What to bring:

This is a “lecture-style” training presentation combined with the advent of “Remote Dog and Pony Show” server access to illustrate real, live, in-production server and DMZ configurations currently deployed on active business networks, in addition to standard presentation materials. As such, there are no hardware requirements for attendees. However, we recommend that you bring your own wireless capable laptop system pre-configured with XP and/or Vista with your choice of virtual machine environments so that you can participate in in-class configurations changes. Internet access will be available, but only once you have proven yourself worthy for us to create the firewall rules needed to let you out. You should come ready to learn, and ready to participate in a typically fast-paced course with an open mind and a willingness to think differently. Some level of social skills coupled with a sense of humor is a definite plus.

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-7

Microsoft Ninjitsu:
Black Belt Edition

Timothy Mullen, NGSSoftware
Jim Harrison, Microsoft ISA Sustained Engineering Team
Dr. Tom Shinder, M.D. ISAServer.Org

Overview:
This "Developed for Blackhat" training is the only one of its kind, and is an absolute must for anyone responsible for securing Microsoft installations. This course combines the most popular aspects of Tim Mullen's "Microsoft Ninjitsu and ISA Ninjistu" training sessions into an intense two day training that runs the gamut of securing Microsoft deployments from infrastructure applications of IPSec and Group Policy to the secure publication of SQL data into your DMZ and the secure provision external services via authentication perimeter DMZ segmentation. Quite simply, it is The Best Damn Microsoft training ever.

Led by industry experts, this class will cover security aspects of Active Directory, Exchange, SQL Server, IIS, as well as ISA Server in the building of secure DMZ structures and Remote Access models. If you deploy Microsoft technologies, this is the training you've been looking for.

What You Will Learn
The core technologies covered and skills you will take back with you from this course include:

Win 2003/2008 Domain Controllers

Active Directory Domains and Forests
DNS
Operation Masters and Global Catalogs / Sites and Services
Group Policy and Organizational Units
Certificate Services

Client Configuration

Leveraging XP Pro and Vista Clients
Security Policies
System Restrictions
Software Restrictions
Encryption and IPSec

Exchange 2003/2007

Setup and Configuration
Default protocols: HTTP, SMTP, POP3, IMAP
Multiple sites
OWA (HTTPS/HTTP)

SQL Server 2005 (touch on 2000)

Setup and Configuration
Authentication Modes
SQL Server/Agent Service Security Contexts
Client/Process data access and best practices
Auditing Tools

IIS 6.0/IIS 7.0

Setup and Configuration
ISAPI extensions and application mapping
WWW, FTP, SMTP Services
HTTPS Configuration and Certificates
Authentication models and NTFS Permissions
IIS Lockdown / URL Scan
Component Services
IIS 7.0 Core installation options

And much, much more.

Who Should Attend?
The main goal is to help students understand contemporary malware techniques, enable them to see the “bigger picture” over technical details and show possible approaches to compromise detection. Thus the course is primarily targeted for developers of security products, forensic investigators, pen-testers and OS developers.

Prerequisites
Basic knowledge of OS design and implementation (specifically Windows), C programming, at least basic experience with debugging and ability to understand fragments of assembler code (IA32 architecture).

Due to the course content, the trainer reserves the right to train only employees of government, law enforcement and reputable companies. Please register for the course with an email address that you can send and receive from, which is hosted in your organization's domain. Black Hat reserves the right to verify your ability to respond to email at the address and cancel the order if the verification fails (no response within 7 days). If you register with an email address not hosted in your organization, we may ask you to provide an email address within the organization that we can use for verification.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Trainer:

Timothy Mullen

has been educating and training users in the technology sector since 1983 when he began teaching BASIC and COBOL through a special educational program at the Medical University of South Carolina (while still a high school senior). He then launched his professional career in application development and network integration in 1984. Mullen is now Vice President of Consulting Services for NGSSoftware, an international security software and consulting firm, and world leader in vulnerability discovery and research. Timothy Mullen has developed and implemented Microsoft networking security solutions for institutions like the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions. He has developed applications ranging from military aircraft statistics interfaces and biological aqua-culture management to nuclear power-plant effects monitoring for private, government, and military entities.

Mullen has been a columnist for Security Focus' Microsoft section, and is a regular contributor of InFocus technical articles. Also known as “Thor,” he is the founder of the "Hammer of God" security co-op group. Mullen’s writings appear in multiple publications such as Hacker’s Challenge, the Stealing the Network series, and in Windows XP Security. His security tools, techniques and processes have been featured in Hacking Exposed and New Scientist Magazine, as well as in national television newscasts and technology broadcasts. His pioneering research in “strikeback” technology has been cited in multiple law enforcement and legal forums, including the International Journal of Communications Law and Policy.

Mullen holds MCSE certifications in all recent Microsoft operating systems, has completed all Microsoft Certified Trainer curriculums and is a Microsoft Certified Partner. He is a member of American Mensa, and has recently been awarded the Microsoft “Most Valuable Professional” (MVP) award in Windows Security for the third straight year.

Jim Harrison

is a Program Manager with the Forefront Edge Products, ISA Sustained Engineering team. He retired from 20 years of US Naval service as a First Class Electronics Technician [ET1(SW)], maintaining and instructing on complex computer controlled communications, radar, satellite navigation and depth-finding systems. He originally joined Microsoft in 2000 as an integration tester for the Digital Broadcast Manager project, and followed that with the NetDocs team as a network application design and tester. It was during this project that he was encouraged to investigate this new thing called ISA Server for the data center deployment. As a result of this opportunity, he became afflicted with the ISA bug and has been a staunch supporter ever since. He joined the ISA Sustained Engineering team in 2003 and hasn't looked back since except wonder how it all came about. Jim is the primary point of contact for all ISA PSS cases that require product group attention. He also provides customer deployment design review services for MS Consulting and MS Security Technical Services, as well as MS-IT ISA deployments. He provides ISA deployment and troubleshooting guidance for MS-internal teams who use ISA for anything from lab isolation to through-ISA testing for their own products. He owns and operates ISATools.org and spends lots of time offering free help and advice to anyone wandering loose on the Microsoft ISA newsgroups or the isaserver.org listserv. He answers to his wife, daughter, son and daughter-in-law and his Microsoft Managers (in that order, of course).

Dr. Thomas W. Shinder

is an MCSE and ISA Server MVP. He has worked as a technology trainer, writer and and consultant since 1996. Before making the transition to IT and network engineering, Dr. Shinder was a practicing neurologist with special expertise in chronic neurological pain syndromes, central nervous system demyelinating disorders and atypical presentations of epilepsy. He has provided consultative security guidance to many large organizations, including FINA, Lucent, HP, Microsoft, and the US Federal Government.

Dr. Shinder is the author of five books on the ISA Firewall and a sixth book is in line for publication in the third quarter of 2007. In addition, he has done extensive documentation work directly for Microsoft for the ISA Server 2000, ISA Server 2004 and ISA Server 2006 products. Last but not least, Dr. Shinder is the thought leader and primary perpetrator of ISAserver.org, the largest community of ISA Firewall admins and devotees on the Internet, with over 500 articles on the ISA Firewall and over 40,000 registered users. He is operated by his wife, Deb Shinder, for which he has obtained permission to participate in this class. Dr. Shinder requests that you refer to him as Tom during the course of the course.

Early: Ends	Regular: Ends	Late/Onsite: Begins
USD	USD	USD