Events

 
Blackhat: Look Into the Eye of the Meter
When you look at a Smart Meter, it practically winks at you. Their Optical Port calls to you. It calls to criminals as well. But how do criminals interact with it? We will show you how they look into the eye of the meter. More specifically, this presentation will show how criminals gather information from meters to do their dirty work. From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired. Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye.
 
Defcon: Look Into the Eye of the Meter
When you look at a Smart Meter, it practically winks at you. Their Optical Port calls to you. It calls to criminals as well. But how do criminals interact with it? We will show you how they look into the eye of the meter. More specifically, this presentation will show how criminals gather information from meters to do their dirty work. From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired. Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye.
 
Samurai WTF Course at AppsecDC
Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of two different web applications, including client side attacks on the browsers connecting to those sites. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a third web application. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
 
Mike Poor Chairs the SANS Incident Detection Summit
The Incident Detection and Log Management Summit will offer two full days of content in a single track, consisting of expert keynotes, professional briefings and dynamic panels. It will concentrate on network-centric and host-centric methods to detect intruders that work in the real world. We will also focus on which logging configurations capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you to quickly isolate and repair affected systems after an intrusion.
Washington, D.C. December 8-9, 2010
 
SANS Cyber Defense Initiative 2010

Come to the annual Cyber Defense Initiative conference for 2010. Ed and Mike will be teaching nad presenting at this conference.
Washington, D.C.
December 10-17
Ed Skoudis is teaching: SANS Sec 504 Hacker Techniques, Exploits & Incident Handling
Mike Poor is teaching: SANS Sec 503 Intrusion Detection In-Depth
Ed Skoudis is teaching: SANS Sec 580 Metasploit Kung Fu for Enterprise Pen Testing