Software Wydawnictwo

Opis wydarzenia

IT UNDERGROUND to największa w Europie Środkowo-Wschodniej konferencja poświęcona tematyce hackingu.

Przeznaczona jest dla specjalistów IT, administratorów oraz wszystkich zainteresowanych problematyką bezpieczeństwa sieciowego. Założeniem przyświecającym IT Underground Team jest aktywny udział uczestników w konferencji. JESTEŚMY PRZECIWNI TEORETYCZNYM, NUDNYM PREZENTACJOM!!!

Część wykładów będzie prowadzona w formie BYOL (Bring Your Own Laptop).
Wykłady te będą skierowane przede wszystkim do uczestników, którzy przyniosą na konferencję własne laptopy i dzięki temu będą mogli aktywnie uczestniczyć w sesjach. Uczestnicy będą mogli wystartować swoje komputery ze specjalnie przygotowanej płyty CD zawierającej dystrybucję hakin9.live, a następnie włamać się do sieci testowej używając technik opisanych przez wykładowcę lub obronić się przed atakiem przeprowadzonym przez innych uczestników.

Coraz szerszy, nieograniczony dostęp do globalnej sieci sprawił, że musimy mierzyć się z zagrożeniami, które jeszcze całkiem niedawno spotkać można było tylko w futurystycznych wizjach pisarzy i reżyserów.

Wirusy, robaki, ataki hakerów i inne cyberzagrożenia są obecnie częścią codziennego życia. Szkodliwe oprogramowanie rozprzestrzeniające się w Internecie, szybki rozwój w dziedzinie systemów komputerowych i telekomunikacyjnych, szerokopasmowe łącza, “czarne Charaktery” kradnący poufne informacje oraz pomysłowość użytkowników społeczności internetowej obligują osoby odpowiedzialne za bezpieczeństwo sieci do stałej czujności oraz nieprzeciętnej umiejętności identyfikacji i neutralizacji zagrożeń.

Wymagania w zakresie bezpieczeństwa i niezawodności systemów informacyjnych zatem ciągle wzrasta.

Do tego niezbędna jest wiedza. AKTUALNA WIEDZA!

Nie bądź naiwny – nawet najdroższe programy antywirusowe nie ochronią Twojej firmy przed atakami hakerów – żaden program nie zastąpi inteligencji i umiejętności człowieka.

Nie przekonuj się na własnej skórze, jak łatwo i szybko można utracić cenne, firmowe dane…
Nie czekaj aż niebotyczna ilość spamu zablokuje serwer pocztowy w Twojej firmie…
Po prostu nie ryzykuj!

Jeśli chcesz uniknąć cyfrowej katastrofy, chcesz podnieść swoje umiejętności czy po prostu pragniesz poznać wyniki aktualnych badań w dziedzinie bezpieczeństwa informatycznego
ZAREJESTRUJ SIĘ już dzisiaj na konferencję IT UNDERGROUND 2009!

UWAGA!!!!

!!! Wszystkie wykłady będą prowadzone w języku angielskim!!!

Warsztaty

WORKSHOP 1
Raoul “Nobody” Chiesa, Alessio “mayhem” L.R. Pennasilico
Part1: TITLE: Auditing the hacker’s mind: profiling hackers
Part2: TITLE: Social Engineering applied to Professional Penetration Testing, Release 2.0

WORKSHOP 2:
Oliver Roeschke and Christopher Werny
TITLE: VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

Więcej informacji w opisach Prelekcji

Rada programowa
1. Saumil Shah
2. Raoul “Nobody” Chiesa
3. Alessio “mayhem” L.R. Pennasilico

CFP – Przepraszamy, ale agenda jest pełna.

Zapraszamy do zgłaszania swoich propozycji wykładu na konferencję IT Underground.
Jeśli masz ciekawy pomysł na prezentację i chciałbyś podzielić się swoją wiedzą, nie zwlekaj – zgłoś swój wykład na konferencję IT Underground.

W poprzednich edycjach prelegentami byli między innymi: Ofir Arkin, Joanna Rutkowska, Maximillian Dornseif, David h1kari Hulton, Chuck Willis, Charl Van der Walt, Shalom Carmel, Martin Herfurt, Adam Laurie, Marcel Holtmann, Alexander Kornbrust, Saumil Udayan Shah, Robert Lee Ayers, Dave Aitel, Stefano Zanero, Thorsten Holz, Michael Shema, Piotr Sobolewski, Michal Szymanski, Paul Wouters, Rakan El-Khalil, Wojciech Dworakowski, K.K. Mookhey, Pawel Krawczyk, Renaud Bidou, Jim Geovedi, Neil Archibald, Ilja van Sprunder.

Ostateczny termin nadsyłania prezentacji upłynął 20 września.

Prelegentom, którzy zechcą wygłosić wykład podczas konferencji, zapewniamy:

• przejazd i zakwaterowanie
• pełne wsparcie przed konferencją i w podczas niej
• urządzenia multimedialne niezbędne do poprowadzenia prezentacji
• możliwość wymiany doświadczeń w międzynarodowym środowisku

Zgłoś swój wykład
Propozycje wykładów prosimy nadsyłać na adres: magdalena.siwek@itunderground.org
Każda kandydatura będzie analizowana przez naszą Radę Programową.

Cennik

Zgłoszenia do 20 października 2009:

• Rejestracja na warsztaty i konferencję 1650 zł + 22% VAT
• Rejestracja tylko na konferencję 1150 zł + 22% VAT
• Rejestracja tylko na warsztaty 850 zł + 22% VAT

Zgłoszenia po 20 października 2009:

• Rejestracja na warsztaty i konferencję 1900 zł + 22% VAT
• Rejestracja tylko na konferencję 1350 zł + 22% VAT
• Rejestracja tylko na warsztaty 1100 zł + 22% VAT

10% zniżki dla:

• uczestników poprzednich edycji
• prenumeratorów czasopism Hakin9 bądź Linux
• studentów
• grup powyżej dwóch osób

Zniżki się nie sumują.

Powyżej podane ceny obejmują obiad i przerwę kawową każdego dnia oraz bezpłatny dostęp do internetu.
Po ukończeniu konferencji każdy z uczestników otrzyma certyfikat.
Osoby odwołujące uczestnictwo do 14 dni przed rozpoczęciem konferencji uzyskają 100% zwrot opłat. Od 13 dni przed rozpoczęciem konferencji nie przyjmujemy odwołań uczestnictwa w imprezie. Osoby, które nie odwołają swej rezerwacji a nie wezmę udziału w konferencji będą obciążone pełnymi kosztami uczestnictwa.

Kontakt

W przypadku jakichkolwiek pytań proszę o kontakt:
Magdalena Siwek
Specjalista ds. organizacji konferencji i szkoleń
tel. (0-22) 427 37 08
fax. (0-22) 244 24 59
magdalena.siwek@itunderground.org

Prelekcje

1. Inauguration
   sala: A & B

   17 Listopad 2009, 09:00 - 17 Listopad 2009, 09:15
2. Workshop 1 (a): Auditing the hacker's mind: profiling hackers

   ABSTRACT: This exciting, brand-new workshop will detail the results from HPP (Hackers Profiling Project) by ISECOM and the United Nations (UNICRI).

   Partecipants will be able to:
   - understanding the basic and details of Criminal Profiling;
   - understanding the Jargon, the HPP project and a general overview on Criminal Profiling;
   - running a deep analysis of the 9 Hacker’s Categories;
   - runnin a full analysis of the HPP questionnaires (psychological, criminological and hacking point of views);
   - obtain an overview of HPP questionnaire’s answers;

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   16 Listopad 2009, 09:00 - 16 Listopad 2009, 10:45
3. Workshop 2 (a): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   Bio of speakers: Oliver and Christopher are seasoned pentesters with vast experience in corporate environments. Over the years they’ve developed their own approach and toolbox to attack all kinds of VoIP-Technologies. Both are frequent speakers at international security conferences and will happily share their knowledge with the audience.

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   16 Listopad 2009, 09:00 - 16 Listopad 2009, 10:45
4. Workshop 1 (b): Auditing the hacker's mind: profiling hackers

   ABSTRACT: This exciting, brand-new workshop will detail the results from HPP (Hackers Profiling Project) by ISECOM and the United Nations (UNICRI).

   Partecipants will be able to:
   - understanding the basic and details of Criminal Profiling;
   - understanding the Jargon, the HPP project and a general overview on Criminal Profiling;
   - running a deep analysis of the 9 Hacker’s Categories;
   - runnin a full analysis of the HPP questionnaires (psychological, criminological and hacking point of views);
   - obtain an overview of HPP questionnaire’s answers;

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   16 Listopad 2009, 11:10 - 16 Listopad 2009, 13:00
5. Workshop 2 (b): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   16 Listopad 2009, 11:10 - 16 Listopad 2009, 13:00
6. Workshop 1 (c): Social Engineering applied to Professional Penetration Testing, II Edition

   ABSTRACT: This famous workshop has been updated, with new and exciting SE techniques, policies, etc.
   Speakers Raoul “Nobody” Chiesa (aka “the italian Kevin Mitnick”) and Alessio “mayhem” L.R. Pennasilico will bring the audience into this exciting world. SE gadgets will be shown to the audience as well (spypens, digital video recorders, voice changers, etc..).

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   16 Listopad 2009, 14:00 - 16 Listopad 2009, 16:00
7. Workshop 2 (c): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   16 Listopad 2009, 14:00 - 16 Listopad 2009, 16:00
8. Workshop 1 (d): Social Engineering applied to Professional Penetration Testing, II Edition

   ABSTRACT: This famous workshop has been updated, with new and exciting SE techniques, policies, etc.
   Speakers Raoul “Nobody” Chiesa (aka “the italian Kevin Mitnick”) and Alessio “mayhem” L.R. Pennasilico will bring the audience into this exciting world. SE gadgets will be shown to the audience as well (spypens, digital video recorders, voice changers, etc..).

   sala: A

   • Raoul "Nobody" Chiesa
   • Alessio "Mayhem" Pennasilico

   16 Listopad 2009, 16:15 - 16 Listopad 2009, 18:00
9. Workshop 2 (d): VoIP – How attackers manipulate your VoIP-Infrastructure and how you prevent!

   Synopsis:
   Have you heard about all the funky tools witch are used to hack into a VoIP-Network and don’t know how to use them? Or do you already used them for your own purposes and want to know how to implement mitigating controls for preventing these kind of attacks? If your answer is yes, this Workshop is the right one for you! We will focus on VoIP-Networks and show you how to abuse the used Protocols (H323, SIP,…) and the underlying hardware (CUCM, Cisco IP Phones, Cisco-Router). But that’s not all of it. We also show you some real live examples. For example how Hackers braked in to a VoIP-Router of a big company and how they used an unsecure configuration to make their own calls. You will have exercises by BYOL sessions and demos using the most common attacks in the first half and in the second half of the workshop we will teach you how to implement mitigating controls on VoIP-Networks.

   Agenda:
   Overview of VoIP-Components
   How do they interact?
   Investigation of the used Protocols
   Abuse of the underlying network infrastructure
   Abuse of the used VoIP-Protocols
   Hacking-Tools in action
   RLE (Real Life Example) of an Attack
   How to secure the VoIP-Devices
   How to secure the VoIP-Protocols
   Best practices of VoIP-Security

   sala: B

   • Oliver Roeschke
   • Christopher Werny

   16 Listopad 2009, 16:15 - 16 Listopad 2009, 18:00
10. PCI-DSS from an hacker’s perspective

    PCI-DSS from an hacker’s perspective: the (official) standard, the (untold) facts
    a.k.a. There are many ways to steal credit cards!

    Abstract:
    Introduction to the standard
    - PCI-DSS FAQs
    - Attacks to credit cards
    - The PCI-DSS defense model
    - Famous incidents
    - Subverting PCI-DSS: unconventional attack vectors
    - Conclusions

    sala: A & B

    • Raoul "Nobody" Chiesa

    17 Listopad 2009, 09:15 - 17 Listopad 2009, 10:15
11. Beware hacker = protect data.

    Organizations are relying more on web-based applications as a cost-effective way to communicate with customers and partners. However, these applications carry risks, and the volume of risks is increasing with the growing adoption of web-based applications. Application security is the process of identifying and correcting these vulnerabilities to protect applications from the risk of an internal or external attack in order to safely support business transactions. This process includes secure development practices, automated scanning and manual penetration testing to help ensure that personal or sensitive data cannot be accessed, modified, or stolen by malicious hackers. To help niche security experts who perform application audits, empowering development to integrate security testing alongside performance and functional testing is the logical next step to efficient and secure web application development.
    This lecture focuses on using IBM Rational Appscan family of tools on proactive preventing application against hacker attacks.

    sala: A & B

    • Zbigniew Zarzycki (IBM)

    17 Listopad 2009, 10:45 - 17 Listopad 2009, 11:30
12. Bakeca.it DDoS: How evil forces have been defeated.

    Abstract:
    DDoS attacks are becoming even more frequent. Companies, governments, anyone can be hit by those disruptive actions: the real problem is that so often is very difficult to mitigate the attack.
    Countermeasures are not always applicable, often very expensive. This case history shows up how a small company (less than 100 employees) can be the target of a very sophisticated attack. The incredible side of the story is how this small company, without any help from the ISP, was able to eact and increase the number of customers, instead of loosing them. A story of an attack run 24/7 or several days, mitigated with ‘cheap’ hw/sw solution and how full disclosure saved the company image.

    sala: A & B

    • Alessio "Mayhem" Pennasilico

    17 Listopad 2009, 11:30 - 17 Listopad 2009, 12:30
13. Real World security in a Virtual Infrastructure

    Subject: State of the art of security in the virtualization world

    Abstract: While virtualization technologies are becoming more and more pervasive, little is actually known about their security implications in the real world. High profile attacks have been developed, leveraging low-level vulnerabilities down to the CPU level. However, while most of these attacks are far beyond the grasp of the mast majority of the attackers, a lot of easier and equally dangerous threats lurk in the virtualization shadow. In this presentation, I will outline real world attacks to the most common virtualization environments, with brand new “try it at home” examples and long term strategies. I will demo attack vectors I have identified against various virtualization components, including management consoles, virtual appliances,
    vm memory and more.

    Audience will learn: Old and new, real world threats to virtualization environments

    sala: A & B

    • Claudio Criscione

    17 Listopad 2009, 12:30 - 17 Listopad 2009, 13:15
14. Attack vectors against mobile devices

    Subject: Attacks faced by handset users today.

    Abstract: Introduction
    Attacking the hardware
    - Theft
    - How it could be eliminated technically
    - Why this hasn’t been done so far(qui bono)
    - Consequences for the victim
    Attacks on device data
    - Why?
    - Social engineering attacks
    - Device theft for data reasons(how to extract the data)
    - Memory card theft(and how to avoid it)
    - Viruses, etc
    Attacks on the user’s wealth
    - Dialers
    - Callback spam

    Audience will learn:What endangers mobile devices (smartphones) and how to keep them safe.

    sala: A & B

    • Tam Hanna

    17 Listopad 2009, 13:15 - 17 Listopad 2009, 14:15
15. S60 code signing – analyzing mobile code security systems

    Subject: An analysis of the code signing and rights management system used by Symbian.
    Abstract: Symbian (formerly known as S60) is the most-deployed smartphone operating system which furthermore has the “dumbest” users.

    This led to a highly explosive situation, and brought us mass virus outbreaks in football stadiums (see hakin9 article for further info on this).
    In response, a very harsh rights management system for code was implemented into the OS. This is unique in the world IMHO, and is very well thought-out….but has still caused endless grief for developers.
    My presentation would look at both practical and theoretical aspects of code rights management in general and the S60 model in specific!

    Audience will learn:
    How mobile OS-level code rights management works.
    What must be kept in mind when designing these.

    sala: A & B

    • Tam Hanna

    17 Listopad 2009, 15:00 - 17 Listopad 2009, 16:30
16. Panel discussion - Security Breaches in 2009: what happened and why?

    Panel discussion
    Security Breaches in 2009: what happened and why ?
    Keywords:
    Database Breaches
    PCI-DSS
    Mobile phones

    All the speakers are invited to attend !

    sala: A & B

    • Raoul "Nobody" Chiesa
    • Alessio "Mayhem" Pennasilico

    17 Listopad 2009, 16:30 - 17 Listopad 2009, 17:30
17. Can Data Leakage Prevent Data Leakage

    Synopsis:
    Data Leakage Prevention (DLP) is a new approach to avoid any kinds of data leakage in corporate environments. The review of two DLP suites by big vendors revealed several vulnerabilities and design flaws. This talk will explain the DLP approach in details and point out which problems come with the implementation of a DLP solution. Additionally, conrete vulnerabilities will be presented and discussed.

    Bio of speakers: Matthias and Michael are seasoned pentester with vast experience in corporate environments. Over the years They focused on evaluating and reviewing all kinds of applications. We are one of the first researchteam who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention . Both are frequent speaker at international security conferences and will happily share his knowledge with the audience.

    sala: A

    • Matthias Luft

    18 Listopad 2009, 09:00 - 18 Listopad 2009, 10:30
18. Backbone technologies aren’t secure: how to hack BGP and MPLS

    Synopsis:
    The talk is based on research work and some real live security projects we performed in carrier space.
    After some introduction into the main technologies (MPLS, Carrier Ethernet etc.) we will discuss vulnerabilities and types of attacks & attackers. It will turn out that the concept of a “trusted core” that is often postulated as a prerequisite for the security of this stuff does not hold in many cases. Furthermore the protocol basics and security implications of a bunch of current carrier technologies (VPLS, 802.1 QinQ, PBT) will be discussed. We will release a new (Linux based) tool suite automating some attacks and will demonstrate for example, how a BGP MD5 key can be bruteforced and how multiprocotol BGP can be manipulated to redirect MPLS VPN traffic on a large scale.

    Bio of speakers: Daniel is long time network geeks who love to explore protocols and to break flawed ones.

    sala: B

    • Oliver Roeschke

    18 Listopad 2009, 09:00 - 18 Listopad 2009, 10:30
19. BYOL: Forensic investigation techniques: Data Carving

    Subject: Forensics: recovering data and investigate it for valuable information.

    Abstract: ‘File Carving‘ or sometimes simply carving, is the process of extracting a collection of data from a larger data set. Data carving techniques frequently occur during a digital investigation when the unallocated file system space is analyzed to extract files. The files are “carved” from the unallocated space using file type-specific header and footer values.
    File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing. Carving is also especially useful in criminal cases, where the use of carving techniques can recover evidence. In certain cases related to child pornography, Law Enforcement agents were able to recover more images from the suspect’s hard-disks by using carving techniques.
    During this presentation you will get information about forensic research and how data carving fits in.

    Hands-on: – testing tool(s) on some images to get grip
    Little forensic challenge that the audience needs to complete
    To support the audience, they will get a cd-rom with the necessary tools and images to complete the labs and final Challenge.

    Audience will learn: The basics of data carving, how to do a little forensic investigation and the tools used.

    sala: A

    • Christiaan Beek

    18 Listopad 2009, 10:50 - 18 Listopad 2009, 13:20
20. BYOL: Endpoints: the hacker’s darling
    sala: B

    • Oliver Roeschke
    • Gunther Niehues

    18 Listopad 2009, 10:50 - 18 Listopad 2009, 13:20
21. BYOL: Web Hacking Kung-Fu

    Subject: Join this track if you want to test your web security skills against the Hacking-Lab web application

    Abstract: Hacking-Lab has more than 50 wargames (BYOL) where individuals can learn and test their security skills. Ivan will bring the web security wargames to Warsaw and give the audience the chance actively to attack and defense against web security threats.

    Audience will learn: Learn more about web security – in a practical manner. Cases are organized after the OWASP Top 10 lists. Ivan will bring-in wargames for all and more OWASP security issues.

    sala: A

    • Ivan Buetler

    18 Listopad 2009, 14:20 - 18 Listopad 2009, 17:00
22. BYOLs: "Cracking WEP & WPA" and "Lockpicking & Bumping"

    1) Cracking WEP & WPA: let’s do it together ! (BYOL, 1h30m)
    Subject: WiFi cracking is not a news, but let see together the different techniques that made it easier and quicker.

    Abstract: Wireless networks technologies are widely used today both from enterprises and end-users. An interesting part of these wireless networks are not properly protected because are not encrypted, are using weak encryption method) or are using weak passwords. There are many tools to exploit these weakness. We well see the state of the art of the difference techniques with some practical examples.

    Audience will learn: Some bases of cryptography. The different way of cracking a WEP-protected wireless network, based on the presence of traffic or clients. How to perform a smart brute-forcing of WPA passwords.

    Break, Q&A (10 minutes)

    2) Lockpicking & Bumping from the theory to your hands (BYOL, 1h)
    Subject: “Professional lockpickers” are not so different from you! With the right tools, and only a bit of training, anybody can do it.

    Abstract: Mechanical weakness of standard and security locks are a really serious problem. Most of the locks we are using today could be easily opened without any damage in few minutes/seconds. So, when we think about security on IT-applications, we have to consider also the logical security problems. The lockpicking tools or bump keys could be easily home-produced or bought on the internet, so anybody could be able to open your doors!

    Audience will learn: How a lock works. How a lock shouldn’t work. How to pick/bump a lock (small practical lab).

    sala: B

    • Paolo Ruggero

    18 Listopad 2009, 14:20 - 18 Listopad 2009, 17:00

Prelegenci

• 

  Raoul "Nobody" Chiesa

  Raoul has been active in the field of computer security research at a high level since 1997, when as a member of a team of experts and researchers, he contributed to national and international Security R&D projects; before that year, beginning in 1986, he has been one of the most known european hackers, using the nickname “Nobody”.Mr. Chiesa and @ Mediaservice.net’s team work with research institutes, multinational companies, finance & banking operators, Public Administration and Public Health services,telcos and LEAs, all asking for top-level and vendor-independent consultancy and/or training services. Moreover, Raoul Chiesa has committed himself to a campaign of “technological diplomacy”, we may say, according to which he has been fostering the purest ethical hacking spirit and IT Security in Italy and Europe, far from mere trade and brand interests, in order to support his own vision of Open Source. Raoul belongs to the Board of Directors Members at ISECOM, OWASP Italian Chapter, Telecom Security Task Force (TSTF.net) and Italian Computer Security Association.

• 

  Alessio "Mayhem" Pennasilico

  Mr. Alessio L.R. Pennasilico, a.k.a. mayhem, 30 years, lives and works in Verona (Italy) as a Security Evangelist for Alba S.T. s.r.l.

  His personal and working interests are into Information Technology, focusing on security issues, OpenSource and Digital Rights. That’s why he soon became a member of many independent organizations, such as AIPSI, AIP, CLUSIT, Italian Linux Society, OpenBeer, VoIPSA, Metro Olografix, Sikurezza.org, ISAC-IT, Recursiva.org, Thawte, ISECOM’s Hacker’s Profiling Project (HPP), Critical Infrastructures Security Test and Analysis Lab (CrISTAL) and many LUGs.

  He is usually invited as a speaker at most of the international events such as IT Underground, Hack in the Box, CCC, Confidence, SMAU, Infosecurity, E-privacy, Linux Day, OpenCon, OpenEXP, ESC and the Italian HackMeeting. Alessio also holds workshops in secondary schools and italian universities, with the aim of spreading the culture for an aware use of nowaday’s technology.

• 

  Oliver Roeschke

  Oliver Roeschke
  is a seasoned pentester with vast experience in corporate environments. Over the years he developed his own approach to attack VoIP-Technologies. As a member of the ERNW-Team he is also involved in Application- and WLAN-Security. Oliver is a frequent speaker at international security conferences and will happily share his knowledge with the audience.

• 

  Christopher Werny

  Christopher Werny
  is a it-professional focused on design and implemention of secure networks. He likes to spend all day an night to analyse complex infrastructures and system. As a professional trainer, Christopher is also prepeared to teach the latest it-securty related information to CIO, CISO and the hacking community.

• 

  Zbigniew Zarzycki (IBM)

  Zbigniew Zarzycki is an IT professional working in IBM Software Group, Poland. Deals with the design and implementation of the software delivery teams work and technical support for managing sales and product development with IBM Rational family. He is a certified specialist in the management of manufacturing processes and tools that support the work of teams, and co-author of books for software developers.

• 

  Claudio Criscione

  Claudio works as Principal Consultant at Secure Network, a consultant firm focusing on security based in Milan, Italy. He got his master degree cum laude at the Milan TU, and has been a speaker in international and national conferences. He writes about virtualization security on virtualization.info, and has a strong background in web application security.

• 

  Tam Hanna

  Long-term hakin9 contributor for mobile. Long-term experience in mobile industry, runs web sites with over 250khits/day. Furthermore develops apps for PocketPC, Palm OS and S60 platforms.

• 

  Matthias Luft

  Matthias Luft
  is a seasoned auditor with vast experience in large environments. Over the years he is focused on evaluating and reviewing all kinds of applications. So he’s one of the first researches who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention . He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

• 

  Christiaan Beek

  Christiaan Beek has been working in the security field for several years. Working for national and international companies, he gained knowledge of hacking techniques, forensic analysis and incident response. Currently he is working as a security consultant/ethical hacker & trainer for a Dutch company, TenICT. His free time is spent with security research & writing for several media outlets.

• 

  Gunther Niehues

  Gunther Niehues
  is a specialist in the network security. He is in deep touch with various kind of protocols. He loves to manipulate environments based on Cisco and VMware. Due to his long expirience, Gunther knows all the dirty tricks and workarounds to get into systems based on Windows and Linux.

• 

  Ivan Buetler

  After completing his studies for a B.S. of Electrical Engineering, Ivan Buetler worked for several Swiss companies in the field of banking, electronic stock market and IT security while completing his post-graduate studies in Business Management. In 1999 Ivan co-founded Compass Security AG, a Swiss ethical hacking and penetration testing company located in Rapperswil Switzerland. Several of his publications on network and computer security have raised international recognition. Besides his own business he is also a tutor at both the University of Applied Sciences in Rapperswil and the Lucerne University of Applied Sciences and Arts. Ivan was a recent speaker at Blackhat 2008 Las Vegas about Smart Card (In)Security and APDU Debugging and organizer of European Computer Wargame Excercises – Swiss Cyber Storm II.

• 

  Paolo Ruggero

  Paolo Ruggero is an IT-security consultant who works as a freelancer for different Italian and European companies. His personal interests are ever been into Information Technology, focusing on new technologies and the related security and implementation problems. For this reason he started experimenting with WiFi networks many years ago both on local and long range implementation since He’s also an HAM Radio operator. In order to be always updated on the newest technologies, he usually don’t miss any of Italian and internationals ICT meetings (CCC, XS4ALL events, InfoSecurity, BBF, ESC, Hackmeeting).

Day I – 16.11.2009r.
Workshops
Day II – 17.11.2009r.
Conference
Day III – 18.11.2009r.
Conference