RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-7

Microsoft Ninjitsu:
Black Belt Edition

Timothy Mullen, NGSSoftware
Jim Harrison, Microsoft ISA Sustained Engineering Team
Dr. Tom Shinder, M.D. ISAServer.Org

This "Developed for Blackhat" training is the only one of its kind, and is an absolute must for anyone responsible for securing Microsoft installations. This course combines the most popular aspects of Tim Mullen's "Microsoft Ninjitsu and ISA Ninjistu" training sessions into an intense two day training that runs the gamut of securing Microsoft deployments from infrastructure applications of IPSec and Group Policy to the secure publication of SQL data into your DMZ and the secure provision external services via authentication perimeter DMZ segmentation. Quite simply, it is The Best Damn Microsoft training ever.

Led by industry experts, this class will cover security aspects of Active Directory, Exchange, SQL Server, IIS, as well as ISA Server in the building of secure DMZ structures and Remote Access models. If you deploy Microsoft technologies, this is the training you've been looking for.

What You Will Learn
The core technologies covered and skills you will take back with you from this course include:

Win 2003/2008 Domain Controllers

  • Active Directory Domains and Forests
  • DNS
  • Operation Masters and Global Catalogs / Sites and Services
  • Group Policy and Organizational Units
  • Certificate Services

Client Configuration

  • Leveraging XP Pro and Vista Clients
  • Security Policies
  • System Restrictions
  • Software Restrictions
  • Encryption and IPSec

Exchange 2003/2007

  • Setup and Configuration
  • Default protocols: HTTP, SMTP, POP3, IMAP
  • Multiple sites

SQL Server 2005 (touch on 2000)

  • Setup and Configuration
  • Authentication Modes
  • SQL Server/Agent Service Security Contexts
  • Client/Process data access and best practices
  • Auditing Tools

IIS 6.0/IIS 7.0

  • Setup and Configuration
  • ISAPI extensions and application mapping
  • WWW, FTP, SMTP Services
  • HTTPS Configuration and Certificates
  • Authentication models and NTFS Permissions
  • IIS Lockdown / URL Scan
  • Component Services
  • IIS 7.0 Core installation options

And much, much more.

Who Should Attend?
The main goal is to help students understand contemporary malware techniques, enable them to see the “bigger picture” over technical details and show possible approaches to compromise detection. Thus the course is primarily targeted for developers of security products, forensic investigators, pen-testers and OS developers.

Basic knowledge of OS design and implementation (specifically Windows), C programming, at least basic experience with debugging and ability to understand fragments of assembler code (IA32 architecture).

Due to the course content, the trainer reserves the right to train only employees of government, law enforcement and reputable companies. Please register for the course with an email address that you can send and receive from, which is hosted in your organization's domain. Black Hat reserves the right to verify your ability to respond to email at the address and cancel the order if the verification fails (no response within 7 days). If you register with an email address not hosted in your organization, we may ask you to provide an email address within the organization that we can use for verification.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Timothy Mullen

has been educating and training users in the technology sector since 1983 when he began teaching BASIC and COBOL through a special educational program at the Medical University of South Carolina (while still a high school senior). He then launched his professional career in application development and network integration in 1984. Mullen is now Vice President of Consulting Services for NGSSoftware, an international security software and consulting firm, and world leader in vulnerability discovery and research. Timothy Mullen has developed and implemented Microsoft networking security solutions for institutions like the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions. He has developed applications ranging from military aircraft statistics interfaces and biological aqua-culture management to nuclear power-plant effects monitoring for private, government, and military entities.

Mullen has been a columnist for Security Focus' Microsoft section, and is a regular contributor of InFocus technical articles. Also known as “Thor,” he is the founder of the "Hammer of God" security co-op group. Mullen’s writings appear in multiple publications such as Hacker’s Challenge, the Stealing the Network series, and in Windows XP Security. His security tools, techniques and processes have been featured in Hacking Exposed and New Scientist Magazine, as well as in national television newscasts and technology broadcasts. His pioneering research in “strikeback” technology has been cited in multiple law enforcement and legal forums, including the International Journal of Communications Law and Policy.

Mullen holds MCSE certifications in all recent Microsoft operating systems, has completed all Microsoft Certified Trainer curriculums and is a Microsoft Certified Partner. He is a member of American Mensa, and has recently been awarded the Microsoft “Most Valuable Professional” (MVP) award in Windows Security for the third straight year.

Jim Harrison

is a Program Manager with the Forefront Edge Products, ISA Sustained Engineering team. He retired from 20 years of US Naval service as a First Class Electronics Technician [ET1(SW)], maintaining and instructing on complex computer controlled communications, radar, satellite navigation and depth-finding systems. He originally joined Microsoft in 2000 as an integration tester for the Digital Broadcast Manager project, and followed that with the NetDocs team as a network application design and tester. It was during this project that he was encouraged to investigate this new thing called ISA Server for the data center deployment. As a result of this opportunity, he became afflicted with the ISA bug and has been a staunch supporter ever since. He joined the ISA Sustained Engineering team in 2003 and hasn't looked back since except wonder how it all came about. Jim is the primary point of contact for all ISA PSS cases that require product group attention. He also provides customer deployment design review services for MS Consulting and MS Security Technical Services, as well as MS-IT ISA deployments. He provides ISA deployment and troubleshooting guidance for MS-internal teams who use ISA for anything from lab isolation to through-ISA testing for their own products. He owns and operates and spends lots of time offering free help and advice to anyone wandering loose on the Microsoft ISA newsgroups or the listserv. He answers to his wife, daughter, son and daughter-in-law and his Microsoft Managers (in that order, of course).

Dr. Thomas W. Shinder

is an MCSE and ISA Server MVP. He has worked as a technology trainer, writer and and consultant since 1996. Before making the transition to IT and network engineering, Dr. Shinder was a practicing neurologist with special expertise in chronic neurological pain syndromes, central nervous system demyelinating disorders and atypical presentations of epilepsy. He has provided consultative security guidance to many large organizations, including FINA, Lucent, HP, Microsoft, and the US Federal Government.

Dr. Shinder is the author of five books on the ISA Firewall and a sixth book is in line for publication in the third quarter of 2007. In addition, he has done extensive documentation work directly for Microsoft for the ISA Server 2000, ISA Server 2004 and ISA Server 2006 products. Last but not least, Dr. Shinder is the thought leader and primary perpetrator of, the largest community of ISA Firewall admins and devotees on the Internet, with over 500 articles on the ISA Firewall and over 40,000 registered users. He is operated by his wife, Deb Shinder, for which he has obtained permission to participate in this class. Dr. Shinder requests that you refer to him as Tom during the course of the course.

registration button







1997-2009 Black Hat ™