Hello,
I just wanted to say thanks to all of you who attended my OSDEM
presentation in Brussels last week. I think it (and the rest of the
conference) went well.
Some of you in North America complained that Europe is an inconvenient and
expensive destination for a 2-day conference. So I have also agreed to
speak at CanSecWest in beautiful Vancouver, B.C. on March 28-30. I am
currently planning to discuss "Packet Reconnaissance Techniques" and to
release a special version of Nmap at the conference which implements some
of the advanced techniques. Of course, this is subject to change if I
think of something even cooler to talk about :).
For more information on the conference, including the speaker list, see
http://www.dursec.com/ . Since I was so tardy in sending out this
invitation, I convinced Dragos ( the organizer ) to honor the early
(January) registration price until Feb 9 if you mention nmap-hackers when
you register.
Here is the full conference announcement:
CanSecWest/core01
Network Security Training Conference: March 28-30 2001
It will be held again in downtown Vancouver, B.C. Canada.
The current conference speaker lineup includes:
Renaud Deraison - Author of Nessus, speaking about the Nessus attack
scanner, giving an overview of scanner operations and a tutorial on Nessus
Attack Scripting Language (NASL). [http://www.nessus.org]
Martin Roesch - Author of the popular Snort Intrusion Detection System
(IDS), speaking about new developments in IDSes. [http://www.snort.org]
Ron Gula of Enterasys - VP of IDS products, author of Dragon IDS, Speaking
about evading IDS systems. [http://www.network-defense.com]
Dug Song of Arbor Networks - Author of many famous networking tools.
Speaking about monkey in the middle attacks on encrypted protocols such as
SSH and SSL. :-) [http://www.monkey.org/~dugsong]
Rain Forest Puppy - Will be speaking about assessing the web, with
demonstrations of several new (previously unreleased) rfp.labs web tools
including the release of Whisker 2.0 and other surprises in his inimitable
style. [http://www.wiretrip.net]
Mixter of 2XS - Author of several widely used distributed tools and some
popular security whitepapers will give a talk about "The future of
distributed applications" explaining the key elements of peer-to-peer
networks, discussing a few examples/possibilities of distributed
technology, and related security problems in distributed networks.
[http://mixter.void.ru]
K2 of w00w00 - Will present his new ADMutate, a multi-platform,
polymorphic shell-code toolkit and libraries for detection evasion.
[http://www.ktwo.ca] (Early reviews say it's scary good. --dr)
Matthew Franz of Cisco -- Author of Trinux: A Linux Security Security
Toolkit, will discuss a comprehensive security model (including tools and
techniques) for conducting security evaluations of firewalls, VPNs, and
other networked devices. [http://www.trinux.org]
Lance Spitzner of Sun - Will present more of the HoneyNet group's honeypot
findings, including watching Romanian hackers on their own web cam while
they were hacking one of his honeypots for their botnet.
[http://project.honeynet.org]
Theo DeRaadt of OpenBSD - Paper Title TBA [http://www.openbsd.org]
Fyodor of Insecure.Org - Author of the popular Nmap Security Scanner, will
talk about Advanced Packet Reconnaissance Techniques. He will also release
a special version of Nmap which implements some of those techniques.
[http://www.insecure.org]
Frank Heidt of @Stake - Paper Title TBA [http://www.atstake.com]
HD Moore of Digital Defense - Will give a surely popular talk about his
more esoteric NT/Win2k penetration test tricks in a presentation called
"Making NT Bleed." where he will cover some of the procedures he has had
to develop during the course of cracking multiple systems for customers
daily. [http://www.digitaldefense.net]
Jay Beale of MandrakeSoft - Author the the Linux Bastille scripts and
Security Team Director at MandrakeSoft, will talk about securing Linux.
[http://www.bastille-linux.org]
Kurt Seifried of SecurityPortal.com - Will moderate a panel debate about
cryptography... a "two edged sword" including PKI, SSH and SSL.
[http://www.securityportal.com]
Dave Dittrich of The University of Washington - Author of many famous
Forensic Analyses and UW Senior Security Engineer, will give a talk about
finding intruders, then tracing their actions through the trails they
leave on penetrated systems. [http://www.washington.edu/People/dad/]
Robert Graham of NetworkICE - CTO of NetworkICE, will discuss IDS
operations and decoding technology, illustrating with exploits including
his new "sidestep" utility during live demonstrations of the BlackICE
Sentry IDS system and other IDSes like Snort. [http://www.networkice.com]
Sebastien Lacoste-Seris & Nicolas Fischbach of COLT Telecom AG - Editors
of the French Securite.Org site, will discuss the rollout of Kerberos
across their company and hosting center using Kerberized SSH and Kerberos
V5 across Unix/Cisco/Win2k platforms to provide strong authentication with
SSO capabilities, their experiences, and what potential problems and
limitations they faced. [http://www.Securite.Org]
Schedule:
Afternoon (1-6), Wed Mar 28.
All Day (9-6:30) (and night :-), Thurs Mar 29,
Morning (10-2/3) Fri 30.
There will be some Birds of a Feather sessions held at 6:30 on Thursday -
these will be announced at the conference.
Venue:
The venue will be the Pacific Palisades Hotel Conference Center on Robson
Street.
The hotel web site can be found at www.pacificpallisadeshotel.com We have
negotiated discounted rates for the CanSecWest conference with the hotel
at $150/night regular, and $200/night suite for attendees. I'm told that
some (but not all) suites now feature in room high speed network access.
Attendees need to tell the reservations desk they are attending the
CanSecWest conference and that they should get the block discount rate
when they make their reservation.
The conference this year will be held in the hotel itself in their meeting
facility, and will feature a catering room, as well as a a vendor display
area and a place to set up your computer to check e-mail. There will be a
wireless 802.11 network and a "Capture The Flag" contest over the wireless
net, on-going throughout the presentations. There will be a display in the
speaker room during the talks with the CTF target web page where the
current "owner" of the CTF target server will be able to put up their
advert, logo, pithy quote, or whatever. If you are bringing a PC with a
wireless card, please ensure your firewalls are in good working order, as
we assume no liability for what kind of traffic may be seen. (:-) This
year, we will have a permanent coffee stand (after feedback from last
year's sessions). Seating is limited and the venue is slightly smaller
than last year so please book early to ensure a spot.
How to register:
In the month of January, you may register by sending PGP encrypted e-mail
to dr_at_dursec.com (gpg/pgp key on file at wwwkeys.pgp.net or here) with the
following information:
Your name
Your company
Your company address
Visa card number/expiry
Visa Billing Name and Address
Your contact phone number.
Your preferred e-mail address for conference mailings.
(I'm sorry we still accept only VISA at this time and Mastercard or AmEx
is not an option. We also accept pre-payment by couriered cheque or wire
transfer of USD or CAD equivalents. Registrations are reserved upon
receipt of cheque - please email dr_at_kyx.net for further details about this
payment method.)
Alternatively if for some reason you cannot use encrypted e-mail, you can
phone Dragos Ruiu at +1 (604) 722-3993 with the above information and he
will process the VISA transaction manually. Please try to phone between
10:00AM-8:00PM PST, but an occasional odd hour phonecall from weird
timezones will be tolerated if it absolutely cannot be avoided.
If you prefer, we can also reserve a hotel room on your credit card, if
you specify dates. (We have been told that our block booking will have
priority for the rooms with networking).
In January the registration fee will be:
USD$895 - for past attendees.
USD$980 - for all others up until Jan 31.
In February, an on-line booking system will be up at https://dursec.com
and the registration fees for all will be USD$1120.
In March, the registration fee will be USD$1350.
Due to the slightly smaller venue we expect that registrations at the door
will be extremely limited and potentially unavailable, at a cost of
USD$1595.
Vendor sponsorships are available at USD$2500, which as well as sponsoring
a display table for the vendor also gives the vendor up to five attendee
registrations at USD$580. The cut-off date for vendor sponsorships is
March 9.
Registration fees include catered lunches and coffee breaks. Thanks for
your continuing support, and I hope we'll have a conference that will
surpass the positive experiences of last years conference. I'm eager to
see and hear the fascinating papers planned, and this year, we will be
bringing back the popular technical book(s) (title TBD) that will be given
to attendees, as well as having another conference CD-ROM full of goodies
and some previously unreleased tools and information. I'm looking forward
to seeing you there.
Thank You,
--dr
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Feb 08 2001
Intro
