Program HackCon#11
Onsdag - dag 1, 17. | 2 | 2016
08.15 Dørene åpnes
08.15 – 11.00 Registrering HackCon#11
09.00 – 09.15 Administrativ informasjon
09.15 – 10.00 How to bypass your security with 30 dollar, Kevin Bong, US
This talk will introduce five different security-related hardware hacking projects that are great for beginners, each of which has a low cost (≈30 dollar) and can be completed in a few hours or less. Examples of the projects include travel router hacking with OpenWRT, building a directional Wi-Fi antenna, HID RFID snooping and spoofing with Arduino and USB keyboard spoofing with Arduino, and inline sniffer. A bill of materials and instructions for each project will be available online following the talk.
You will be amazed how this cheap project can bypass your security in cheap and "gentle" manner. And Yes, we will have hardware lab at HackCon where you can build the mentioned projects and test security on you own organization afterwards!
Session will be held by Kevin Bong. Kevin is a security researcher with an interest in hardware and electronics. He created the MiniPwner, a pocket-size penetration testing device used to get remote access to a network. He’s also an author, instructor and a speaker at international conferences.
Kevin is a Manager at 403 Labs, the Security & Compliance division of Sikich LLP. He focuses on information security and compliance issues faced by financial institutions. With his experience performing audits, penetration testing, risk assessments and forensic investigations, Kevin provides invaluable guidance to institutions affected by standards such as those related to the FFIEC, NIST, HIPAA and PCI DSS.
10.15 – 11.00 The Future is Now - Security implications of DIY (do it yourself) cybernetic implants and how to bypass your security, Alex Smith - Australia
Until now, we have been dealing with firewall, router, IDS etc to protect our information and secure our organization. A new challenge is coming on the horizon, biosecurity. We may think this a science fiction, but the truth is you already today can implant several devices in your body by yourself – and compromise the organization security on several levels. And this is what this talk is about – tomorrows security challenges.
This talk will cover the state of the art in biosecurity, including implanted magnetic sensors, NFC and RFID implants, implanted biomedical monitors and the security implications of implanted authentication devices. It will focus on new security challenges presented by implants available right now and those in the near future.
Previous Alex presented a new advance with cloning RFID access tags to implants. At HackCon he will cover this but expand it to include the new Mifare Classic cloneable implants he have developed.
The rise of cheap and easily available DIY implanted microprocessors brings with it a new set of security challenges. Such as covert data exfiltration and new vectors for malware infection. And yes, he will being a range of implantable devices to 'show and tell', and he can even implant RFID/NFC chips in people, if they want to.
This talk will be held by Alex Smith. Alex spent several years working as a software developer before switching to information security, he is now a senior consultant doing pen-testing for a security company in Melbourne, Australia. He has spoken at several conferences, and are founder of Cyberise Me, a company specializing in cutting edge DIY cybernetic implants for the human body, where he designs, builds and implants new devices.
If you want to see next generation security challenges, you should not miss this session. Alex will have a small biosecurity "village" where you can test out DIY security implants.
11.15 – 12.00 Når tradisjonell risikohåndtering ikke strekker til - hvordan håndtere sårbarheter og risikoer effektivt via dynamisk risikohåndtering, Suhail Mushtaq, Kristian Styrvoll – Norge.
Det har i det siste vært rettet stor fokus på at virksomhetene skal foreta risikovurderinger for å håndtere sårbarheter/risikoer i virksomheten. Men hva er egentlig en risikovurdering? Og bidrar risikovurderingene egentlig til å redusere sårbarheter og risikoer i virksomheten slik de praktiseres i dag? Hvem lages disse risikovurderingene egentlig for, og hva er formålet med dem? Vår påstand er at slik risikohåndtering ofte foretas i dag, ikke gir noe særlig merverdi til virksomheten.
På HackCon#10 orienterte vi om at vi vil bidra til å lette virksomhetenes arbeid med å håndtere risikoer. Etter nærmere ett års utvikling kan vi nå på HackCon#11 presenterer RT-RMAP, Real Time Risk Manager and Assets Protection, det vil si dynamisk risikohåndtering.
Dynamisk risikohåndtering er pragmatisk måte å tilnærme seg risikohåndtering på for å ivareta virksomhetens interesser, samt ha virksomhetens sårbarheter og risikoer under kontroll. Og ikke minst, at ledelsen og personellet til enhver tid er i stand til å håndtere de ulike risikoer og sårbarheter i virksomheten.
Hvis du synes at det er litt tungt å arbeide med tradisjonell risikohåndtering, eller føler at du ikke når frem med ditt budskap etter at du har foretatt risikohåndtering, eller føler at du har mistet oversikten over risikoer i virksomheten, kan vi love deg at etter du har startet med dynamisk risikohåndtering i RT-RMAP (etter at verktøyet er frigjort) vil du få et helt nytt perspektiv på risikohåndteringer. Vi kan sitere en som har arbeidet med risikohåndtering i over 15 år: "Med dette kan vi få kontroll over våre risikoer og sårbarheter, og forstår virkelig hva risikohåndtering er og bør være".
I denne sesjonen vil gå gjennom hva dynamisk risikohåndtering er, utfordringer med tradisjonell risikohåndtering, og hvordan du kan håndtere dine risikoer og sårbarheter på en enkel og pragmatisk måte. Og ikke minst, hvordan du skal kunne ivareta virksomhetens interesser og virksomhetens behov for å ivareta sikkerheten på ulike plan. På HackCon#11 kan du få første smakebit av RT-RMAP.
Denne sesjonen vil bli holde av flere forelesere som har utviklet metodikken, systemet, og eventuelt pilotbrukere. Hvis du skal håndtere risikoer i en verden som er i kontinuerlig endring, bør du få med deg dette foredraget for å kunne håndtere virksomhetens risikoer og sårbarheter enkelt og effektivt samt ivareta sikkerheten på en god måte.
12.00 – 13.00 Lunsj
13.00 – 13.45 How to protect our people (The Awkward Border), Laura Bell - New Zealand
People are problematic when it comes to security. We all know and laugh about the ease with which we can lie, cheat and steal from those around us whilst stubbornly refusing to admit that the same scams would probably work on us too.
A culture of fear and negative consequences spanning decades has given us a workforce that is not only scared of being attacked, but scared of saying something if they see a threat or do something wrong. So how do we change this?
Phishing services and video education have been the best we've seen so far but the attacks keep on coming. Our people are still at risk and behaviours aren't changing. Perhaps it's time for a new approach. Can we enable, empower and engage _all_ of our people to protect themselves and those around them? More importantly can we do this without destroying privacy or putting those people at risk?
In this talk we will talk about the challenges involved in human-centric security defense and how we can build tools and systems that turn our workforce into active security defenders. Finally we will look at 'Together' a new platform and tool based around the AVA framework (http://www.avasecure.com) that tries to put this theory to the test, the story of its development and the challenges of creating security tools for real people.
This session will be held by Laura Bell. Laura Bell is an application and human security specialist. A reformed software developer and penetration tester she has spent most of the past decade doing bad things to nice people's code. Now she runs SafeStack, a specialist security firm that aims to help fast moving developers like you protect themselves and their creations online from people like her.
Laura has spoken at a range of events such as BlackHat, Velocity, OSCON, Kiwicon, Linux Conf AU, and Microsoft TechEd on the subjects of privacy, covert communications, agile security, and security mindset. She tweets from time to time as @lady_nerd.
An amateur python developer, known troublemaker and occasional gamer, Laura lives in Auckland, New Zealand with her husband and daughter.
14.00 – 14.45 When Penguins Attack your highly valued assets, Chester "Chet" Wisniewski - Canada
Linux servers are some of the most highly valued assets for opportunistic online criminals. Nearly 80% of the servers online used for malicious web pages are using Unix or Linux hosts. In this presentation, we will detail:
1. What types of malware are we seeing target Linux systems? While the landscape continually evolves, we see far greater numbers of legacy infections on Linux than other platforms.
2. How are these systems being monetized? Most criminals are in it for the money. There are numerous ways to cash in on a compromised Linux host that can yield good returns for criminals.
3. How do we better defend our hosts to prevent exploitation? Many of the adversaries are far from advanced, so why is it we still fall victim?
Many best practices are ignored by the operators of much of the world's internet hosting infrastructure. A few simple steps could go a long way toward not just better protecting our servers and our brands, but also toward creating a safer neighborhood for our Windows and Mac loving friends.
This presentation will be held by Chester "Chet" Wisniewski. Chester is a Senior Security Advisor at Sophos with more than 15 years experience in the security industry. In his current role, Chester conducts research into computer security and online privacy with the goal of making security information more accessible to the public, the media and IT professionals.
Chester frequently writes articles for the award-winning Naked Security blog, produces the weekly podcast "Sophos Security Chet Chat" and is a frequent speaker at conferences and in the press.
14.45 – 15.15 Pause
15.15 – 16.00 Secure your organization from Phishing attacks, Adam Compton, US
The presentation will explore some of the common phishing attack tools and techniques, and end with a demo of a recently created tool which can assist your organization in quickly deploying phishing exercises to secure your organization in minimal time.
The tool, when provided minimal input (such as just a domain name), can automatically search for potential targets, deploy multiple phishing websites, craft and send phishing emails to the targets, record the results, and generate a basic report. The tool can either work in a standalone fashion or make use of external tools (such as theHarvester and BeEF) if available.
Adam Compton will hold the session. And Yes, Adam will have a small lab area at HackCon#11 where you can learn the new tool and use it to test and secure your organization.
Adam currently works as a Senior Security Consultant for Rapid7 where he puts his 20+ years of infosec and penetration testing experience to use. He has worked in both the government and private sectors for a variety of customers ranging from domestic and international governments, multinational corporations, and smaller local business. When not performing penetration tests or with his family, he developed various open source tools and weed application to aid himself and others in the infused field.
If you want to learn how to secure your organization from phishing – than you don't want to miss this session.
16.15 – 17.00 Chellam – a Wi-Fi IDS/Firewall which will protect you, Vivek Ramachandran - India
This talk will introduce techniques to detect Wi-Fi attacks such as Honeypots, Evil Twins, Mis-association , Hosted Network based backdoors etc. on a Windows client without the need for custom hardware or drivers. Our attack detection techniques will work for both Encrypted (WPA/WPA2 PSK and Enterprise) and Unencrypted networks.
We will also release a proof of concept tool implementing our detection techniques. Even though the focus of this talk is Windows, the same principles can be used to protect other Operating Systems, both workstation and mobile.
The talk will be held by Vivek Ramachandran. Vivek discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors.
He is the author of "Backtrack 5: Wireless Penetration Testing" which has sold over 13,000+ copies worldwide. He is the founder of SecurityTube.net and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. Vivek is international speaker and has spoken on several international conferences.
17.30 Sosialt arrangement
Her har du muligheten til å knytte kontakter og blir kjent med andre. nettverket sørger for lett middag og underholdning med mer.
23.00 Dørene låses
Torsdag dag 2, 18. | 2 | 2016
08.15 Dørene åpnes
09.00 – 09.45 Hvordan virksomheten kan miste kontroll over egen informasjon gjennom sosiale medier, Cecilie Staude, Norge
Sosiale medier påvirker måten vi jobber på. Kanalene større betydning for å fremme samarbeid, samskaping og innovasjon, på arbeidsplassen såvel som i relasjonen til bedriftens øvrige interessenter, har endret vår hverdag.
Hvordan skal vi møte utfordringer som oppstår når digital samhandling påvirker hvordan innhold skapes, deles og konsumeres og dermed bidrar til at virksomheter mister kontroll over eget innhold. Spørsmålet er om din virksomhet er forberedt på å miste kontroll over eget innhold? Denne sesjonen gir deg godt innblikk i de utfordringer som virksomhetene står ovenfor når informasjonen flyter fritt (og ofte uten kontroll) i vårt moderne samfunn, og hvilke konsekvenser det kan få for våre virksomheter.
Cecilie Staude er høyskolelektor ved Handelshøyskolen BI, foredragsholder og forfatter av boka Sosial Kommunikasjon, og en autoritet innen sosiale medier.
10.00 – 10.45 Smartwatch risks, the new security risk to your enterprise, Michael T. Raggo - US
This session will show how smartwatches is introducing a new security risk to your enterprise. We have analyzed some of the most popular smartwatches (as well as the plethora of other smartwatches on the market); to determine the risks they introduce to mobile enterprise data. Our research team continues to discover a broad range of smartwatch and wearable vulnerabilities including PIN bypass vulnerabilities, pairing apps speaking to random international IP addresses, lack of proper encryption controls, and more.
In this session, we will focus on:
- What’s different about a smartwatch from other mobile devices
- What vulnerabilities we've discovered and reported on during our research and their impact on enterprise data
- A stack ranking of smartwatches and wearables in terms of their security posture regarding: lack of encryption, PIN protection, and other fundamental security controls
- The pairing apps and which ones exhibit suspicious behaviors (back-channel communications, outbound data exfiltration, data harvesting, etc.)
- A live demo of an attack on a smartwatch, using a PIN bypass vulnerability
- Lessons learned from the research to provide best practices and guidance in terms of smartwatch security and a mobile enterprise strategy for embracing these devices and securing enterprise data
The session will be held by Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), Director, Security Research, MobileIron. Michael has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise.
Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”.
A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent presenter at international security conferences.
11.00 – 11.45 SMS og IMSI-fangere – favorittverktøyene til dem som driver med etterretning, industrispionasje og identitetstyveri, Odd Helge Rosberg - Norge
Norske teleselskap er blant de beste i verden på mobil sikkerhet, men trusselen er fortsatt høyst reell. Hva er trusselbildet, hvordan beskytte seg, og hvordan få brukerne til å bruke sikre samhandlingsløsninger.
Foredraget vil bli holdt av Odd Helge Rosberg. Odd Helge er CTO i Rosberg System. Han er en av grunnleggerne av Rosberg system, og har utviklet en rekke patenterte sikkerhetsløsninger for mobile enheter. Han har også lang erfaring fra sikkerhetsbransjen, både som IT-sjef og i IT-bransjen. Teknologiene omfatter løsninger for sikker kommunikasjon, proaktiv sikring av enheter mot tyveri, beskyttelse mot SMS-baserte angrep og mere.
11.45 – 12.30 Lunsj
12.30 – 12.45 Loddtrekning
12.50 – 13.35 Information As A Weapon: Varities, Deterrence and Response, Chris Pallaris - Swiss
Information has always played a critical role in warfare, not least in the form of intelligence, deception, and propaganda. Today, information’s ability to inflict damage or harm has never been greater. Indeed, organisations of every stripe can now use information to disable or defeat their adversaries. This presentation will examine how that’s possible, and what we can do to avoid the risks.
We will begin with a historical overview of this phenomenon, examining how information has evolved to enable such disciplines as information warfare, information operations, etc.
From there, we will present a typology of information-related “weapon systems” (defensive, offensive, strategic, tactical, etc.) with demoes and real world cases and discuss how our adversaries might use such tools against us. Our focus here will not just be on the protection of one’s critical infrastructures, but also on how organisation’s can protect against reputational risks, social engineering, etc.
Finally, we will explore the options available to organisations on the receiving of such attacks, and what that can be done to retain one’s competitive advantages.
This session will be held by Chris Pallaris. Chris’ professional experience covers a broad range of disciplines including open source and competitive intelligence, journalism, information and knowledge management, network building, market research, strategy consulting, and organizational development.
Chris served as Executive Editor and Head of Strategy and Open Source Intelligence at the International Relations and Security Network (ISN), ETH Zurich. He established the ISN’s OSINT unit and coordinated its intelligence-related projects with Swiss and European stakeholders.
Chris serves on the board of the European Open Source Intelligence (EUROSINT) Forum, where he also chairs a working group on best practices in OSINT. A graduate of the London School of Economics and Political Science (LSE).
13.50 – 14.35 The age of Mobile App Insecurities – top 10 Mobile Risks, Aditya Modha - India
There is a widespread adoption of mobile applications in today’s digital space, to an extent that some companies have shut their web portal and have gone completely mobile. This shift in the application space comes at a cost because unlike web applications, mobile applications may have more attack surface where they need to securely manage two components viz. mobile client application and its corresponding server-side code.
This talk will discuss about common vulnerabilities in Android and iOS applications on the basis of "OWASP Top 10 Mobile Risks" along with their real-world examples/demoes. The examples are derived from auditing well-known applications of App/Play Store from different categories such as banking, trading, e-commerce, health and fitness, travelling, insurance, etc. Speaker will also discuss about security best practices for mobile applications that can be incorporated during the development phase in order to create an application with minimum baseline security.
Speaker Bio This session will be held by Aditya Modha. Aditya is a Senior Security Analyst at Lucideus Tech focused on web and mobile applications security assessment. He is a computer science graduate and a Microsoft Certified Technology Specialist. He has carried out security assessment of more than 200 web and mobile applications including core banking solutions and middleware applications. Aditya Modha was a trainer/speaker at different information security conferences such as Hack In The Box, HackCon, OWASP AppSec, ISACA, etc. He blogs at oldmanlab@blogspot.com.
14.50 – 15.35 Electronic Opsec: Protect Yourself From Online Tracking & Surveillance, Zoz - Australia
Electronic communication is the boon of the modern age, but surveillance is increasingly becoming its business model. Ordinary businesspeople and citizens, not just dissidents and criminals, are finding the traces they leave from their everyday internet and cellphone usage being used to target, monetize and exploit them.
In this presentation, we will look at the techniques used by intelligence agencies (both those of government and the private sector such as Facebook, Google and LinkedIn) to track and deanonymize users across networks and devices: what their capabilities are and how these techniques can be misused by end clients and observers.
The correct usage of various tools and techniques will be presented to help you to maintain operational security and protect against bad actors taking advantage of your online history. The presentation will also include a dissection of ways in which the latest directions in commercial end user tracking are taking their technology directly from criminal malware techniques.
The presentation will be held by Zoz. Zoz is a robotics engineer, pyrochemist, and inveterate tinkerer. He got his PhD from the Robotic Life group at the MIT Media Lab. Zoz is a robotics expert and privacy advocate whose interests center on the interactions between humans and technology in the form of human-machine interfaces, design, and individual empowerment. He has taught subjects including robotics, digital fabrication, cybersecurity and ethical hacking at top international universities and as a private industry consultant. He has hosted and appeared on numerous international television shows including Prototype This!, Time Warp and RoboNationTV. He speaks frequently at prominent security conferences world wide, and 2-time DEFCON black badge winner.
15.35 – 15.40 HackCon#11 slutt
Program preHackCon#11, Mandag 15. – tirsdag 16. | 2 | 2016
Kurs 1 – Securing mobile platforms and mobile apps (teknisk kurs)
Mobile App Hacking is a two days course on learning how to perform Android and iOS application security assessment based on the “OWASP Top 10 Mobile Risks”. This hands-on training is designed around multiple in-house developed vulnerable applications which contain vulnerabilities that were observed by the trainer during his daily application security assessments.
Technical know-how about modern applications such as application built using cross platform development software, application encrypting HTTP request parameters, etc. will also be taught during the course.
By taking this course, attendees will learn following topics:
Day1 (Android)
- Crash course on Android application permission model
- APKfile architecture and setting up the emulator
- Reversing the APK file package
- Investigating app permissions through manifest file
- Understanding, patching and runtime debugging smali code
- Importing SSL certificates and bypassing SSL pinning
- Intercepting traffic and network activity monitoring
- Exploring local data store
- Analyzing system logs
- Understanding components such as content provider, broadcast receiver, activities and services
- Classification of vulnerabilities based on “OWASP Top10 Mobile Risks”
Day2 (iOS)
- Crash course on – process of jailbreaking
- IPA file architecture and setting up the iOS device for security assessment
- Decrypting App Store applications and dump class headers
- Local datastore inspection (plist, SQLite, keychain, XML files, etc.)
- Investigate platform provided security API usage
- Bypass client-side validations
- Import SSL certificates and bypass SSL pinning
- Traffic interception and runtime manipulation
- Binary patching
This training will be held by AdityaModha with co-teacher Chintan Gurjar. Aditya Modha, is a Senior Security Analyst at Lucideus Tech focused on web and mobile applications security assessment. He is a computer science graduate and a Microsoft Certified Technology Specialist. He has carried out security assessment of more than 200 web and mobile applications including core banking solutions and middlewareapplications. He blogs at oldmanlab@blogspot.com.
Aditya Modha was a trainer at the following information security conferences,
- HITB, KL – Extreme Web Hacking Oct’2013
- HackCon, Oslo – Advanced Burp Suite Mar’2014
- OWASP AppSec Eu, Amsterdam - Android App Hacking - Internet Banking Edition
This is a technical training and are suitable for people with IT technical background and interest – we will provide you with necessary tool and knowledge to get full advantage of this training.
Kurs 2 - Proaktiv krisehåndtering og informasjon som angrepsvåpen (strategisk/ledelse/adm.kurs)
Det har vært etterlyst fra deltakerne at preHackCon også bør bestå av strategiske kurs. Tilbakemeldingene har vært man ønsker mer kunnskap om proaktiv krisehåndtering og hvordan informasjons blir brukt som "våpen" mot virksomheten. Vi har derfor satt sammen dette kurset for at deltakerne skal kunne tilegne seg kunnskap innen disse emnene. Dette kurset forutsetter ikke spesifikke/tekniske kunnskaper, og er like egnet for ledere som teknokrater.
Dette kurset er unikt da det vil gi deg ulike verktøy som du kan benytte med engang for å håndtere sikkerhetshverdagen din mye lettere og bedre. Dag 2 er opprinnelig en del av et lukket kurs på hvordan informasjon benyttes offensivt og defensivt som "våpen" både mot, og innad i en virksomhet. Vi har valgt å dele noe av denne kunnskapen på preHackCon#11. Det vil være flere foredragsholdere på dette kurset.
Dag 1 - En praktisk tabletop beredskapsøvelse for proaktiv krisehåndtering
Dagen vil gjennomføres som en "avansert" tabletop øvelse, der deltagerne vil engasjeres til å takle en praktisk/reell case med en rekke forskjellige deloppgaver. Workshopen vil innledes med litt teori og eksempler på gjennomgang av ulike varianter av beredskapsøvelser, og hvordan man bør gå frem for å planlegge og gjennomføre slike øvelser. Gjennomgangen blir krydret med praktiske eksempler og erfaringer fra gjennomføring av forskjellige former for øvelser.
Responsive deloppgaver vil gi deltagerne mulighet til å bruke sine evner til kreativitet, improvisasjon og "thinking on your feet", og gjennom dialog og samarbeid sette fokus på beredskapsforberedende tiltak i egen virksomhet. Workshopen gjennomføres som en kombinasjon av teori, planlegging og gjennomføring av en "reell" beredskapsøvelse.
Kunnskapen fra denne dagen er unikt og vil sette deg godt i stand til å gjennomføre egne beredskapsøvelser i din virksomhet, samt utvikle proaktive beredskapssystemer for effektiv håndtering av ulike hendelser og kriser.
Dag 2 – Informasjon som angrepsvåpen
Ved å angripe de "myke" målene i virksomheten, spiller det ingen rolle om du har investert millioner av kroner i sikkerhet, brannmurer, ID-kort, eller fysiske låser i den tro at man er sikker. Flere opplever i økende grad nå angrep mot de myke målene. Ved å bruke informasjon som angrepsmetode vil kriminelle, konkurrenter eller andre aktører på en enkel måte kunne tappe, manipulere, styre og kontrollere din virksomhet uten at du engang er klar over det.
Vi vil vise deg hvilke teknikker som kan benyttes for å få kontroll over deg, ditt nøkkelpersonell og virksomheten. Teknikker som benyttes mot dere hver dag uten at du kanskje legger merke til det. Med eksempler vil vi vise hvor vellykkede denne type operasjoner kan være! Vi vil også vise deg hvordan du kan bruke språket effektivt til å "nå" ut i virksomheten og få gjennomført sikkerhets tiltak effektivt.
Vi vil lære ulike teknikker med pragmatisk tilnærming som du kan benytte for både å avdekke "skjult kommunikasjon" og informasjonsangrep mot personene i virksomheten, samt hvordan du bør forholde deg for å opprettholde god kommunikasjon. Den siste delen vil vektlegges på dag 2 hvor vi henter elementer fra konflikthåndtering og forhandlinger til å forstå kommunikasjonskraften som kan påvirke deg og din virksomhet. Dag 2 baserer seg på praktiske øvelser for å gjøre deltagerne i stand til å forstå kjerneprinsippene i kommunikasjon. Kursleder vil være Suhail Mushtaq.