s Hacker’s Profiling Project (HPP), Critical Infrastructures Security Test and Analysis Lab (CrISTAL) and many LUGs.

  He is usually invited as a speaker at most of the international events such as IT Underground, Hack in the Box, CCC, Confidence, SMAU, Infosecurity, E-privacy, Linux Day, OpenCon, OpenEXP, ESC and the Italian HackMeeting. Alessio also holds workshops in secondary schools and italian universities, with the aim of spreading the culture for an aware use of nowaday’s technology.

• 

  Oliver Roeschke

  Oliver Roeschke
  is a seasoned pentester with vast experience in corporate environments. Over the years he developed his own approach to attack VoIP-Technologies. As a member of the ERNW-Team he is also involved in Application- and WLAN-Security. Oliver is a frequent speaker at international security conferences and will happily share his knowledge with the audience.

• 

  Christopher Werny

  Christopher Werny
  is a it-professional focused on design and implemention of secure networks. He likes to spend all day an night to analyse complex infrastructures and system. As a professional trainer, Christopher is also prepeared to teach the latest it-securty related information to CIO, CISO and the hacking community.

• 

  Zbigniew Zarzycki (IBM)

  Zbigniew Zarzycki is an IT professional working in IBM Software Group, Poland. Deals with the design and implementation of the software delivery teams work and technical support for managing sales and product development with IBM Rational family. He is a certified specialist in the management of manufacturing processes and tools that support the work of teams, and co-author of books for software developers.

• 

  Claudio Criscione

  Claudio works as Principal Consultant at Secure Network, a consultant firm focusing on security based in Milan, Italy. He got his master degree cum laude at the Milan TU, and has been a speaker in international and national conferences. He writes about virtualization security on virtualization.info, and has a strong background in web application security.

• 

  Tam Hanna

  Long-term hakin9 contributor for mobile. Long-term experience in mobile industry, runs web sites with over 250khits/day. Furthermore develops apps for PocketPC, Palm OS and S60 platforms.

• 

  Matthias Luft

  Matthias Luft
  is a seasoned auditor with vast experience in large environments. Over the years he is focused on evaluating and reviewing all kinds of applications. So he’s one of the first researches who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention . He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

• 

  Christiaan Beek

  Christiaan Beek has been working in the security field for several years. Working for national and international companies, he gained knowledge of hacking techniques, forensic analysis and incident response. Currently he is working as a security consultant/ethical hacker & trainer for a Dutch company, TenICT. His free time is spent with security research & writing for several media outlets.

• 

  Gunther Niehues

  Gunther Niehues
  is a specialist in the network security. He is in deep touch with various kind of protocols. He loves to manipulate environments based on Cisco and VMware. Due to his long expirience, Gunther knows all the dirty tricks and workarounds to get into systems based on Windows and Linux.

• 

  Ivan Buetler

  After completing his studies for a B.S. of Electrical Engineering, Ivan Buetler worked for several Swiss companies in the field of banking, electronic stock market and IT security while completing his post-graduate studies in Business Management. In 1999 Ivan co-founded Compass Security AG, a Swiss ethical hacking and penetration testing company located in Rapperswil Switzerland. Several of his publications on network and computer security have raised international recognition. Besides his own business he is also a tutor at both the University of Applied Sciences in Rapperswil and the Lucerne University of Applied Sciences and Arts. Ivan was a recent speaker at Blackhat 2008 Las Vegas about Smart Card (In)Security and APDU Debugging and organizer of European Computer Wargame Excercises – Swiss Cyber Storm II.

• 

  Paolo Ruggero

  Paolo Ruggero is an IT-security consultant who works as a freelancer for different Italian and European companies. His personal interests are ever been into Information Technology, focusing on new technologies and the related security and implementation problems. For this reason he started experimenting with WiFi networks many years ago both on local and long range implementation since He’s also an HAM Radio operator. In order to be always updated on the newest technologies, he usually don’t miss any of Italian and internationals ICT meetings (CCC, XS4ALL events, InfoSecurity, BBF, ESC, Hackmeeting).

Day I – 16.11.2009r.
Workshops
Day II – 17.11.2009r.
Conference
Day III – 18.11.2009r.
Conference