Black Hat DC 2011
Black Hat DC+2011: MASTER OFFENSE – Training Courses
Announced, Register Early
This year’s Black Hat DC will address the latest in
offensive security techniques and methods affecting
the public and private industry space today. In-depth
Briefings will present research from the security
community, to better understand threats to principal
technologies. We hope to give you the tools and
foresight to protect your environments.
————————————————-
Register For Training or Briefings Early and Save:
Register by December 15th and save $500 off of
the onsite rate.
Register >>
http://links.covertchannel.blackhat.com/ctt?kn=7&m=36019783&r=NjY3MDkwOTA4MwS2&b=2&j=ODc4Nzg0OTES1&mt=1&rt=0
————————————————-
Register with a Group and Save: 10% off for
groups of 6 or more and 15% off for groups of
12 or more. For more information on group
registration, visit the black hat DC+2011
Group Registration page.
http://links.covertchannel.blackhat.com/ctt?kn=3&m=36019783&r=NjY3MDkwOTA4MwS2&b=2&j=ODc4Nzg0OTES1&mt=1&rt=0
Academic Registration is available for full-time
professors and students at an accredited university.
For more information on Academic Registration please
visit our Academic Registration page.
http://links.covertchannel.blackhat.com/ctt?kn=4&m=36019783&r=NjY3MDkwOTA4MwS2&b=2&j=ODc4Nzg0OTES1&mt=1&rt=0
————————————————-
Training Courses Announced for Black Hat DC+2011:
This year’s training courses will offer deep
technical knowledge sharpening the necessary
skills to remain prepared and vigilant while
defending your infrastructure from internal
and external threats. The lineup for training
includes:
* Database Breach Investigations: Oracle Edition
by David Litchfield – NEW 2011
* CISSP (R) Boot Camp (Four Day Course – Jan 16-19)
by Shon Harris –
* Cyber Network Defense Bootcamp
by Adam Meyers – NEW 2011
* Designing Secure Protocols and Intercepting
Secure Communication by Moxie Marlinspike
* Digital Intelligence Gathering Using Maltego
by Paterva – NEW 2011
* Information Assurance Officer (IAO) Course
(CNSS-4014E) Certified by Information Assurance
Associates (IA2)
* Real World Security: Attack, Defend, Repel
by Peak Security – NEW 2011
* Tactical Exploitation by Val Smith
* TCP/IP Weapons School 3.0 by Richard Bejtlich,
TaoSecurity – New 2011
* Virtualization for Incident Responders
by Eric Fiterman – Methodvue – New 2011
* Windows Physical Memory Acquisition and
Analysis by Matthieu Suiche – New 2011
Seats are limited for each course and we
encourage you to sign up early to ensure
the seat. For more information and to register,
visit the black Hat DC+2011 event page.
http://links.covertchannel.blackhat.com/ctt?kn=2&m=36019783&r=NjY3MDkwOTA4MwS2&b=2&j=ODc4Nzg0OTES1&mt=1&rt=0
————————————————-
Black Hat DC+2011 – Call For Papers – Closing Dec 1st
There is still time to share your research with
the security world. To submit your presentation
idea for the DC+2011 show visit our Call for
Papers site.
http://links.covertchannel.blackhat.com/ctt?kn=1&m=36019783&r=NjY3MDkwOTA4MwS2&b=2&j=ODc4Nzg0OTES1&mt=1&rt=0
Thank you
Black Hat Team
DojoCon 2010 – ReverseSpace
DojoCon 2010 is a Security UnConference by security professionals for security professionals.
DojoCon has no sponsors by design. Registration is free. Attendance requires the ticket holder to bring something to the event. Please check your ticket type to ensure you bring what you are assigned.
Register for Dojocon 2010 here. For more information on Dojocon, check out the site: http://www.dojocon.org/
Database Security with Application Security, Inc.
Database Security and Compliance Efforts Start with a Scan
Manually assessing the security posture of a database is a complex task that requires expertise and significant resources. Manually measuring and demonstrating compliance with industry and government regulations is even more difficult, but by equipping your staff with AppDetectivePro™, you will immediately and significantly reduces the complexity of these tasks. IT auditors and advisors, regardless of skill level, will be enabled to perform easy and repeatable database security assessments and generate compliance reports. AppDetectivePro leverages AppSec’s SHATTER knowledgebase, the industry’s most complete collection of database vulnerability and misconfiguration checks to ensure the most comprehensive database assessment possible. The solution consists of three distinct functional modules:
- Database Discovery
- Database Vulnerability Assessment
- User Rights Review
Database Discovery
The critical first step in any IT audit is to identify all assets and applications residing on the network… AppDetectivePro’s Database Discovery module provides complete visibility into the inventory of databases on any network. Simply connect a laptop running AppDetectivePro to the network, and without agents, database logins, or other knowledge, the solution will scan and identify every database by vendor and release level.
Vulnerability Assessment
With a policy driven scanning engine, AppDetectivePro utilizes its policy-driven scanning engine to identify vulnerabilities and misconfigurations. Issues identified include default or weak passwords, missing patches, poor access controls, and a host of other conditions. A flexible assessment framework allows auditors to choose between an outside-in, “hackers eye view” of the database, which requires no credentials, or a more thorough inside-in scan which is facilitated through a read-only database account. AppDetectivePro includes built-in templates to satisfy the requirements of security best practices and various regulatory compliance initiatives. Compliance standards covered include DISA STIG, NIST 800-53 (FISMA), PCI DSS, HIPAA, GLBA, Sarbanes-Oxley, ISO 17001/17799, CoBIT, and Canada’s MITS.
You can find more information here.
[media = 8]
Virtual Seminar and Tradeshow: Security and Compliance in the Cloud
Cloud computing is opening up new areas of management and compliance issues for CIOs, IT managers, auditors and compliance and risk officers. Attend this FREE educational event, earn up to 4 CPE hours and get practical, indepent advice and best practices on how to define, defend and regulate cloud environments. For event details and to register, click here.
When: Wednesday, 8 December 2010, 8:30am – 4:30pm (EST) (13:30 GMT)
Where: Your computer
ISACA has teamed up wtih SearchCompliance.com and SearchSecurity.com to give you direct access to renowned security and compliance experts and qualified senior IT peers.This online, all-day event offers several perspectives from industry leaders on managing risk and compalince in the cloud. Plus, you can explore the networking lounge and exhibit hall in between sessions where you can visit exhibitor booths, and interact with other ISACA members and ISACA staff.
The keynote, Cloud Computing: Building Trust in the Cloud, will be presented by Dave Cullinane, Vice President and Chief Information Security Officer of eBay. In his keynote, he will discuss how to securely leverage the extraordinary benefits of cloud computing.
In addition to the keynote, there will be three Educational Sessions presented by industry leaders that will explore cloud computing:
- Data Protection and Access Control in the Cloud
- Compliance and the Cloud
- Vendor Management in the Cloud
Register now for this educational event you do not want to miss and your opportunity to earn up to 4 FREE CPE hours.
An Interview with The Chairman and Founder of SINET, Robert D. Rodriguez
The Security Innovation Network™ (SINET) was created to increase collaboration between the United States public and private sectors with the mutual objective of accelerating innovation in security technology, practices and implementation. The SINET provides thought leadership and tools to create social and virtual links among persons and organizations involved with the technical, strategic, legal, economic, and policy aspects of IT security. In order for the United States to maintain an innovation advantage, creative and continuous collaboration is imperative between the people within public and private sectors from federal agencies, system integrators, innovators, entrepreneurs, venture capitalists, academics and scientists. Our goal is to help these important groups within the US security community bridge knowledge and cultural gaps, forge ties and attain unity of purpose towards the advancement of IT security innovation.
The SINET is designed to create a demand pull environment through education, collaboration, access, knowledge transfer, technology transition and policy that leads to rapid identification, assessment, evaluation and integration of “best of class” IT security solutions.
To achieve its mission, the SINET is comprised of three inter-related entities, each with a distinct and essential purpose: The Security Trust, The Security Exchange and the IT Security Forum. These sub-organizations will operate in an integrated, leveraged fashion in support of the SINET.
The SINET will be supported by public and private sponsorship gifts and foundation and government grants.
[media = 7]
For more information about SINET click here
ITIL Process Delivery: The Why and How
Have you been thinking about adopting ITIL? Or have you set it aside as “next year’s” initiative because you think it’s too complex, too costly or just too much hype?
Join Kaseya on Tuesday, December 7 at 2pm – 3pm EST (register here) for a free webinar on the fundamentals of ITIL and how you can easily transform your IT operations with an automated, ITIL-based systems management solution. Hear from a Kaseya IT Automation Expert and learn how:
• Automated service delivery – combined with service desk management – may help you streamline processes
• Improved business processes – using ITIL v3 – may improve response time to end user requests, alerts and alarms, as well as shrink the time needed to manage issues
Register today and gain insight to combining ITIL process standards and service desk management to manage:
• Service Request Workflows
• Roles and Policies
• Escalation Process
• Automated Remediation
• Continuous Service Improvement
Register for this free presentation by clicking here.
Please let me know if you have any questions and hope to see you there!
David Castro
Director, Private & Public Sector, NA
Kaseya: Our Automation. Your Liberation!
415.694.5700
