ABOUT THE CONFERENCE
CONFERENCE PROGRAM
EXPO
HIGHLIGHTS AND EVENTS
TRAVEL
My RSA Conference

Pre-Conference 2-Day Tutorials

Sunday April 6 and Monday April 7

SANSImmerse yourself in our pre-Conference 2-Day Tutorials, led by some of the most respected authorities in the industry from The SANS Institute. These sessions are highly technical and will take place Sunday and Monday, April 6-7.

 

John Strand

Session ID: TUT-S21
Time: 9:00 am - 5:00 pm
Title: Cutting-Edge Hacking Techniques; Hands-On
Speaker: John Strand, Instructor, SANS Institute
Register Now

Abstract: This session will provide you with up-to-date knowledge on the latest hacks developed over the last twelve to eighteen months. In addition to detailed descriptions of how the attacks function, this presentation will give you hands-on experience with the tools and their defenses.

Technical Requirements: Laptop Required: IMPORTANT - BRING YOUR OWN LAPTOP WITH WINDOWS. To get the most value out of the course, students are required to bring their own laptop so that they can connect directly to the workshop network that we will create. It is the students' responsibility to make sure that the system is properly configured with all drivers necessary to connect to an Ethernet network. Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class.
Johannes Ullrich

Session ID: TUT-S22
Time: 9:00 am - 5:00 pm
Title: Web Application Security Workshop
Speaker: Johannes Ullrich, Chief Technology Officer, SANS Technology Institute
Register Now

Abstract: This will be an advanced, hands-on, action packed course covering the principles of securing web applications, the common vulnerabilities that are leveraged by attackers, and general defense techniques to protect against future attacks.

Technical Requirements: Minimum hardware requirement,1GHz processor and 512M RAM. Laptop with Windows 2000 or XP is required, with the latest SP and patches and MS .NET framework 1.1 (Important!!!). Install VMWare Player on the laptop. VMware player can be downloaded for free at www.vmware.com. At the beginning of class, you will be given a Linux bootable CD. This CD will be booted within VMWare as a virtual image.
Marcus Sachs

Session ID: TUT-S23
Time: 9:00 am - 5:00 pm
Title: Critical Infrastructure Protection
Speaker: Marcus Sachs, Executive Director, National Security Policy, Verizon
Register Now

Abstract: This course is designed to give the student a full examination of the scope of critical infrastructure vulnerabilities, the dependence of critical infrastructures on the Internet and Internet security problems. Note: Available only to citizens of the United States or Canada, and government employees of Australia, New Zealand, and the United Kingdom. Proof of eligibility will be required when checking in at the conference as well as when entering the course room.

Technical Requirements: No laptop is required, but the subject material requires at least a working knowledge of computer networks and business decision making.
Tanya Baccam

Session ID: TUT-S24
Time: 9:00 am - 5:00 pm
Title: Intro to Pen Testing Web Applications
Speaker: Tanya Baccam, Instructor, SANS Institute
Register Now 

Abstract: This two-day course will address software security testing and how it fits into the development lifecycle. Sensible and practical methodologies will be presented, so you can apply these testing concepts to any of your web applications.

Technical Requirements: Minimum hardware requirement,1GHz processor, 512M RAM, CD ROM drive and an USB slot. Laptop with Windows 2000 or XP required, with the latest service packs and patches.

Install the following software on the computer:

  • Java Runtime Environment (JRE), please download from sun.com
  • Firefox (latest version)
  • Please install VMWare Player on the laptop. VMware player can be downloaded for free at www.vmware.com. At the beginning of class, you will be given a Linux bootable CD. This CD will be booted within VMWare as a virtual image. You must have ability to disable host firewall (Windows firewall or other third party firewall) running on your desktop. This usually means you need to have administrative privilege on the machine. The Windows host and Linux host need to talk to each other through the VMWare network interface. A firewall could disallow such communication and render some of the exercise unsuccessful.
Lenny Zeltser

Session ID: TUT-S25
Time: 9:00 am - 5:00 pm
Title: Reverse-Engineering Malware: The Essentials of Malware Analysis
Speaker: Lenny Zeltser, Security Consulting Manager, Savvis, Inc.
Register Now

Abstract: Expand your capacity to fight malicious code by learning how to analyze viruses, worms and trojans. This two-day course discusses the essential techniques for examining malware using a variety of system monitoring tools, a disassembler and a debugger.

Technical Requirements: Laptop Requirements: A properly configured laptop is required to participate in this course. Prior to the start of class, you must install the necessary software as described below. If you do not carefully read and follow these instructions, you are guaranteed to leave the course unsatisfied, since you will not be able to analyze malware specimens that will hand out. The following are minimal hardware requirements for your laptop:

  • CD-ROM drive
  • PIII 800Mhz CPU (a faster processor is strongly recommended)
  • 512MB RAM (more memory is strongly recommended)
  • 2GB of available disk space (more space is recommended)

VMware for System Isolation:
You will use VMware to simultaneously run multiple virtual machines when performing hands-on exercises. You must have VMware Workstation version 5.0 or higher installed on your system. If you do not own VMware, you can download a free 30-day trial copy from www.vmware.com. If taking advantage of the trial offer, please make sure that the license will not expire before you complete the course.
When analyzing malware, you will make use of a virtual Windows machine running within VMware. You will be asked to infect this virtual machine when examining malicious code. You must create a Windows XP virtual machine using your copy of VMware before coming to class. Please patch the virtual machine with the latest updates available from Microsoft. Hands-on exercises will involve operating with malicious code. Although VMware will provide you with reasonable isolation, we do not recommend using a production system as your laboratory machine. We expect you to exercise due caution when handling malicious code.

Additional Tools You Will Receive:
We will provide you with additional tools for completing hands-on exercises. Additionally, we will provide you with a pre-built virtual Linux machine for VMware, so that you do not need to build your own. Hardware requirements outlined above are meant to ensure that you have sufficient memory and disk space available to simultaneously run the Windows virtual machine (that you will build yourself) and the Unix virtual machine (that we will provide to you).

Final Checklist:
We suggest going over the following checklist to make sure that your laptop is prepared for the course:

  • The laptop meets hardware requirements outlined in this note
  • VMware Workstation 5.0 or higher is installed
  • The VMware license will not expire before the class (if using a trial copy)
  • You created a Windows XP virtual machine image that includes the latest updates from Microsoft
  • The Windows VMware machine runs using host-only networking mode
Josh Wright

Session ID: TUT-S26
Time: 9:00 am - 5:00 pm
Title: Analyzing Wireless Security
Speaker: Joshua Wright, Senior Security Researcher, Aruba Networks
Register Now

Abstract: This course is designed to help security analysts, auditors and administrators understand wireless network real risks and vulnerabilities through hands-on experience with exploit tools and a technical understanding of where wireless security fails. Through expert-level instruction and hands-on lab exercises, students will gain experience and guidance to navigating the rapidly changing world of wireless security. As part of the course, students will receive the SANS Wireless Auditing Toolkit (SWAT). This combination of hardware and software was selected to provide students with the physical tools needed to assess wireless networks based on tried-and-true analysis practices.

Technical Requirements: Laptop Requirements: Intel-compatible Pentium II class or later laptop with a PCMCIA slot and a CD-ROM that can be used to boot an operating system. In addition, students should bring a USB thumb drive to class. Students in previous classes have found this useful to save their work especially while using the CD-based Linux operating system.