Press Release: Black Hat Windows Briefings & Training 2002 NOLA

B.K. DeLong bkdelong@blackhat.com
Wed, 05 Dec 2001 11:04:56 -0500


For Immediate Release

Contacts

B.K. DeLong
press@blackhat.com
+1.617.877.3271

BLACK HAT WINDOWS SECURITY BRIEFINGS & TRAINING 2002 IN NEW ORLEANS ADDRESS 
WINDOWS 2000, XP SECURITY RISKS

Call for Papers Ends December 15th, 2001

http://www.blackhat.com/ -- Black Hat Inc. announced today 7 different 
training sessions for this spring's Black Hat Windows Security Briefings 
and Training 2002, the annual conference and workshop designed to help 
computer professionals better understand the security risks to their 
Microsoft Windows systems and information infrastructures by potential 
threats. This year's training will primarily focus on the Windows 2000 
platform and also touch upon Windows NT, general Windows Web applications 
and ICMP scanning at the Radisson Hotel, in the heart of New Orleans, 5 
through 6 February, 2002.

The Black Hat Windows Security Briefings focuses on the security issues 
created in the Microsoft Windows environment -- specifically the Windows 
2000 and Windows XP family of operating systems. Briefings will be 3 tracks 
(Technical, More Technical, and Deep Knowledge) over 2 days, with 
approximately 25 different speakers. Black Hat Inc. is currently soliciting 
speakers through a Call for Papers which ends 15 December 2001. The 
Briefings portion of this conference is 7 through 8 February, 2002.

"Because the issues surrounding Windows 2000 and Windows XP security are so 
numerous, a specific Black Hat conference has been created to explore 
them," says Jeff Moss, founder of Black Hat Inc. "This conference will 
explore in greater detail, the technologies, tools, and techniques needed 
by system administrators to stay on the cutting edge."

The lineup of Black Hat Windows Security Training sessions for 2002 include:

     One Day Courses

         -- Advanced Scanning with ICMP taught by Ofir Arkin, Founder of 
the Sys-Security Group and a researcher well-known for his work with usage 
of the ICMP protocol in scanning. This workshop will be an in-depth 
theoretical and hands-on experience detailing the ICMP protocol, and its 
usage in network sweeps.

         -- Auditing Binaries: Reverse Engineering Windows 2000, given by 
Halvar Flake, chief reverse engineer for Black Hat Consulting. This 
workshop will give the audience a good overview of how to manually audit 
Windows binaries for security vulnerabilities including both theoretical 
and hands-on work.

         -- Complete Windows 2000 Security, presented by Rooster, a 
Microsoft insider. A comprehensive one-day course, Complete Windows 2000 
Security takes you through an end-to-end process of securing your Windows 
2000 network. Many people spend a tremendous amount of time locking down 
their systems, but this is really only part of the security process.  A 
complete process is made up of three steps: Creating a security policy, 
implementing the security policy, and then auditing that policy.

         -- NT Network Intrusion, instructors are JD Glaser and Saumil 
Shah, Network Security specialists for Foundstone, inc. This NT Network 
Intrusion workshop will put the student in control of network intrusion 
traffic analysis. It will focus on NT specific protocols and attack patterns.

         -- Secure Development of Data-Driven Web Applications, taught by 
Tim Mullen, CIO and Chief Software architect for AnchorIS.Com and Microsoft 
Focus columnist for SecurityFocus. This session will concentrate on the 
techniques and methods used to protect your network from these types of 
vulnerabilities, and "best practices" to follow when developing your 
data-driven applications.


     Two Day Courses

         -- NSA InfoSec Assessment Methodology Course, taught by Security 
Horizon, Inc. The InfoSec Assessment Methodology (IAM)is a two-day course 
for experienced Information Systems Security analysts who conduct, or are 
interested in conducting INFOSEC assessments of U.S. Government information 
systems. The course teaches NSA's INFOSEC assessment process, a high-level, 
non-intrusive process for identifying and correcting security weaknesses in 
information systems and networks.

         -- Foundstone's Ultimate Hacking: Black Hat Edition. Foundstone 
instructors walk you through footprinting an organization's Internet 
presence (with proper permission), then show you how to identify, exploit, 
and secure well-known and little-known vulnerabilities in Windows NT, 
Windows 2000, and Unix systems. Participants also explore common weaknesses 
in router and firewall installations, learning ways to circumvent both 
traditional and "hardened" security filters or firewalls. The course's 
final exercise assimilates the multi-day instruction. In it, participants 
assess and attempt to exploit a simulated "secure" network with multiple 
OSes and security mechanisms.

Other special features of this year's Black Hat Windows Security conference 
include that the dates are just after the Super Bowl XXXVI being held at 
the nearby Louisiana Superdome two days before the show, and in the days 
following the conference, attendees can experience New Orleans' Mardi Gras 
-- where the main parade goes right past the hotel (special negotiations 
occurred to allow attendees to book their hotel rooms as early as Feb. 1st 
all the way through Mardi Gras on Feb. 12th).

Attendees will also have access to a wireless network during the show.

To register for BlackHat Windows Security Briefings and Training, visit the 
Web site at http://www.blackhat.com. Direct any conference-related 
questions to info@blackhat.com.

For press registration, contact B.K. DeLong at +1.617.877.3271 or
via email at press@blackhat.com.

If you're interested in speaking at the conference visit the Call for Papers at
http://www.blackhat.com/html/win-usa-02/win-usa-02-cfp.html and send 
submissions to submissions@blackhat.com no later than 15 December 2001.

About Black Hat Inc.

Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need 
for computer security professionals to better understand the security risks 
and potential threats to their information infrastructures and computer 
systems. Black Hat accomplishes this by assembling a group of 
vendor-neutral security professionals and having them speak candidly about 
the problems businesses face and their solutions to those problems. Black 
Hat Inc. produces 5 briefing & training events a year on 3 different 
continents. Speakers and attendees travel from all over the world to meet 
and share in the latest advances in computer security. For more 
information, visit their Web site at
http://www.blackhat.com

###

--
B.K. DeLong
Press Coordinator
Black Hat Briefings
+1.617.877.3271

bkdelong@blackhat.com
http://www.blackhat.com