Register On-line Sponsorship Schedule Location & Lodging Course Descriptions General Information
Virginia Tech Internet Security Training Workshop Menu
March 3-8, 2008 - Torgersen Hall - Virginia Tech - Blacksburg, VA Course Descriptions

Audit 521: Meeting the Minimum Standard for Protecting Credit Card and Other Private Information PCI CISP: The Visa Digital Dozen
March 3-4, 2008
Instructor: Randy Marchany, Virginia Tech

Course Overview

The payment card industry has been working over the past several years to formalize a standard for security practices that are required for organizations who process or handle payment card transactions. The fruit of this labor is the Payment Card Industry Cardholder Information Security Program.

This standard, which started life as the Visa Digital Dozen, is a set of focused comprehensive controls for managing the risks surrounding payment card transactions, particularly over the Internet. Of course, compliance validation is one of the requirements. This course was created to allow organizations to exercise due care by performing internal validations through a repeatable, objective process. While the course will cover all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured. Every student will leave the class with a toolkit that can be used to validate any PCI CISP environment technically and the knowledge of how to use it.

Sampling of Topics

  • Requirements for compliance
  • Compliance guidance for each control
  • Suite of tools for validating technical compliance
  • Explanation of alternative controls
  • Discussion of determining scope for compliance requirements

Laptop requirements associated with this course: http://www.sans.org/training/laptop.php?tid=1962&portal=c7c07987ab9960fbccfb238
LaptopRequirementsAudit5.doc

Security 514: Advanced Network Worm and Bot Analysis - Hands On
March 5, 2008
Instructor: Mike Poor, Intelguardians

Course Overview

Businesses worldwide suffer the impact from network worms and bots. Over the last 5 years, mobile malicious code has seen a tremendous evolution in sophistication and distribution. Worms that ravaged the Internet years ago are still roaming, infecting new machines as they come online. Malicious bot nets wreak havoc by compromising systems, stealing financial information and rendering web services unavailable through denial of service attacks. This advanced one-day course examines techniques and strategies for detecting, preventing, and mitigating the damage from these Internet-borne threats.

Sampling of Topics

  • Network base-lining techniques
  • Bot-net command and control
  • Worm case studies
  • Using Dshield for Worm Propagation Analysis Exploit traffic analysis methodology and labs Mitigation strategies

Laptop requirements associated with this course: http://www.sans.org/training/laptop.php?tid=197&portal=1eea5a297f76b0 1185615576bcbfd5b7
AdvancedNetworkWormandB.doc

Security 531: Windows Command-Line Kung Fu In-Depth for Info Sec Pros
March 6, 2008
Instructor: Ed Skoudis, Intelguardians

Course Overview

To maximize their value in handling the latest generation of spyware and conducting detailed investigations, security personnel should wield some Windows command-line Kung Fu. Many people do not realize the power of the Windows command-line and have confined themselves inside the prison of the Windows GUI. But, sometimes, in the face of extremely nasty malware that disables GUI-based tools, security personnel are forced to the command line to analyze an infestation. Don't fret! In this fun and engaging session, we'll discuss in depth one of the most powerful command-line tools built into Windows, wmic, and how it can greatly improve the capabilities of security personnel, incident handlers, and even auditors. We'll also look at other really powerful built-in commands to monitor systems and analyze them for indications of compromise. Based on one of SANS most popular webcasts, this session expands the discussion into a full-day of hands-on depth with fun labs and examples. For example, do you know how to kill a bunch of processes based on their name across the network using only built-in Windows tools? How about finding out whether a given patch is installed, the date it was installed, and the user who installed it, again remotely and using only built-in features? What if your GUI is shot by a rootkit, and you want to see which services are associated with each process, and which DLLs those processes have loaded? How can you run a single command that will show you with one-second accuracy when a piece of malware receives a connection from a bad guy on the network, along with the ProcessID of the malware and IP address of the bad guy? After this session you will be able to do all of this and more... much more. For this session, have a Windows XP Pro or Windows 2003 box handy (WinXP Home won't do!), grab a soda, pop up a cmd.exe, and get ready for some serious Kung Fu.

Sampling of Topics

  • Overview of the Windows command shell
  • Interacting with the shell
  • Interacting with the file system
  • Interacting with the network and user accounts
  • Interacting with processes and services
  • The wonderful world of WMIC
  • Iterating with powerful FOR loops
  • Other Odds and Ends
  • Challenges

Laptop requirements associated with this course:
SEC531WindowsCommand-Line .doc

Security 601: Reverse-Engineering Malware: The Essentials of Malware Analysis
March 7-8, 2008
Instructor: Lenny Zeltser, Gemini Systems

Course Overview

Deepen your understanding of malware analysis tools and approaches with this two-day course, building upon the concepts covered in Reverse Engineering Malware: The Essentials of Malware Analysis.

You will learn to examine malicious code, to understand its logic by identifying key logic structures. You will understand how to work with PE headers and handle DLL interactions. You will also develop skills for analyzing self-defending malware through advanced unpacking techniques and bypassing code-protection mechanisms. Finally, you will discover how to bypass obfuscation techniques employed by browser-based malicious scripts.

This course explores advanced techniques of examining inner-workings of malicious software. You should already understand the fundamentals of reverse-engineering malware, and must be able to perform essential behavioral and code analysis tasks.

Hands-on workshop exercises are an essential aspect of this course, and allow you to apply reverse-engineering techniques by examining malicious code in a carefully-controlled environment. When performing the analysis, you will study the supplied specimen's behavioral patterns, and examine key portions of its assembly code.

Sampling of Topics

  • Identifying assembly logic structures
  • Working with PE headers
  • Handling DLL interactions
  • Advanced unpacking
  • Bypassing code-defense mechanisms
  • Analyzing advanced browser malware

Laptop Required

Laptop requirements associated with this course: http://www.sans.org/training/laptop.php?tid=1712&portal=27dca1ce5b411 443404fa22fe21c83d0
SEC601REMEssentials.doc

Guest Wireless LAN at Virginia Tech:

Wireless internet access will be provided for all participants for the duration of the course. Registered participants will be contacted by email prior to the course with details on how to setup and configure your laptops for access.



General Information | Course Descriptions | Location & Lodging | Schedule | Sponsorship | Register On-Line