Cybercrime Security Forum 2017

Course information
Prijs: € 995,00 (excl. BTW)
Duur: 2
Cursuscode: CYBERCRIME
Global Training Credits: 13 (incl. BTW)

Cursusbeschrijving

Cybercrime – Build Your Defense

We also have an English brochure available for you.

Bent u klaar voor de volgende golf aan cybercrime? Kom naar het Cybercrime Security Forum 2017 en bereidt u voor op wat komen gaat.

Hoe kunt u internetcriminelen te slim af zijn? Kom naar het 9e Cybercrime Security Forum op 20 en 21 maart 2017.

Op het Cybercrime Security Forum 2017 leert u hoe uw organisatie zich kan wapenen tegen cybercrime. Zoals u van Global Knowledge gewend bent krijgt u niet alleen actuele achtergrondkennis, tips en do’s and dont’s om uw ICT-infrastructuur, bedrijfsdata en applicaties te beveiligen tegen online gevaren maar ook de kans om zelf te ervaren hoe het is om te hacken tijdens de hands-on Deep Dive hacking sessies.

Wat kunt u verwachten?
Keynotes en deep dive-sessies van internationale securityspecialisten zoals Andy Malone, John Craddock, Sasa Kranjac, Michael Jankowski-Lorek , Edwin van Andel en Mattijs van Ommeren over onder andere social engineering, the dark side of Meta data, het gebruik van NMAP als een wapen tegen cybercrime. Tijdens de hacking deep dives kunt u sessies verwachten zoals Hacking like Mr Robot, Exploit Writing, CSI Windows en de Top 10 Infrastructure security fouten.

Informatie over de inhoud van de Key notes, guest speakers en hacking 'deep dive' sessies, vindt u onder cursusinhoud.

Voorkennis

Er is geen vooropleiding vereist om aan dit evenement deel te nemen.

Inhoud

Programma Cybercrime Security Forum 2017

Track 1: Hot Topics in Cyber Crime (Low to medium technical)

DAG 1 - 20 maart

8.30 – 9.00 uur Ontvangst en koffie

9.00 – 9.15 uur Welkom en introductie door Global Knowledge

9.15 – 10.30 uur Through a Mirror Darkly: A Journey to the Dark Side of Metadata - Andy Malone

In the world of Cyberspace exists a secret currency of information that is being traded without your knowledge. In his latest thought provoking session, join Andy Malone as he takes you on a journey into the heart of metadata. To understand what is it and how it works. You’ll be amazed at how information can be peeled away to reveal your deepest secrets. Most importantly we will learn how to protect yourself and your data from potential misuse. By adopting simple best practices you’ll ensure that your secrets truly remain secure.

10.30 - 10.45 uur Pauze

10.45 - 12.00 uur Yin and Yang of Network Forensics and Traffic Analysis - Wireshark and NMAP - Sasa Kranjac

These two very popular and useful tools work hand by hand in assisting you gathering network information and identifying malicious activity. Victims usually find out about the attack only AFTER the damage is done. But can you detect an attack and respond while it is in progress? We will serve Wireshark as a main course with NMAP as a side dish and give you a pleasure to see, feel and taste scanning, discovery and analysis of suspect traffic that might be going on your network.

12.00 – 13.00 uur EU General Data Protection Regulation - Lovisa Bonnevier (CISO SecureLink Group) - Guest Speaker

The new EU General Data Protection Regulation brings on challenges and new tasks for organizations. This session gives you a brief overview of the regulation and its key requirements, and puts the spotlight on some areas where many customers will need to take action. Focus is on providing actionable advice on how an organization can work towards compliance, while at the same time strengthening its cybersecurity posture.

13.00 uur - 14.00 uur Lunch

14.00 – 15.15 uur Just how secure is your password? – John Craddock

For years, we have been told that our passwords should be of a certain length, have the correct entropy, contain mixtures of upper-case, lower-case, numbers, punctuation marks and more. You may abide by all the rules, but are the rules correct and just how might your password be compromised? Social engineering or technical trickery ranges from the primitive to erudite. Come to this session and you will definitely rethink your password strategies. John Craddock will take you through the attack paths, mitigations and methods of staying safe.

15.15 – 15.30 uur Pauze

15.30 - 16.45 uur Going Underground: Discovering, Exploiting and Defending against Covert Channels in Modern Computing - Andy Malone

There’s a hidden world that you never knew existed. In this fascinating deep dive, join Andy Malone as he takes you inside the murky world of covert channels. Beyond the well known ports, hackers and bad guys lurk waiting to deploy viruses, Trojans or worse. Also discover how to access hidden channels within modern file systems and how hackers exploit them.  Join Andy Malone in this fascinating session to discover what lies beneath. Packed with demos, trick and tips to ensure that your network is properly monitored and secured.

16.45 -17.15 uur Cybercrime Security Panel Discussion (All Speakers)

17.15 – Afsluiting en borrel

DAG 2 - 21 maart

8.30 uur - 9.00 uur Ontvangst en koffie

9.00 – 10.15 uur For your ear’s only: Voice Recognition Security Secrets Unleashed! - Andy Malone

Voice recognition is hot and appears to be everywhere. From Cortana in Windows 10 devices to TV’s, smartphones and even web browsers. But just how this amazing technology works remains a mystery for many. Join Andy Malone as he uncovers the secrets behind voice recognition technology and how it’s changing our world. Whilst this fascinating technology may be a godsend for many, it’s also uncovered some alarming security flaws and IT and as such Security professionals need to fully understand this amazing technology. Join Andy Malone as he investigates the rise of Voice recognition and asks if it’s a technological wonder or a security nightmare. Packed with topical debate, demos and tips and tricks, this is a 75min security session you won’t forget.

10.15-10.30 uur Pauze

10.30 uur – 11.45 uur In a world beyond passwords - John Craddock

Come to this session and discover how federated identity can eliminate the need for passwords and provide Single-Sign-On (SSO) for access to all web resources. You will learn: how to build federated identity solutions, how to manage different devices and the requirements for authentication and authorization. Although the proposed solution will be primarily built around Microsoft technologies and cloud services, the concepts apply to any platform solution. You also learn about the risks and mitigations.

11.45 – 13.00 uur Dr. Jekyll and Mr. Hyde – NMAP for Good and NMAP for Evil - Sasa Kranjac

So, you are responsible for your network. Do you know what is going on with your network? Are unnecessary ports on network computers closed? You have shut down port 80 but how do you know a web server is not running on a port other than the standard one? Is there a game server coming alive in the middle of the night or are there any bots hiding? Vulnerable applications, rouge devices such as laptops, tablets and wireless access points – all pose a significant threat if undetected. Misconfigured firewalls add wound to the insult. You will use NMAP as the weapon to do some good and dive deep into its command line on the journey to secure the network. After that, you will put your Black Hat on and dive deeper with NMAP to the dark side…

13.00 – 14.00 Lunch

14.00 – 15.15 uur Opening Pandora’s Box: Social Networks & How to Exploit Their Dirty Secrets - Andy Malone

These two very popular and useful tools work hand by hand in assisting you gathering network information and identifying malicious activity. Victims usually find out about the attack only AFTER the damage is done. But can you detect an attack and respond while it is in progress? We will serve Wireshark as a main course with NMAP as a side dish and give you a pleasure to see, feel and taste scanning, discovery and analysis of suspect traffic that might be going on your network.

15.15 -15.30 uur Pauze

15.30 – 16.45 uur Hackers! Do we shoot or do we hug? - Edwin van Andel - Guest Speaker

Join Edwin van Andel, winner of the Lighting talks of Brucon 2013 and organiser of the alternative NCSC-congress, In this interactive and humoristic presentation I will start to discuss the definition of security, followed by the 'real' definition by hackers. How they think and work and how many times they are prepared to help  instead of demolishing! During this presentation we look in to malware and crypto lockers, bug bounties and Responsible Disclosure. We also look in to successes and epic fails in LAN, the Internet and IoT. Finally we will 'calculate' how easy it would be to make the online world a safer place. And if you pay attention during the presentation you will be able to even win Hacker-prices!

16.45 uur – 17.15 uur Afsluiting

Track 2: Hacking Deep Dives (technical)

DAG 1 - 20 maart

8.30 – 9.00 uur Ontvangst en koffie

9.00 – 9.15 uur Welkom en introductie door Global Knowledge

9.15 – 10.30 uur Hacking Like Mr. Robot - Edwin van Andel en Mattijs van Ommeren

The last few months, many of us have enjoyed the new TV-series around Cyber hacking, called Mr. ROBOT! In this TV-series many of the hacks on show where based on real life hacks. This in contrary with other series and movies around Cyber hacking. For many of you who would like to experience how these hacks work, this session is for you! During this hacking deep dive we will show you and give you the experience on how some of these great hacks, performed on Mr. ROBOT will work and can be executed! Hacks performed during this session are among others, How Elliot Fsociety destroyed Evil Corp’s data (De HVAC attack), Ultra-secure emails, de MagSpoof dooropener device, Hacking Raspberry Pi device, hiding data in audio files, Spy on anyone’s Smartphone activity, Hacking Bluetooth, Sending Spoofed SMS messages.

10.30 - 10.45 uur Pauze

10.45 - 12.00 uur Top 10 Infrastructure Security Mistakes that Bring Administrators to Their Knees - Michael Jankowski-Lorek 

Let's face it! Do you maintain the IT environment where there are solutions that you want to raze to the ground? Have you ever got the project documentation with the suggestions like: "Turn off UAC" or "Add the user's account to the Administrators group"? If yes, you know exactly what this session is about! These are just a few simple examples, what about the less obvious ones that seriously affect the security of your organization? Sometimes they are within the requirements of big solutions that have been accepted on the management level. At the end nobody but Administrators need to solve the problems that have just popped-up with already made decision. During the session Michael will show the real-live examples about what are the biggest infrastructure configuration mistakes made during the implementations and what Administrators can do about systems that they prefer not to touch. Very technical session!

12.00 – 13.00 uur Build your own USB Rubber Ducky - Edwin van Andel en Mattijs van Ommeren

A USB rubber ducky is an USB stick which can emulate a keyboard. This device looks like an ordinary USB memory stick but will be recognized by a PC as a standard Keyboard! With this little piece of program code, you will be able to make the memory stick perform a number of handy and sneaky actions on a high speed without even touching the keyboard! The official USB Rubber Ducky will cost you around 45 Euro. However, during this session we will create your own and of course show you many fun hacks you can perform with your own Rubber Ducky!

13.00 uur - 14.00 uur Lunch

14.00 – 15.15 uur The Ultimate Hardening Guide: What To Do To Make Hackers Pick Someone Else - Michael Jankowski-Lorek 

It is pretty clear that we have a smart new generation who understand how to get around computer systems — some are doing it just for fun, while others are doing it with a slightly more sinister intent! Then we read in newspapers about these impressive findings done by a young hacker. Let's stop there and think for a while! Are these really targeted attacks or it was just for a good time and by accident he discovered something that had some usefulness.  Did you see all these breaking news stories about destroying another botnet containing millions of computers? Why are they targeting these computers and not others? Usually the young hacker's goal is very simple: let's do whatever is possible. Our response should be, 'Do whatever you want but somewhere else!' During Michael's session you will learn how to strengthen systems and stop the data breaches that litter the news sites today. Come and enjoy the live-experience presentation with engaging stories and demos! Let's deter hackers together— whether they’re 7 or 70 years old!

15.15 – 15.30 uur Pauze

15.30 - 16.45 uur Exploit Writing - Edwin van Andel en Mattijs van Ommeren

A real Deep Dive! We will look at how in the basics an Exploit works. Next to this we will try to create our own Exploit for a vulnerable application. This is relatively easy to do with the help of a so called ‘debugger’ and a piece of Phyton code! Some familiarity with assembly for the i386 platform and PC architecture is needed. Other than this all necessary steps are shown in this great hacking session!

16.45 -17.15 uur Cybercrime Security Panel Discussion (All Speakers)

17.15 – Afsluiting en borrel

DAG 2 - 21 maart

8.30 uur - 9.00 uur Ontvangst en koffie

9.00 – 10.15 uur  CSI: Windows - Techniques for Finding the Cause of the Unexpected System Takeovers - Michael Jankowski-Lorek 

Ok, so this is what has happened: An attacker got into your infrastructure, used server’s misconfiguration, created themselves an account and… Exactly! And what? Or maybe let's stay on the ground: you would like to know where to gather information about activities in an operating system. In both cases this session is for you! This is the moment that we wonder what else could happen except for what we see and if it is possible to trace back hacker’s activities in our systems. Yes it is! By performing several analysis we are able to get enough evidence of performed malicious actions. This type of monitoring can be also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective.  Come and see what it mean to be hacked and that nothing can be completely hidden! During this session you will become familiar on how to trace system related situations and how to establish informative monitoring that can alarm you if something goes wrong in your environment. This session is a real deep-dive into the monitoring world so be prepared for a hard-core technical ride!

10.15-10.30 uur Pauze

10.30 uur – 11.45 uur  Forensics Case - Edwin van Andel en Mattijs van Ommeren

Where hackers will try to get in to your IT systems, with the means of the ultimate full control, with forensics cases the goal to research how hackers did get in to your systems and create enough evidence to proof it! During this hacking deep dive you will do forensic investigation on a hacked system image, with the help of the open source tool Autopsy. Your goal is to reproduce exactly what has happened and to point out the guilty hackers!

11.45 – 13.00 uur Hidden Talents: Things Administrators Never Expect From Their Users regarding Security - Michael Jankowski-Lorek 

You have just finished building your new shiny server room in the hopes of achieving infrastructure nirvana with both improved security and availability. The ability to keep your infrastructure ‘up and running' makes you smile. All problems are gone, right? Think again. 10 minutes! This is the time that allows a regular user to attack your infrastructure. Effectively! With a chance for a coffee… These crypto-attackers, when with bad intentions, quickly discover that the weakest link in any environment is end users and with the multitude of applications they run. Evil users are in the situation that puts them in direct contact with end-user data and credentials with minimal digging, and without the worry of a professional IT security department looking over the attacker’s shoulder. On the other hand, even innocent users are as dangerous as administrator's level of ignorance for the implementation of security settings in the infrastructure! The typical rich and poorly managed software ecosystem on users' workstations provides great attack surface for malicious… users! To take advantage of this sorry state of security, administrators need to be aware how their infrastructure looks from the users' perspective and how far users can go or sometimes they just do not have a choice! During this session Michael will show you the possibilities and ideas that users can come up with and the effects of their tasks. Come and learn from someone else’s mistakes!

13.00 – 14.00 Lunch

14.00 – 15.15 uur  Capture the Flag! - Edwin van Andel en Mattijs van Ommeren

Within the Cybercrime world it is very common to use Capture the Flag assignments to test how great security specialists or hackers are in their profession! There are a number of great annual contest around the globe such as Pwn2Own and Cyberlympics. For this session we have created a number of systems with CTF assignments for you. Your job is simple…. Conquer as many flags as you can!

15.15 -15.30 uur Pauze

15.30 – 16.45 uur  Hacker’s Perspective on your Windows Infrastructure: Mandatory Check List - Michael Jankowski-Lorek 

If there is a weakness in your IT security system, wouldn't it be better to find it before someone else does? The worst thing is that even a small scale security breach could leave your business in poor condition and in the end information security is not an IT department's problem, it is a business issue! As long as we are aware about the value of the resources to be protected, why don't we put ourselves into the hacker's role and perform all the activities they would do as well? Of course it requires some very specific knowledge that may be hard to learn when our work focuses more on creating than destroying, but the results will give us a perspective on what other people with bad intentions can see. Sometimes it is really surprising how often you can use the same paths to enter to the system! During this intensive session you will become familiar with the mandatory tasks that are performed by hackers or penetration testers in order to check for misconfigurations and vulnerabilities. Come and join Michael in the journey to the darker side of IT security and use this knowledge for making good decisions in your system. Do not forget to keep the mandatory security check list in your pocket!

16.45 uur – 17.15 uur Afsluiting

Doelgroep

Het Cybercrime Security Forum 2017 is met name bedoeld voor C-level Management, Security Professionals, IT Managers, Developers, Architecten en IT Professionals van organisaties in zowel het bedrijfsleven alsook overheidsinstanties.

Vervolgcursussen

Na het bijwonen van het Cybercrime Security Forum kan men verschillende security trainingen volgen bij Global Knowledge. Ons volledige aanbod aan security trainingen vindt u op  www.globalknowledge.nl/security

Andere trainingsmethoden

Maatwerk

Klassikale training

Cursusdata

Data beschikbaar op aanvraag. Neem contact met ons op.

Dit item is toegevoegd aan uw winkelmandje.