Invasions – detection and analisys

Every day on web portals about safety there appear at least 15 new information about vulnerabilities and potential attack paths. Sooner or later the machines we administrate, or the ones under our supervision may be discredited and used by the aggressors, at best as zombies, at worst – we should reckon loss of confidential information, problems in providing our services and often other long-term material damage.

The main and most important task, in the event of such an outcome, is the correct response of the technical staff, unfortunately very often the mere fact of a successful attack occurring is not properly recorded, there is no appropriate response, or worse absolutely no actions are undertaken. The goal of our workshops is to familiarize with the methods of post-intrusion analysis. Participants will have the possibility to trace the intruder’s procedures immediately after a exemplary break-in, get acquainted with tools and methods used by them in order to ensure long-term access to the networks and server equipment. Participants will acquire skills necessary to trace evidence of intrusion and seek the positive aspects within potential server system discredits. During the workshops techniques and methods of IT security failings detection will be presented along with methods of protecting potential evidence of such tampering. With this knowledge the participants will be able to respond quicker and more effectively to any threats in the future, not allowing the expansion of potential and possible losses, enhancing the quality of provided services.

Main topics during the Workshops:

• Specific behaviors of discredited systems.
• Concealment techniques used on Unix and Windows ran systems, presented on Slackware and Windows 2003.
• Basis of rootkit and backdoor construction and their functioning within the server systems.
• Ways of concealing data and methods of its disclosure.
• Intrusion detection techniques.
• Detecting rootkits, backdoors, keyloggers, Trojan horses and other system anomalies.
• System log analysis. Determining the history of performed operations.
• Tools and methods for tracking changes in the system.
• Best post-intrusion analysis methods.
• Methods of securing electronic evidence.

The Workshops are thought for:

small and medium-sized network administrators, as well as those responsible for the proper and fair operation of infrastructures. Information provided during the workshops should be of particular interest to IT staff of public administration offices, technical support staff for government servers and websites , communication and information technology security office employees, IT system management centers employees and those of other related organizations and institutions.

Workshop requirements:

• Knowledge of Linux and Windows (including W2k3).
• Basic knowledge of connection and connectionless network protocols.
• Basic knowledge of programming, including network programming.
• Minimal theoretical knowledge of the basic types of attacks.

Key benefits for the Workshop participants:

• Knowledge of specific symptoms indicating network device discredit.
• Knowledge of techniques and tools used by the intruders for concealment.
• Acquiring skills necessary to trace evidence of intrusion.
• Expanding knowledge on the intruders tactics, and knowledge of IT threats.
• Being accustomed with necessary tools and techniques allowing effective intrusion detection and analysis.
• Being accustomed with the methods of post-intrusion analysis.
• Being accustomed with the best means of responding to such issues.
• Knowledge of basic methods of securing electronic evidence.

About the key speaker:

Since ten years he has been full devoted to computer science. He focused his interests mainly on the topic of IT security issues, particularly in the field of networks and network software. He is a self-taught enthusiast. He pursues his passions around the world, providing assistance to companies and individuals. He has conducted trainings on safety issues and he carried out projects, audits and tests, working in international teams on domestic as well as foreign markets, where he gained and expanded his practical skills and knowledge in the field.

Workshop schedule