SANS Community Evening - Sydney 2011

Starts: Wednesday 16 November 2011, 6:00PM

Finishes: Wednesday 16 November 2011, 8:00PM

When: Wednesday 16 November 2011 - from 6:00pm

Where: Sydney Marriott Hotel

36 College Street, Sydney

Event Organisers: SANS and Shearwater Solutions

SANS and Shearwater Solutions invite AISA members to attend this SANS Community Evening for FREE.

Advance Registration ESSENTIAL. See below for how to register.

Topic: Why Our Defenses Are Failing Us. One Click Is All It Takes...

Organisations are spending unprecedented amounts of money in an attempt to defend their assets...yet all too often, one click is all it takes for it all to come toppling down around them. Every day we read in the news about national secrets, intellectual property, financial records & personal details being exfiltrated from the largest organizations on Earth. How is this being done? How are they bypassing our defenses (e.g. strong passwords, non-privileged accounts, anti-virus, firewalls/proxies, IDS/IPS, logging, etc.) And most importantly, what can we do about it? A keen understanding of the true risks we face in today's threatscape is paramount to our success...

This technical presentation will walk through an example spear-phishing campaign to demonstrate:

  • How attackers perform recon on key individuals in target organizations (e.g. admins, executives, engineers, help desk personnel, etc.).
  • How attackers craft and deliver payloads that bypass most detection mechanisms.
  • How attackers elevate privileges to super-user levels - even on fully patched systems.
  • How attackers bypass strong passwords, smart cards, multi-factor, bio-metrics and virtually all forms of strong authentication.
  • How attackers move throughout the environment in search of their "prize" with minimal footprint or artifacts.
  • How attackers exfiltrate secrets out of the organisation undetected.

Many organisations are busy being busy, managing all kinds of projects and initiatives. They have all the right products. They have more logs than they know what to do with. Yet, the uncomfortable question persists, "is it working?" If one click by a user is all it takes, we need to re-evaluate... .

Speaker: Bryce Galbraith

Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem. As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies as well as being a member of Foundstone's world-renowned attack and penetration team. Bryce also served as senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On series. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe.

Bryce is currently the CEO at Layered Security, where he provides vulnerability assessment and penetration testing services to clients around the world. Bryce teaches several of SANS' most popular courses and develops curriculum for current topics. Bryce is an active member of several security-related professional organizations, he speaks at a variety of conferences, and holds a number of certifications: CISSP, GCIH, GSEC, CEH, CHFI, Security+, and CCNA. Bryce blogs about security issues at http://blog.layeredsec.com

Agenda:
6:00pm - Registration and Networking Drinks
7:00pm - Start of Presentation
8:00pm - Close

Sydney AISA members are invited by SANS and Shearwater Solutions to attend this SANS Community Evening for FREE.

N.B. Advance registration via email is ESSENTIAL!

Please note the email registration requirements:

  • Email subject: "AISA Member booking for SANS Community Evening"
  • In your email, you must state:
    • your name
    • your company
    • and your AISA Member ID Number (if you can't remember this, simply log-in to this AISA website and check your profile)
  • Email to Aleks Aleksov: AAleksov@shearwater.com.au
  • Email before: COB on Friday 11 November 2011


This Community Evening is part of SANS Sydney 2011; http://www.sans.org/sydney-2011/

In addition to our invitation to this Community Evening, AISA members enjoy substantial discounts for all SANS Training Courses in Australia; http://www.aisa.org.au/education/training-courses/