[Owasp-rochester-announce] Rochester OWASP Chapter meeting April 15th - Hands-on Ethical Hacking

Ralph Durkee rd at rd1.net
Wed Mar 11 18:18:50 UTC 2015


*Rochester OWASP  Chapter meeting April 15th 5:30pm at Nixon Peabody*

Join us for the next OWASP chapter meeting is Wednesday April 15th
5:30pm at Nixon Peabody in downtown Rochester, NY at 1300 Clinton
Square, 13th floor (free parking is available underneath the building,
bring the parking ticket to the meeting for validation)  The meeting is
free, but seating is limited, and advance registration is required so
Please RSVP by March 31st to Ralph.Durkee @ OWASP.org

*Hands-on Ethical Hacking: Preventing and Exploiting Stack Overflow
Vulnerabilities*

We'll have a hands-on Ethical Hacking training session on preventing and
exploiting stack overflow vulnerabilities.  In the session we'll discuss
how to find a buffer overflow vulnerability and then develop a
customized exploit for a stack based buffer overflow.  We'll also
discuss and test mitigating techniques such as address randomization,
stack protections mechanisms, non-executable stacks and of course secure
programming to prevent buffer overflows. 

The course will use a virtual Linux system with the required tools
running on your own laptop.  Attendees should be comfortable with the
Linux command line, and be familiar with basic C/C++ programming.  We'll
be using the Gnu development tools such as gcc, gdb, and make. Vim,
Emacs and Eclipse will all be installed for your editing and exploit
writing pleasure. You must bring your own laptop. The laptop can be MS
Windows, Mac or Linux, just make sure you have a recent version of
VirtualBox installed and working.   Having a DVD reader is recommended
for transferring the VM, but we will also have a single shared USB DVD
drive available.

*Laptop Requirements: *
At least 4Gb RAM

  * 20 Gb of free disk space
  * Recent version of Virtual Box installed and working.
  * Administrator or root privileges for the laptop.
  * Comfortable with Linux Command Line and g++ / gcc.
  * Some C/C++ Programming is recommended.


*Biography*
Ralph Durkee is the principal security consultant and president of
Durkee Consulting, Inc since 1996. Ralph founded the OWASP Rochester, NY
chapter and has served on the board since 2004. Ralph served on the ISSA
chapter board to start the Rochester ISSA chapter as well as starting
the annual Rochester Security Summit. He has served as the ISSA chapter
president since 2010. He performs a variety of network and application
penetration tests, software security assessments and secure software
development consultations for clients. His expertise in penetration
testing, incident handling, secure software development and secure
Internet and web applications is based on over 30 years of both hands-on
and technical training experience. He has developed and taught a wide
variety of professional security seminars including custom web
application security training, and SANS SEC401 & SEC504 - Hacker
Techniques and Incident Handling and CISSP bootcamp courses since 2004.
Ralph also regularly consults on the development and implementation of a
wide variety of security standards such as web application security,
database encryption, Windows, and Linux security. Ralph also has done
security consulting for compliance with the Payment Card Industry Data
Security Standard, and holds the following certifications CISSP, C|EH,
CRISC, GSEC, GCIH, GSNA, GCIA, and GPEN.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-rochester-announce/attachments/20150311/28761219/attachment.html>


More information about the Owasp-rochester-announce mailing list