SANS Network Security 2010

 training  No Responses »
Sep 162010
 

If any readers are in Vegas next week for SANS Network Security 2010, get in touch.  I will be in town from Sunday to Sunday, and I’ll be taking SEC 709: Developing Exploits for Penetration Testers and Security Researchers, which I am very much looking forward to.  This is being advertised as the most advanced of SANS classes, and I’m looking forward to the challenge.  Chris Mohan, of Security for a Day, will be in the same class.

Even if you’re not in the same class, get in touch with me by email or twitter and maybe we’ll run into each other somewhere at Caesars.

 Posted by wesley at 12:48 pm

Slides for this week's lectures in CSE 4243/6243

 training  No Responses »
Sep 112009
 

While Dr. Vaughn was traveling this week, I lectured the CSE 4243/6243 Information and Computing Security class on Wednesday, and today (or will, in about 30 minutes).  These two lectures are a mile-high overview of terminology and examples surrounding vulnerabilities, exploits, malware, and denial of service attacks.  Chapter 3 of Charles P. Pfleeger’s Security in Computing, 4th Edition was the assigned reading for this week, and much of the material in the slides for this lecture was adapted from this text or used it as a guide.

The slides area available here, for the students who would like to add them to their study materials for the upcoming test, and for anyone else who might be interested:

The slides may be of limited use without the accompanying lecture, as I often bump out of the slides to look at classic or recent examples of things on the Internet.  I’m more than happy to talk about them to anyone who contacts me, though.

 Posted by wesley at 7:29 am

Black Hat USA 2008 and Defcon 16 Audio Available

 links, training  9 Responses »
Sep 112008
 

A while back, I posted about darkoz having to find a new home for the hacker media archive.  Well, it appears that he has found a replacement.  The previous mirror on Easynews now points to the new location:

…and what’s more: There are MP3′s available of the recent Black Hat USA 2008 and Defcon 16 conferences :-D .  I’m looking forward to stuffing my iPod full of these:

Many other excellent conferences have materials available in this archive, too.  I think it’s a great educational resource, and a great way to fill your head with new ideas in security between episodes of Pauldotcom Security Weekly, Network Security, and Securabit.

Many thanks to darkoz and the new hosts!

 Posted by wesley at 9:46 am

Lecturing on Security Principles tommorow

 training  2 Responses »
Sep 082008
 

Tommorow, from 11:00AM to 12:15PM CDT, I will be lecturing the CSE 4233 – Software Architecture and Design class here at Mississippi State University’s computer science department, where I’m working on my Ph.D. dissertation and security research. The lecture is on the basic security principles presented in the classic paper, “The Protection of Information in Computer Systems”, by Jerome H. Saltzer and Michael D. Schroeder.

I’m looking forward to meeting the students of this class, and I think I’ve got a pretty good lecture lined up for them.  I’ve made the slides and notes available here on my website, for the students, and anyone else who is interested:

A web accessible edition of the original Saltzer and Schroeder paper is available here.

 Posted by wesley at 2:52 pm

Defcon 15 Videos Online

 training  No Responses »
Sep 042007
 

While looking for something else, I noticed that many of the talks from Defcon 15 were uploaded to Google Video yesterday. I have really been looking forward to seeing some of these talks, and wasn’t expecting them to be online so soon, so it’s a very pleasant surprise :) . Here’s a link to a query that should show all of them:

 Posted by wesley at 12:58 pm

Blackhat Conference Materials are Back

 training  No Responses »
Aug 182007
 

…at least until folks go crazy with wget again ;) . The rapidshare link is up here, if you need whole thing, but I’d like to be able to provide them on my site for folks to browse around, get something specific, or in cases where something like rapidshare might be blocked.

If anyone has video or audio from Blackhat or Defcon this year, or slides/papers from Defcon, please get in touch. I can keep things private, if need be.

 Posted by wesley at 3:14 pm

BlackHat 2007 Slides, Papers, Extras

 training, Uncategorized, vulnerabilities  No Responses »
Aug 032007
 

In the normal course of causing trouble on IRC today, a friend pasted a URL to what appears to be the contents of the BlackHat USA 2007 conference materials CD. I figured my dear readers would be interested in having some reading material for the weekend, but I have no idea who owns the site to see if they would mind me linking. So, I’ve mirrored the contents here for your pleasure. A lot of the presentations look very interesting, and I’m looking forward to digging through it myself. Hopefully audio/video will be made available soon.

BlackHat USA 2007 materials!

 Posted by wesley at 8:59 am

Little Things: Last Checks Before Locking Your Screen

 defense, social engineering, training  1 Response »
Jun 252007
 

(I haven’t posted in a while, since I meant to do a post about various apps a security professional might want on their Windows Mobile/Pocket PC phone. Aside from other engagements, I’ve just been having too much fun playing with the different programs available for my phone to actually write anything down. It’s very addictive, but I promise you’ll see the fruits of all the tinkering on here soon. Really :) . )

Most security conscious people make use of their operating system’s “Lock Workstation”, “Lock Screen”, or similar locking functionality whenever they need to step away from their computer for a moment. It’s convenient, since all of your programs are still running and sitting there just like you left them, unlike having to start from a clean slate by logging out and back in. Some people may have picked up on using this security feature, due to an office culture of pranks (such as humorous wallpapers) pulled on those who leave their computers unattended. If your organization’s policy doesn’t put a damper on such pranks already, it can be an effective way (though not necessarily the best way ;) ) to get people to lock their screens.

One important aspect of screen-locking that people don’t normally consider is the environment in which the screen will be unlocked. If you’re sitting at your desk working on a confidential document and someone walks into your office, you can minimize the document before they see it (if you can’t, rearrange your office!). However, if someone is already in your office, followed you in during a discussion, or is otherwise in viewing range of your screen when you sit down to unlock your session, it will be a race for you to minimize the sensitive data once you have unlocked, and the chances of a glimpse are much higher. This can be an even more serious issue, when it comes to laptops, where the situations they are locked and unlocked in may vary greatly as they are carried around (imagine a worst case scenario of it being unlocked while hooked up to a projector).

So what do you do? You make a habit of hitting the “show desktop” (or equivalent) button to minimize everything before locking your screen. Then, once you unlock, you can selectively bring applications back up from minimization, as the situation allows.

As the title advertises, it’s a little thing. However, it doesn’t take much time, it’s easy to explain to your users, and can prevent some cases of accidental disclosure.

 Posted by wesley at 12:19 pm

SANS Starkville! Stay Sharp: IP Packet Analysis

 analysis, network, SANS, training  1 Response »
Mar 202007
 

I’m really excited to announce that I will be teaching the SANS Stay Sharp: IP Packet Analysis training course here on the Mississippi State Campus, in cooperation with the Center for Computer Security Research. This will take place on Thursday, May 10th, from 6 to 9 PM. You can find out more information about the class and how to register here.

The class is an excellent introduction to getting your hands dirty with analyzing pcap dumps with various tools, and even how to do it manually. I feel that the latter is very important when you first learn about the various protocols involve, and comes in very handy when you eventually run across packets that are either malformed or part of a protocol you aren’t familiar with yet. It’s a useful skill that will come in handy not only in incident response, but also in writing custom rules for firewalls and intrusion detection systems.

If you sign up, be sure to tell them that Wesley McGrew referred you ;) . I’m looking forward to meeting the attendees and making it an enjoyable and educational experience. I’d like for everyone to be able to walk away with techniques they can immediately apply.

As a final note, it is likely that my wife will be making some of the sweets available as refreshments. Those of you who have experienced Crystal’s baking can vouch that it’s worth the price of admission for this reason alone.

 Posted by wesley at 1:05 pm

Introduction to Web Security

 training, vulnerabilities, web  2 Responses »
Mar 182007
 

After wrangling a bit with a good way to add it to the “services” section, I have added a training section to the site as a top-level section, and should be accessible from the menu at the top of each page. This will wind up being where you can get information on the training and lectures that I present. Very Soon Now, it’ll have information about the SANS courses that I will be teaching on the Mississippi State University campus.

I’ll also be providing materials for many of the lectures and such that I personally create. That is the case with the first entry to this new section. I will be lecturing the Distributed Client-Server Programming class at Miss. State on Tuesday, so I needed a place for the students to download the slides and handouts :) . Hopefully others will find it interesting as well.

The topic for this lecture is Web Application Security, and it serves as an introduction. The students have been learning how to develop web-based applications in this class, and this should hopefully raise their awareness of the threats their applications will face. There is a low barrier of entry to attacking web apps, and I think this will open their eyes to that fact.

A comprehensive look at the topic would take many days of lecturing, so I’ve limited this to a handful of the most pressing issues that illustrate the problems with untrusted clients and unfiltered input. I cover the problems with obscured interfaces, hidden form elements, client-side filtering, cross-site scripting, SQL injection, session handling, and password storage. These are the problems I see time and time again with the student projects in this class (and production web apps!), so I figure that awareness is a good starting point. Stuffing values into hidden form elements so that you don’t have to retrieve them from the database later when it gets POSTed sounds like a wonderful idea until someone shows you how easy it is to modify that data ;) .

The slides and handouts are available here.

 Posted by wesley at 9:03 pm
© 2012 McGrew Security Suffusion theme by Sayontan Sinha