iSEC Partners -

VoIP Security Training

sarva — Fri, 28 Jul 2006 01:54:09 -0700

Target: Network Engineers, Security Architects

Length: 2 days

Focus: VoIP Attacks

Format: Lab & Lecture

Content:

Writing unit tests to for defects
Eavesdropping on third party calls via RTP
SIP Attacks
H.323 Attacks
H.225 Registration
Replay Attacks
Spoofing (Endpoints, Gatekeepers, Border Controllers)
Denial of Service (SIP and H.323)

Protocol Analysis:

SIP
H.323
RTP
MGCP

Device Analysis:

Gatekeepers
Media Gateways
Border Controllers

VoIP Trends

GoogleTalk, Skype, MSN Live Messenger, Yahoo Messenger, Vontage

To learn more about our training courses or onsite delivery options, contact training@isecpartners.com.

Improving Software Security through Life Cycle Changes

sarva — Fri, 28 Jul 2006 01:41:48 -0700

Target: Software development teams with responsibility for create secure applications.

Length: 4 days

Format: Lecture and Workshop

Focus: Software development lifecycle of products.

Content:

The Agile software development lifecycle · Defining Security Requirements
User Stories
Threat modeling
Negative QA testing
Test Driven Design
Security defects impact on your product
Writing unit tests to for security defects
Balancing security defects, regular defects and features
Integrating the Agile lifecycle into your environment
Continuous Improvement
Security and Agile Engineering Practices
Security and Agile Management Practices

Web Application Security QA Testing

sarva — Fri, 28 Jul 2006 01:22:37 -0700

Target: Developers and QA Professionals
Length: 2 Days
Focus: Security testing of web applications

Format: Lab & Lecture

Content:

Cookies
Cross-Site Scripting
Hostile linking attacks
Forms
Hidden fields and business logic
Links
Page Redirection
Phishing
SQL Injection
Error messages
Concurrency

Application Security Best Practices

sarva — Fri, 28 Jul 2006 01:20:05 -0700

Target: Developers QA & Application Security Professionals
Length: 2 Days
Focus: Application Weaknesses, Development Flaws, and Remediation Strategies

Format: Lab & Lecture

Content:

Application Attacks

Execution of the following attacks on web interfaces
Cross-site scripting
Code Injection
Session Hijacking
Enumeration of network and device settings
Enumeration of web server type, either Apache or propriety, and CLI management methods
Denial of Service attacks
Responsible disclosure doctrines and practices

Binary Analysis

Binary analysis with hex editor and an introduction to forensics tools
Binary examination, disassembly, and modification
Run-time debugging and reverse engineering

Penetration Testing & Binary Analysis

sarva — Fri, 28 Jul 2006 01:15:16 -0700

Target: Network and Application Security Professionals
Length: 1, 2 and 3 Day courses
Focus: Application and Network Penetration Testing

Format: Lab & Lecture

Content:

Authentication Attacks

NTLM Attacks
Kerberos downgrade attacks
SSL Man-in-the-Middle Attack
Force SSL browsing with expire/un-trusted certificates
Deletion/corruption of the audit log

Application Attacks

Execution of the following attacks on web interfaces
Cross-site scripting
Code Injection
Session Hijacking
Enumeration of network and device settings
Enumeration of web server type, either Apache or propriety, and CLI management methods
Denial of Service attacks

Network Attacks

Layer 2 ARP Attacks
Session Hijacking
Subverting Firewalls and Routing ACLs
Identification Spoofing

Host Attacks

Windows 2003/2000 Attacks
IIS 5.0 Security
Linux (various flavors) Attack
Apache Security

Defend the Flag (DTF)

anastasia — Thu, 28 Feb 2008 17:16:03 -0800

Target: Network and Operations Security Professionals
Length: 2 Days
Focus: Windows network and host attack, hardening and defense

Format: Lecture, Lab and Competition

Content:

iSEC Partners has partnered with Microsoft to deliver this unique, hands-on training exercise in network attack and defense on the Windows platform. Day one begins with a half-day tutorial on attacking Windows systems utilizing state of the art attack tools, (previous DTF delivery partners for this portion of the course have included Immunity and Core) followed by another half day of materials and labs developed and delivered by iSEC’s industry-leading experts on Windows platform security. On day two, the students will form teams to compete against each other, exercising skills learned in both attack and defense. While the class is applicable to all recent versions of the Windows operating system, Defending Windows focuses on Windows XP and Windows 2003 which are currently the most deployed Windows versions.

“Defending Windows” material includes:

Preparing for an attack
- Discussion of hardening principles and methodologies
- System classification techniques
- Hardening network protocols, system services, DCOM
- Security-relevant registry settings
- User rights assignments
- Audit and event logs
- Account and password policies
- Group Policy Settings
- Basic forensic methodologies to assist in detecting/responding to attacks
During the attack
- How to find out that a system is under attack or has been compromised
- How to stop the attack
After the attack
- Basic forensics
- How to prevent recurrence

Due to the unique nature of this course, it will only be offered at select international security conferences. Please register to participate directly with the hosting venue.

Past events:

Black Hat DC Training 2008
District of Columbia, USA
Feb 18-19, 2008

Upcoming events include:

CanSecWest Vancouver 2008
Vancouver, British Columbia, Canada
March 24-25, 2008

SyScan ’08 Hong Kong
Hong Kong, China
May 27-28, 2008

AusCERT 2008
Gold Coast, Australia
May 18-23, 2008

SyScan ’08 Singapore
Singapore
July 1-2, 2008

Black Hat USA Training 2008
Las Vegas, Nevada, USA
August 2-5, 2008

More dates coming soon, or contact info@isecpartners.com for additional details.

Windows Vista Security for Developers

anastasia — Mon, 05 Feb 2007 10:57:15 -0800

Target: Security reviewers and developers already familiar with Windows security features and looking to understand how Vista changes the Windows security model and can be leveraged to improve application and enterprise security.

Length: 4 hours

Format: Lecture

Focus: This is a technical introduction to several of the important security changes introduced in Microsoft Windows

Content:

User Account Control (UAC)
Protected Mode Internet Explorer
Service Hardening
Odds and Ends