ISSA-BE recently installed a webfunction allowing us to better handle the event-registration process. For the interested ISS professional multiple advantages are made available:

1 Event information online

2 Self registration

3 Profile self management

4 Interaction with ISSA-BE community (soon).

Unfortunately as we are all volunteers, not all improvements came without glitches. So last week we've seen such glitches showing up, then being handled and dissappear. One particular software was unavailable for support due to their Thanks-Giving festivities, rendering  one glitch a semi persistent state, almost becoming an APT.

It has been dealt with.

Webmaster Rob

The ISSA Brussels-European Chapter is proud to announce our 1st December event:

THF - The Hex Factor 

We invited Pieter Danhieux - all the way from Australia! - and Daan Raman and Tim Beyens.

The Schedule:
18h00 - 18h30: Welcome at Ernst & Young
18h30 - 19h30: Part 1: Exfiltration techniques in a corporate network by Pieter Danhieux and Daan Raman
19h30 - 19h45: Networking break
19h45 - 20h45: Part 2: The Hex Factor - Live solving two hacking challenges by Tim Beyens and Daan Raman
20h45 - 21h30: Networking & closure

With special thanks to Ernst and Young for hosting of the evening and for the catering.

The Venue :
E&Y
Pegasus Park
De Kleetlaan, 2
B-1831 Diegem

how to get there

Registration procedure:  Closed

Abstract Exfiltration techniques in a corporate network
During this technical presentation, Pieter will talk about and demonstrate different techniques that were and are being used to bypass typical network defences to create ex-filtration channels from the early 90's until now. One of these techniques includes tunnelling through the internal DNS systems which could become more and more prevalent in the next year (and he will explain you why). Together with Daan, they will provide insights and give a demo about an unreleased Metasploit stager which uses the DNS system as a communication channel.

Abstract The Hex Factor - Live solving two hacking challenges
During the presentation we will solve two hacking challenges provided at The Hex Factor in 2010. The first hacking challenge will be a reverse engineering challenge which will be presented by Daan. The second challenge will be a penetration testing challenge presented by Tim.

The presentation will focus on the technical aspects on how to solve the challenges (e.g. how to fully exploit an SQL injection, how to disable WAF from an external perspective), but will also highlight the business impact these vulnerabilities have and why clients should test their applications prior and during deployment.

Bio - Daan
Since 2009, Daan has been a member of The Hex Factor. As an active volunteer, Daan is one of the core members developing hacking challenges, focusing on reverse engineering. He also helps organizing and running editions of The Hex Factor at security conferences all across the world (e.g Hack in The Box, SANS, etc).

Daan is currently employed at Ernst & Young as a penetration tester in the Financial Services space, with a strong focus on web application security. His clients mainly consist of banks and insurance companies. Before starting at Ernst & Young, Daan worked for two years at a risk analysis firm in the lovely city of Ghent, developing and implementing risk models.

Bio - Pieter
Pieter Danhieux is a certified instructor for the SANS Institute, teaching military, government, and private organizations offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. He is also one of the founders of the security and hacking conference BRUCON in Belgium, where he has designed and run cyber-intrusion exercises (The Hex Factor) across Europe since 2009 together with a group of talented people.
He currently works at the BAE Systems stratsec, the cyber security team in Australia and South-East Asia of this multinational defence, security and aerospace company. Before that, Pieter worked for seven years at Ernst & Young in Europe and Oceania as one of their information security experts running a team of security resources operating in the financial industry and telecommunication space.
Pieter is doing a blitz visit to Belgium before flying of for SANS London.

Bio - Tim
Tim Beyens has been professionally active with information security since 2009 at Ernst & Young. At Ernst & Young he is focused on performing attack & penetration exercises for telecommunication companies, executing DRP and network reviews. The latter focusing on the security aspects of the network set-up.

Next to all the technical work he is performing at Ernst & Young Tim is an active member at The Hex Factor, creating hacking challenges for the community and running The Hex Factor at security conferences. Within The Hex Factor Tim develops the ‘pwnd’ levels or the penetration testing levels.

The ISSA Brussels-European Chapter is proud to announce another interesting event:

IPv6 Security 

IPv6 is a protocol which will impact everyone of us in the near future.

We invited Marc Lampo and Eric Vyncke, experts in the field of IPv6 to talk about the challenges and security implications that this protocol brings.

The Schedule:
18h00 - 18h30: Reception & drinks
18h30 - 19h30: Marc - "IPv6, a new protocol, with new challenges."
19h30 - 19h45: Networking break
19h45 - 20h45: Eric - ‘What about forensic and audit in a post IPv4-address exhaustion world?’
20h45 - 21h30: Networking & closure

The Venue is kindly provided by Cisco:
Cisco
Pegasus Park
De Kleetlaan, 6A
B-1831 Diegem

Registration procedure:  Please click on registration button. {dtregister}4{/dtregister}

Bio's

Marc Lampo performs part-time, free-lance consultancy, specialised in networking and security.
Because of its importance, focussing on IPv6, both for network related and security related aspects.
Over 25 years of networking experience, as teacher, working with an ISP and with two integrators.
Presently full time employed as security officer for EURid.

Since 1997, Eric Vyncke works for Cisco as a Distinguished Engineer reporting to the CTO by helping customers with security designs and since 2005 with IPv6 deployments. He assists product design by advising engineering teams in Cisco.
He is a guest professor at a couple of Belgian Universities (where he helped the IPv6 deployment), participates regularly at the IETF (author of RFC 3585 & 5514). He is also a respected speaker at several conferences such as RSA Conferences.
He holds a CISSP certification and is the main author of 'LAN Switch Security' and the co-author of 'IPv6 Security'.

Abstracts

"IPv6, a new protocol, with new challenges."
The motivation for IPv6 should be clear, by now, I'll spend only little time on this.
But rather focus on what IPv6 does in a different way then IP(v4)
and so point at new challenges for network and security administrators.

"What About Forensic and Audit in a Post IPv4-address Exhaustion World?"
The long-planned IPv4-address exhaustion is now a reality. This brings two new technologies: sharing IPv4 address among thousands of individuals and deployment of IPv6. Both techniques have their own challenges to keep forensic and auditing working. This session explains what the limitations are and the future prospect of each. Corporations must be ready for both for at least 10 years!

This December SANS returns to London for SANS London 2011, running from December 3 - 11th

This is the biggest information security training event outside of the US. There are classes coving penetration testing, audit, forensics, and more, and add to that the top level of instructor that can always be guaranteed with SANS classes this is an event not to be missed. With the option of taking addition shorter one or two day classes before and after the main classes, the added value of evening talks on cutting edge topics through the week, or take parting in one of the challenges running (such as The Hex Factor organized by our Belgian volunteers), it is understandable why SANS London has broken attendance records year on year, and even with over 400 security professionals in attendance in 2010, with security incidents making headlines on a regular basis organisations are realising the importance of obtaining the best security training possible and this means that SANS London 2011 is even more demand than ever. Class places are limited, so don't miss out, register today at https://www.sans.org/london-2011/ and remember, all ISSA members using the code which was emailed to you, will receive an additional 10% discount on tuition fees. Start making your plans today and we hope to see you in London.

Well for those non-member readers you might as well become a member of ISSA and take advantage of it!