PacSec: Security Masters Dojo Tokyo
| Next Session Dates: | November 6 2009 |
| Venue: |
Aoyama Diamond Hall Tokyo, Japan |
| Duration: |
One Day Courses. Sessions begin at 10:00 a.m. and go to 6 p.m. |
|
Registration Mininum: |
3 Students per course session |
| Price: |
CDN$1400 - Until Oct 29 23:59 JST CDN$1850 - Onsite |
Dojo 1 ‹Assembly Programming and Reverse Engineering Course› by Yuji Ukai
Following topics are covered by the training. (Japanese Only)
- OS/Windows Kernel/IA32 Architecture
- IA32 Assembly programming basics
- Win32 binary programming
- IDA basics
- API hooking and sample programming
- Sample programming of code execution in data area
- Shellcoding/Exploit coding
- Reverse engineering
- Packer decryption
- Anti-Debugging/Anti-Anti-Debugging
- Vulnerability hunting
- Sample malware Analysis
- Sample exploit Analysis
Prerequisites
- students should have intermediate understanding of the C and C++ program
- It is recommended that students are familier with MS Visual Studio
operation and basic x86 assembly knowledge
- must prepare: PC with Windows XP, Visual Studio 2008 or later, IDA pro demo/pro, binary editor, Sysinternals Suite
Recommended materials
- ISBN4-7561-0213-1
- Intel Architecture Software Developer's Manual
- Intel Instruction Set Reference Manual
Dojo 2 ‹Java/JEE security Dojo: Attack and Defense strategies› by Mark Schoenefeld
(English Only)
In this dojo you will learn about both about the
attacker and defense perspective on Java/JEE applications.
First we focus on the Java platform, the JRE and
it's system classes. We identify the attack surface
and analyze the cause and effect of real-life
vulnerabilities.
In the second part we re-use the knowledge from the platform perspective
and move towards Java enterprise applications. Here we
reuse the java-specific attack patterns and combine
these to general attack/defense strategies that
are relevant for Ajax, Webservices and other distributed
application scenarios.
In detail we cover:
- The Java security architecture
- The System classes as attack Surface
- Relevant Payload (Serialized objects, RMI, IIOP, Media Files, Fonts)
- Analysis of real-life attacks on the JRE platform
- Hardening your java installation
- JEE and attack scenarios
- Web-based threats, attack and defense from a java perspective
- Analysis of real-life attacks on the JEE systems
- Specific aspects of WebServices, Ajax-Frameworks et al.
- Hardening your app server with a security manager
Preconditions:
- Basic understanding of java programming
- Fundamental knowledge of security engineering
- To follow the examples, optionally bring your own laptop with
VirtualBox installed and 10GB free space
To address the need for intermediate and advanced educational requirements that go beyond the introductory materials typically found in most currently existing training (which are often geared towards the novice level) for professionals who already have significant work experience, and want to further improve their skills, we have assembled a curriculum of hands-on, one day, training programs - delivered by industry renowned experts who are pre-eminent in their fields.
This is information security university level training for practitioners who already have substantial knowledge and wish to broaden their boundaries. It goes beyond introductory level material to focus and delve more deeply into technical subjects that aren't addressed in other currently available training.
Please mail ![dojo07 [at] pacsec.jp](/images/email_psj07_dojo.png)
to be put on the announcement list for the Dojo.
