Free Professional Pen Testing Security Workshop

Shad0r · 06-06-2006 2:26pm #1

Date: Thursday, June 22, 2006
Time: 6:00 pm to 8:30 pm
Location:
The Morrison Hotel
Ormond Quay, Dublin 1
Cost: FREE
Registration: Required
Email: neil.sisson@newhorizonsireland.com

Penetration Testing (Ethical Hacking):
This workshop will introduce attendees to new hacking techniques and methods used to break into networks. Attendees will learn how the focus of security has changed in recent years and will see how penetration testing (Ethical Hacking) can make a huge difference in your security program.

Attendees will see live and simulated demonstrations of attacks on computer systems.

Seeing the ease with which these attacks are carried out will demonstrate the problems faced by information security personnel every day. Upper level management also needs to be aware of such techniques used by hackers.

Attendees will also have an opportunity to use fully test Core Impacts $25000 Professional Penetration Testing Software.
http://www.coresecurity.com/products/index.php

Attendees must be at least 21 years of age. Seating is limited

Workshop Overview
1. Zombies
2. Profiling Hackers?
3. Attacker Landscape.
4. Pen Testing Methodology
5. General Pen Testing Tools
6. Vulnerability Life Cycle
7. Exploit TimeLine
8. Core Impact Hands On Lab.

Static M.e. · 06-06-2006 2:41pm

Sounds good.

Shad0r · 07-06-2006 10:02am

Static M.e. wrote:

Sounds good.

Whats not good about free!

FYI: Of the forty seats available yesterday morning, there are now only 4 left.

If you want to go you need to mail me (with name, company, job title and contact number) asap.

WizZard · 07-06-2006 10:41pm

If this is the evening class that's held during the CPTS courses, then I can highly recommend it.

hmmm · 08-06-2006 11:07am

Shad0r wrote:

Attendees will learn how the focus of security has changed in recent years

Has it? Care to enlighten us?

I think the focus has changed because security people have had to become risk managers who can communicate and sell security to the business, but I'm not quite expecting this to be your answer.

Shad0r · 08-06-2006 12:11pm

hmmm wrote:

Has it? Care to enlighten us?

Nope. But I'm only one of the people organising the event, not a security expert. I wouldnt pretend to be able to speak at anywhere approaching the level of the Mile2 guys who will be speaking at the seminar.

The evening is free to attend so if you are interested in becoming enlightened as to your question then please by all means send me a mail and I will register you.

Shad0r · 08-06-2006 12:13pm

ANNOUNCEMENT:
Due to phenominal demand we have had to change the venue from our training centre here in town to the Morrison Hotel.

This will allow us to increase capacity substantially, so once again there are lots of seats available.

Static M.e. · 08-06-2006 12:39pm

Sorry but where is the Morrison Hotel? Not from Dublin. I could google but I dont want to end up in the wrong place

Shad0r · 08-06-2006 2:18pm

Static M.e. wrote:

Sorry but where is the Morrison Hotel? Not from Dublin. I could google but I dont want to end up in the wrong place

Its on Ormond Quay, which is the Liffey quay on the northside of the city that runs between the Italian Quater/Millenium bridge and Capel St.

http://www.morrisonhotel.ie/

Static M.e. · 08-06-2006 3:14pm

Thanks, looking forward to it.

WizZard · 08-06-2006 3:55pm

Shad0r wrote:

Nope. But I'm only one of the people organising the event, not a security expert. I wouldnt pretend to be able to speak at anywhere approaching the level of the Mile2 guys who will be speaking at the seminar.

As a matter of interest, who is speaking?

Cake Fiend · 08-06-2006 7:01pm

Mail0red.

Shad0r · 09-06-2006 11:24am

WizZard wrote:

As a matter of interest, who is speaking?

Wayne Burke will be giving the seminar. He is the Chief Information Officer for Mile2.

WizZard · 09-06-2006 11:25am

I might go so. He's an excellent speaker

scojones · 09-06-2006 2:59pm

I'd love to go but not being near Dublin sucks. This sounds really good though.

aerocell · 09-06-2006 8:04pm

If you want to go you need to mail me (with name, company, job title and contact number) asap.

OK does that mean that you must be actually working in the security area to go? or can anyone? I am studying Programming.
Please let me know asap.
Thanks

Shad0r · 13-06-2006 2:18pm

aerocell wrote:

OK does that mean that you must be actually working in the security area to go? or can anyone? I am studying Programming.
Please let me know asap.
Thanks

No you dont need to be working in the security industry. Send me an email and substitute company details for your course details. Substitute job title for the year of your course.

tech · 18-06-2006 7:21pm

what was the speach like

Cake Fiend · 18-06-2006 8:43pm

tech wrote:

what was the speach like

Hang on, I'll start up the DeLorean...

tech · 18-06-2006 10:35pm

ooops sorrry can someone record it for me so since it hasnt been on yet

get it on a podcast!

Shad0r · 20-06-2006 2:32pm

tech wrote:

ooops sorrry can someone record it for me so since it hasnt been on yet get it on a podcast!

:rollears:

Do I need to mention (cause I sorta thought it went without saying) that recording and podcasting the seminar would be very bold...the illegal type of bold I'd imagine.

The seminar is only for people who could be ar$ed getting off their asses and coming in to be there.

tech · 20-06-2006 2:34pm

that all very well but due to my location and work commits I wont be able to travel

niT · 20-06-2006 3:16pm

it would be really great if $company_holding_seminar would record the event and release it to the relevant podcast sites (like the forensic security podcast) so that it raised awareness within professionals in the field and generated good press so that a second event would be far more popular, thereby generating more revenue for said $company_holding_seminar.

just a thought

Gavin · 21-06-2006 3:24pm

Sent off a mail. Places still available ?

Gav

Hecate · 21-06-2006 3:37pm

Gahh..why do I always hear about these things at the last minute?!

Mail sent

Static M.e. · 21-06-2006 4:05pm

links people links!!

Which "forensic security podcast" do you speak of?

NutJob · 21-06-2006 4:59pm

links ???

Odeo: Security Now!

Odeo: PaulDotCom Security Weekly

Odeo: The Security Catalyst

one or two of these are smokeing something funny at times so take with salt and do some research.

theres probably more two

Shad0r · 22-06-2006 9:29am

Registration for the event is officially closed!

There are currently 110 people registered so make sure to get there early to get a good seat!!

The event kicks off at 6pm sharp, please do not be late.

The event is completely fully booked, so please do not turn up expecting to get in if you are not registered. If you have not registered and received a reply informing you that you are registered then I'm sorry but you will have to wait until the next time we do this.

Shad0r · 23-06-2006 11:18am

First of all thanks to all who attended and apologies for the technical difficulties. Wayne's primary laptop (an alienware machine) gave up the fight while he was setting up in the Morrisson and unfortuntely then the laptop he had to use wasnt configured properly. Its a good thing that he always travels with three of them!

bedlam wrote:

This was a real dissapointment (disregarding the technical difficulties). It was not much more than a sales pitch to convince management to send people on the training. Lots of people in suits furiously scribbling down notes like "170,000 zombied hosts!" "use WPA not WEP" and so on.

Just because someone wears a suit doesnt mean that they are management. Wayne spoke about all the points I put in my first post here:
1. Zombies
2. Profiling Hackers?
3. Attacker Landscape.
4. Pen Testing Methodology
5. General Pen Testing Tools
6. Vulnerability Life Cycle
7. Exploit TimeLine
8. Core Impact Hands On Lab

except the last one. And that's actually my fault. I should have taken that part out of there when we had to increase the venue size. I apologise for forgetting about it.

The original post referenced these two together, however the New Horizons person who did the intro said in passing that they should not be confused (PT > EH), any chance this was due to the fact they offer the CPTS and not the CEH?

Did it ever occur to you that New Horizons chose to give the CPTS course rather than the CEH? If the CEH was a better cert than CPTS we would be delivering that and not the CPTS. There isnt enough room in the Irish market to deliver both at the moment, but even if there was, we wouldnt deliver the CEH, because the CPTS IS a better cert from a "future emplyability" point of view.

FYI: Mile2 are a New Horizons global training partner. They are also the largest organisation in the world for delivering the CEH.

April 26 2005 - Today an EC-Council Authorized Training Center contacted Mile2 to request information about CPTS & CPTE. In addition to training they have a professional services practice that offers Pen Testing. The caller said he had an employee sitting next to him who teaches CEH, and that this instructor stated that "there is hacking, and there is pen-testing". When asked if he believes that CEH is adequate for pen testing, he responded "No". Further, he said if they receive a request for pen testing services, they can't even send their CEH instructor because "it is not pen testing" and that they "have to use a different methodology".

If you are genuinely interested in the differences between the two certs you can read more here: http://www.mile2.com/CEH_vs_CPTS.html

Of the "new hacking techniques" we got to see an nmap scan, an attempt at a dcom exploit, a look at the cain and abel interface (couldnt run that on a public network) and Metasploit VNC server injection.

The purpose of the seminar was to demonstrate how easy it is nowadays with a little knowledge to penetrate supposedly secure systems. Aside from the technical difficulties that he had I think Wayne did a great job.

Stay tuned for a link to another seminar Wayne did a while back somewhere else, where he didnt have technical problems...

liamo · 23-06-2006 11:42am

In fairness, when a company offers an event like this I would expect it to be a marketing exercise. By way of an analogy, the Metro and Herald free-sheets aren't being given away out of the goodness of their hearts - it's a business. Just because the papers are full of ads doesn't mean that the news has any less value. Similarly, the information at this event was valuable even if the purpose was to highlight the vulnerability of software in order to boost sales.

The difficulties that Wayne encountered were unfortunate but he did his best with what he had.

Although much of the content was old-hat to quite a few people in the room, I did find it interesting to see a remote shell being gained with little more than a few mouse clicks.

Overall, I though it was worthwhile to attend. Well done, guys.

Regards,

Liam

NutJob · 23-06-2006 12:39pm

Iv seen videos of worse of defcon Demos:D

All and all it was well worth the trip. I agree it was a marketing exercise but not everyone in the room had seen those toys before.

I did come expecting a little more advanced a discussion but talking nop slides and Snort rules would have cleared the room

Then again you could demo for two days and still only touch the surface.

As for the technical difficulty it happens to everyone even Bill G got a blue screen while demoing (still think its funny)

Have to admit i was disappointed at not seeing core as i doubt ill ever get the chance to see it in action.

Thumbs up and a thanks to Wayne.

Free Professional Pen Testing Security Workshop

Comments