HackCon#6

HackCon#6

Her finner du programmet til HackCon#6 og preHackCon#6.


Tirsdag 15. februar 2011

09.00 - 16.30 PreHackCon#6

 

 1) Kurs I Open Source Intelligence Gathering for pentesting with FOCA
 2) Kurs II Secure protocols and intercepting secure communication
 3) Kurs III Cloud Computing

 

18.00 - 19.00 Registrering HackCon#6

Onsdag 16. februar 2011

08.15 Dørene åpnes

08.15 - 09.00 Registrering HackCon#6

09.00 - 09.15 Administrativ informasjon
Gjennomgang av agenda for HackCon#6 og praktisk informasjon.

09.15 - 10.00 Can your PC or your corporate network be hacked by wireless mouse or presenter? - Nederland

A wireless presenter is basically a wireless keyboard with only a couple of buttons. What if you could use the buttons that are not physically present on the presenter? What if you could send random keystrokes to Steve Jobs? computer during his keynote or to the laptop of someone giving a presentation at a major security conference? I created the hardware to do exactly this and you can build it for less than EUR40 using an Arduino and a cheap wireless module.

 

This talk, with demos, describes the process of reverse engineering modern 2.4Ghz wireless presenters sold by Logitech. It also details the creation of a combination of hard- and software that allows an attacker to actively scan for these devices and send custom keystrokes to them. The result: remote code execution (and possibly public humiliation). I will show how it is possible to get a meterpreter on the system using this technique.

 

Using a wireless mouse? This kind of attack may affect you as well; in my talk I will show what can happen and how.

 

The presentation will be held by Niels Teusink. Niels holds a bachelor degree in Computer Science and has been experimenting with IT security for over a decade. He has performed dozens of penetration tests for all sorts of companies, including governments, banks and nuclear installations. He has been a speaker at HAR2009, OWASP-NL, HITBSecConf and Dutch Universities and has a personal technical blog on blog.teusink.net.

 

If you do not want to be hacked because you use wireless mini devices you should participate this lecture.

10.15 - 11.00 You Spent millions and millions And You Still Got Owned... - USA

Be honest - how mush has you spend last year in security? And still, why do you still feel someone can hack and own you. And with this fear, how much will you spend next year, or next five years to feel secure. With this introduction, this session will focus on why you get owed even if you spend tons of money.

 

This talk will outline on practical methods of identifying and bypassing enterprise class security solutions such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Managed Anti-Virus, Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC).

 

The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.

 

The key areas are;

 

 • IPS Identification and Evasion
 • WAF Identification and Bypass
 • Anti-Virus Bypass
 • Privilege Escalation
 • Becoming Domain Admin
 • and much more

 

Presentation will be held by Joseph McCray. Joe has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country (US).

 

Thy words above don't justify this presentation. It's in fact very hard to describe it - we highly recommend you to participate this presentation as it's to the point and explain weakness in corporate security in the manner of rhythm and blues (you will understand this expression when you participate the session).

11.15 - 12.00 FOCA 2.5 - the ultimate userfriendly pentest tool - Spain

FOCA used to be a tool for fingerprinting networks using metadata, hidden info and lost data in public documents. And it still is, but right now FOCA is much more than that and helps auditors to fingerprint a network performing a recursive algorith that uses Goolge, Bing IP, Internal PTR Scanning, DNS search, Shodan, DNS Cache snooping and a lot of tricks more. When you have to pentest a largo domain, believe, you will love FOCA - guaranteed.

 

The presentation will be held by Chema Alonso. Chema is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last ten years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a frequent speaker in Security Conferences. He is currently working on his PhD thesis about Blind Techniques.

 

If you want to have a free tool which really help you to pentest in fast and efficient manner you should participate this lecture.

12.00 - 13.00 Lunsj

13.00 - 13.45 Virtdbg (virtuell debuging) - using hardware virtualization to defeat PatchGuard - France

Traditionally, operating systems implicitely trust the hardware. Hardware virtualization features are becoming increasingly common with new CPU models, and offer superior debugging capabilities. This presentation will demonstrate how to reverse-engineer Windows 7's PatchGuard protection, bypassing signature checks with DMA access and injecting the virtdbg hypervisor into the system. Presentation will also focus on concrete examples (demos) of compromising the Windows 7 x64 operating system, in effect bypassing two major security mecanisms: code signing and integrity verification (PatchGuard).

 

Presentation will be held by Damien Aumaitre and Christophe Devine.

 

Damien has been working in the Sogeti ESEC R&D lab since 2007. He enjoys hacking and dissecting OS internals. Lately he has been working on a proof of concept of a "ring-1" debugger called virtdbg which will be soon released. He also plays with hardware based attacks.

 

Christophe has been working in the security for several years now. In 2004, he developed the well-known aircrack as a proof of concept for the attacks disclosed by KoreK. Between 2006 and 2008, he worked on xyssl, a cryptographic library for embedded devices. Since 2009, he focuses on hardware based attacks.

 

This talk is an eye opener within a hidden area of security.

14.00 - 14.45 Hva er egentlig Cloud computing - Norge

Det er mange som har sendt inn forespørsel til oss om å få en god forklaring på Could Computing. Dette ikke minst ettersom Cloud Computing vil kunne endre en god del av vår hverdag fremover. Det er en av grunnene at man har et heldagsseminar innen området Cloud Computing. Derfor har man lagd denne sesjonen hvor vi går gjennom hva Colud computing egentlig er, hvordan det er bygd opp, hvordan det virker, fordeler og ulemper med Cloud Computing. Videre gås det gjennom sikkerhetsutfordringene som ligger i Could Computing.

 

Foredragsholder er Ole Tom Seierstad. Ole Tom har arbeidet med sikkerhet i en mansalder (nesten fra begynnelsen av) og er sikkerhetssjef for Microsoft i Norge.

 

Hvis du ikke har deltatt på heldagsseminaret, bør du få med deg dette foredraget da det gir grunnleggende innføring i hva Cloud Computing egentlig er, hvorfor det er viktig å kjenne til dette, hvordan det vil kunne endre din hverdag, og ikke minst hvilke sikkerhetsutfordringer som ligger i Cloud Computing.

15.00 - 15.45 The good, bad,ugly and your best friend - India

WEB 2011: Web, Exploits, Browsers. We have witnessed many changes in threat landscapes, attack targets, exploits and breaches. Two eco-systems are converging into one. On one hand, we have web based applications. There is a steady trickling flow of XSS, XSRF, SQL injection and other popular attacks. Some of them are under the guise of "Web 2.0", and some of them are as ancient as CGI attacks of 1999. On the other hand, we have the browser, with its horde of assistants. Browser and desktop exploitation has accelerated in the last 3 years.

 

How will the threat landscape change with the advent of new technologies? New standards such as HTML5 are emerging, and a closer look at standards reveals and awful mess. Are the standards mitigating any security concerns? Will browser vendors and application developers really respect the standards? The browser wars taught us that "might is right". If everyone breaks the web, that becomes a new adopted standard. New technologies, coupled with popular online services make for some very interesting exploit delivery techniques.

 

This talk explores some innovative exploit delivery techniques (both known and unknown...) that are born as a result of hapazard standards and services designed without much (or any) thought towards security. We cover techniques where exploits can be delivered through URL shorteners and images. We take a look at some browser exploits. This talk ends with a discussion on exploit sophistication, ranging from highly polished and elegant techniques such as Return Oriented Programming to the downright crude and ugly techniques such as DLL Hijacking. How will we combine all this together? And will Anti-Virus still save us all?

 

The presentation will be held by Saumil Shah. Saumil is the founder and CEO of Net-Square. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences around the world. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

 

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

 

This is a session you do not want to miss - this session will give you a brand new ideas to secure your corporation.

16.00 - 16.45 The lord of Bing - USA

Taking Back Search Engine Hacking from Google and Bing. During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the teamís resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior.

 

Not anymore. Our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques.

 

We'll also be releasing the first ever 'live vulnerability feed', which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking.

 

Google Hacking Diggity Project: The project.

 

The present will be held by Fransic Brown and Rob Ragan. Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu. To mention some he have performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure, and has presented his research at leading conferences amoung the world.

 

Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

 

Rob Ragan, is a Senior Security Associate at Stach & Liu. To mention some Rob have developed automated web application security testing tools, performed penetration tests, and researched vulnerability assessment and identification techniques, and have presented his research at leading conferences around the world. Rob has also published several white papers and is a contributing author to the upcoming Hacking Exposed:Web Applications 3rd edition.

 

Rob holds a Bachelor of Science from the Pennsylvania State University with a major in Information Sciences and Technology and a focus on System Development.

 

Don't miss this session! You need to know this information to secure you and your organisation.

17.00 - 17.45 SharePoint - Advanced SharePoint Security Tools and Tips - US

Microsoft SharePoint products and technologies continue to grow in popularity and have become the core foundation upon which many organizations have built their web presence. Unfortunately, guidance concerning common SharePoint security issues tends to be overly complex and often misunderstood. Ultimately this results in insecurely configured and deployed SharePoint instances in production environments.

 

This demonstration rich presentation will cover our newly released SharePoint "hacking" tools and techniques that security professionals can easily use to identify and exploit common insecure configurations in SharePoint applications. Some of the areas we'll attempt to tackle are:

 

 • Identifying vulnerable SharePoint applications using public search engines such as Google and Bing
 • Gaining unauthorized access to SharePoint administrative web interfaces
 • Exploiting holes in SharePoint site user permissions and inheritance
 • Illustrating the dangers of granting excessive access to normal user accounts
 • Pillaging Active Directory via insecure SharePoint services
 • Attacking 3rd party plugins/code within SharePoint
 • And much more...

 

The present will be held by Fransic Brown. Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu. To mention some he have performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure, and has presented his research at leading conferences amoung the world.

 

Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

18.15 - 23.00 Sosialt arrangement

Her har du muligheten til å knytte kontakter og bli kjent med andre. Lett middag og underholdning med mer. Nettverket sørger for middag med mer.

23.00 Dørene låses.

Torsdag 17. februar 2011

08.15 Dørene åpnes

09.00 - 09.45 Underground Economy - Italy

Why we should be fully-updated on this topic. This talk will analyze the hacker's roots and the evolution of the so-called "hacking underground", focusing on attacker's profiles, their motivations, targets and main goals, then jumping to nowaday's hacking - driven by money - cybercrime and organized crime links, zooming on today's "Underground Economy" and its business model. The talk will be supported by unrealesed picture of Law Enforcement operations and videos.

 

This talk will be held by Raoul Chiesa.

 

Raoul was born in Torino, Italy. Raoul is among the founder members of CLUSIT - the Italian Information Security Association - and he is a Board of Directors member at ISECOM, CLUSIT, OWASP Italian Chapter, Italian Privacy Observatory (AIP/OPSI).

 

Both Raoul and its security team work on research areas such as X.25 and PSDN networks, VoIp Security, Malware Analysis, Social Engineering, SCADA & Industrial Automation, Home Automation, Satellite communication, Mobile Security, SS7 threats and much more.

 

Since 2003 he started its cooperation with the UN agency "UNICRI" (United Nations Interregional Crime and Justice Research Institute), working on "HPP", the Hackers Profiling Project run by ISECOM and UNICRI; in 2005 he has been official recognized by UNICRI's Director, Mr. Sandro Calvani, as a cybercrime advisor. Nowadays his role at UNICRI is "Senior Advisor, Strategic Alliances and Cybercrime Issues".

 

Since February 2010, Raoul Chiesa is a Member of the ENISA Permanent Stakeholders' Group (PSG). The PSG is composed of 30 high-level experts who have been appointed by the Executive Director of ENISA to serve as a sounding board for all relevant stakeholders on issues concerning network and information security. The mandate of the Members of the PSG is 2,5 years. Recently Raoul joined the internationally recognized top expert in hunting cybercriminals, Mr. Jart Armin and its projects: RBNExploit, HostExploit and Sitevet.

10.00 - 12.00 Your enemy can know every thing about you - South Africa

Maltego - your friend in your defence. With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your "environment" is not always clear or complete. In fact, most often it's not what we know that is harmful - it's what we don't know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based?

 

To help you to analyze complex corporate challenges Maltego can be your best friend. Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.

 

In this talk we want to not only focus on the tool and technology but also on the application of the technology. How much can we really learn from open sources? What if we combine open and closed sources? How much information is really out there and how have this changed in the last few years? Is it really better to have no profile on the net? Also - what happens when a powerful organization has this kind of power - does it really look like in the movies? The talk will also look at ways that you can protect yourself - not just defense, but also detection of information mining.

 

The presentation will be held by Roelof Temmingh. Roelof completed his electronic engineer degree in 1995 and has been involved in the security industry for some years now. He started SensePost with some friends in 2000, left SensePost in 2007 and has been running Paterva since then. He has spoke at numerous international conference including BlackHat, Defcon, Cansecwest, FIRST, Hack in the box and co-wrote some book with the rest of the Syngress crowd. He likes to think about and create new and innovative technology is and the driving force behind Maltego

If you want to protect you and your company from outside treats you should participate this lecture.

11.45 - 12.30 Lunsj

12.30 - 13.15 Are Femtocells and Mobile Operator's Network secure, and can an attacker hack and compromise your security thru this - Germany

Femtocell is emerging as a new technology to enhance third generation (3G) coverage and to provide assurance of always best connectivity in the 3G telecommunication networks. It acts as a home based access point that securely connect standard mobile stations to the cellular operator's core network using existing wired broadband connection. Increased network capacity, lower capital costs, expanded revenue opportunities are some key benefits to the mobile service operator whereas for a user increased indoor coverage, higher speed performance data, higher quality voice, and higher multimedia experience.

 

In this talk, we will demonstrate various attacker vectors on these new devices. In particular, we show how an attacker may make a free roaming calls from anywhere in the world, how he can own the device, accessing security credentials etc to mention just a few issues. In addition, we also suggest possible countermeasures against these attacks.

 

Presentation will be held by Ravishankar Borgaonkar (Ravi) and Kevin Redon.

 

Ravi received bachelor degree in Computer Science Engineering from SRTMUN, India. In 2009, he received joint master degree in Security and mobile computing from Royal Institute of Technology (KTH) and from Helsinki University of Technology (TKK). After finishing master degree, he continuing his study and research at TU Berlin from 2009 for a PhD program in the field of Security in Telecommunication. His research interest includes Wireless networking security (in particular, security in 2G/3G networks), M2M security, and malware & botnet analysis.

 

Kevin received bachelor of Computing from Napier University Edinburgh, Scotland. He is now finishing my Master degree in Computing with specialization in Communication Systems at the Technical University of Berlin. This is also where he joined the Security in Telecommunication work group in cooperation with the T-labs. His research interest includes network security, in particular telecommunication network as GSM/UMTS, peer to peer networks, and smart cards.

 

Several has focused on GMS and the vulnerabilities in this system - at HackCon we will focus on the future technologies and pinpoint technologies which are in starting face of implementation. You should participate (we think it's important for you) this session to be aware of the vulnerabilities and the impact this new technology, which are now rolling out, have on your security.

13.30 - 14.00 How do you know that your unknown end-users are secure when introducing them to your web? - Norway

Based on latest treat development we intent to address the problems with webbrowsere based services and some of their security issues.

 

With live demonstrations of "man in the browser attack" we will address problems with unknown and uncontrolled end users. We will of course demonstrate how you can prevent an attack and secure your services that are presented thru Webbrowsere.

 

The presentation will be held by Robert Scott-Dahl. Robert holds a Bachelor of Science from the University of Manchester Institute for Science and Technology (UMIST), and has over 10 years of experience in dealing with complex IT security issues, he is regularly used as an trusted security adviser in all aspects from large Norwegian companies to Norwegian central government.

14.05 - 14.50 Printers - the easy way to get (also crypted) information - Cyprus

While more and more new devices (routers, smartphones, etc.) are getting connected to our SOHO/enterprise environments, all-colour hats are getting plenty of focus on their security: defend and harden on one side; exploit and develop malware on the other.

 

However, a special class of network devices (specifically network printers/scanners/MFPs), which are networked for more than 15 years, are constantly or offen out of the modern security watchful eye. And even though we entrust them the most confidential documents or the most sacred credentials (LDAP, PINs, RFID badges, etc.). We don't realize closely how weak and unsecured they are, despite the few minor security bulletins that started to pop-up here and there in the recent few months.

 

In this presentation, we will try to analyze the reasons why hacking network printers/MFPs is a reasonable and accomplishable idea. Also, we will take a look at current state of (weak) affairs in the vulnerability and security research available. Then we will try to envision types of possible exploitation scenarios, backed-up with few demos to practically illustrate the security implications. We will conclude the presentation with possible solutions and what can be done to protect ourselves as well as our network environments.

 

Presentation will be held by Andrei Costin. Andrei is a Computer Science graduate of the Politechnic University of Bucharest where he did his thesis work in Biometrics and Image Processing. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family. While starting out his IT-career in the Computer Games industry, he is currently senior developer at a specialized firm producing custom embedded systems utilizing GSM/UMTS/GPS technologies. He is passionate about IT/App/Info security and has spoken at various security conferences."

 

You should not miss this session. This session are pinpointing one of the weakest links in the corporate security chain. Presentation will have demos to illustrate who easy it?s to get information from printers even if they are encrypted on the computer or network.

15.00 - 15.35 Web Services - your friend or foo - France

Web Services have been left in an experimental state for more than 5 years. Two years ago they sudendly surged to propagate across new applications infrastructures. XML, SOAP or WS-Security become recurring words, usually used in simplistic way as their very meaning is not understood. However they hide a complexity which is disappointing for most IT professional.

 

The components of the "lack of knowledge + complexity" are there, and once again security is left apart, voluntarily or not. Then it is urgent to consider risks involved in the deployment of such technologies. Otherwise they will become a new Trojan Horse, leaving doors wide-open to the IT infrastructure.

 

The purpose of this talk is to analyze and demonstrate the reality and impact of such attacks, when some of them (such as the "blind xPath injection" which will be demoed) still considered as "theoretical" or "non-exploitable".

 

Presentation will be held by CTO Renaud Bidou. Renaud has been working for over 13 years in the field of security. Renaud joined Deny All from Radware where he worked for 5 years as a Technical & Strategic Specialist with the VP Security with a global coverage. Previously, he founded the company Intexxia in 2000, which was the first French company to operate a SOC (Security Operation Center). Under Renaud's leadership, Intexxia became the 4th French CERT and quickly acquired a reputation of expertise and innovation in many IT security domains.

 

Renaud Bidou graduated from ISEP in 1996 (Paris Superior Institute of Electronics). He frequently publishes technical articles in IT security magazines and co-authored a book in France. He also regularly teaches in several french universities and often give conferences in major international events (also IT underground).

 

Web Services should be your friend not a foo! We therefore highly recommend you to participate this session - it will give you a knowledge within a field you should take a seriously to secure your corporate infrastructure!

15.35 HackCon#6 slutt

----- o O o -----

PreHackCon#6

Kurs 1, 09.00 - 17.00 - Open Source Intelligence Gathering for pentesting with FOCA

Description: In this training attendees will learn how to use FOCA PRO in a fingerprinting process within a pentesting project. Attendees will obtain a copy of FOCA PRO 2.5 and will learn how to combine FOCA with other tools just as Evilgrade, Spider Tools, etc... Attendees must bring there laptop with wireless card as this is a practical training.

 

Traing will cover;

 

 • Footprinting
 • Trageting domains and alternate domains
 • Fingerpinting
 • Service fingerprinting
 • OS fingerprinting
 • Google/Bing/DNS fingerprinting
 • FOCA & Burp Proxy spidering
 • PTR Scanning
 • Internal PTR Scanning
 • DNS analysis
 • Digital Certificates analysis
 • Thrashing services
 • Metadata fingerprinting
 • Document exploration
 • Document recognition
 • Network mapping with FOCA
 • Hand tunning
 • DNS Cache Snooping
 • Role Oriented Analysis
 • FOCA & Evilgrade
 • FOCA & AV bypass
 • DLP Techniques (Data loss prevention)
 • FOCA & Maltego
 • And much much more

 

This training will help you secure your systems and corporate better against different kind of treats in cyber space, discover vulnerabilities in your systems, and understand why it's important to protect against information leaks in corporation.

 

The training are hand-on, and the main goal of the training are that you right afterwards can use FOCA both to pentest your corporate, and find vulnerabilities regarding information leaks cross corporation.

 

The training will be held by Chema Alonso. Chema are main developer of FOCA and are Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last ten years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a frequent speaker in Security Conferences. He is currently working on his PhD thesis about Blind Techniques.

Kurs 2: 09.00 - 17.00 - Secure protocols and intercepting secure communication

This training is both theoretical and practical, both academic and hacker-foo. The first half covers the design of secure protocols, leaving students with a thorough understanding of how secure protocols are modeled, and how to look at secure protocols that others publish(from SSH to SSL to Tor to encrypted web cookies) with a critical eye.

 

The second half covers clever tricks for manipulating implementation vulnerabilities and holes in the glue between secure protocols. Participants will be able to practice different types of man-in-the-middle attacks, and different techniques for getting in the middle.

 

Trainer wil be Moxie Marlinspike is a fellow at the Institute For Disruptive Studies with over thirteen years of experience in attacking networks. He recently published the null-prefix attacks on X.509, the session-denial attacks against OCSP, and is the author of both sslsniff and sslstrip -- the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert, and the latter of which continues to implement Moxie's deadly "stripping" technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.

Kurs 3: 09.00 - 16.45 - Cloud Computing/System Center administrasjon og sikkerhet

På dette kurset er fokus rettet mot cloud computing og utfordringer forbundet med dette. Microsoft stiller med top kompetanse på dette området og gir en god og metodisk innsikt i cloud computing. I tillegg settes fokus på System Center administrasjon og sikkerhet. Her for du i innsikt i hvordan du bruker de integrerte administarsjonsverktøy for å overvåke, sikkre og administrere din løsning.

 

Agenda

08.30 - 09.30 Cloud Computing Infrastruktur 2.0 - Introduksjon, Ragnar Harper (MVP), Crayon

 

I denne sesjonene vil du få en oversikt over begreper innenfor infrastruktur og nettsky. Begreper og uttrykk vil bli satt i stystem og klargjort. Du vil få en oversikt over de viktigste områdene innenfor cloud computing og hva dette har å si for IT-teknikere i fremtiden.

 

09.30 - 09.50 Pause

 

09.50 - 10.50 Information Protection - all the way to the cloud, Ragnar Harper (MVP), Crayon

There is no doubt that how we approach information protection has changed when we look at the cloud. In this session we will look at how to do information protection that works both in your local office as well as in the cloud. The talk is driven by demos and we will look at how you can protect your information in your environment through use of Active Directory Rights Management Services, Active Directory Federation Services and Windows server 2008 R2 technologies.

 

10.50 - 11.10 Pause

 

11.10 - 12.15 Identitet og tilgang i nettyskyen, Lars Svendsen - Technical Solution Professional, Microsoft

Når din løsning kjører i nettskyen vil en god oversikt og adminstrasjon av bruker og roller være kritisk for god infomasjonsbeskyttelse og håndtering. Forefront Identiy Manager og ADFS 2.0 hjelper deg med løsninger for dette.

 

12.15 - 13.15 Lunch

 

13.15 - 14.15 System Center administrasjon og sikkerhet, Olav Tvedt (MVP), Tvedt Info

Å håndtere systemer og bruker enheter/servere er det viktig at du bruker integrerte administrasjonsverktøy. Vi går gjennom hvordan du kan bruke System Center portfolje til å overvåke, sikkre og administrere din.

 

14.15 - 15.45 Pause

 

15.45 - 16.45 System Center administrasjon og sikkerhet, Olav Tvedt (MVP), Tvedt Info

Å håndtere systemer og bruker enheter/servere er det viktig at du bruker integrerte administarsjonsverktøy. Vi går gjennom hvordan du kan bruke System Center portfolje til å overvåke, sikkre og administrere din løsning. System Center portfolje består av følgene produkter; Virtual Machine Manager, Operations Manager, Data Protection Manager, Configuration Manager, Service Manager.