Fighting Hackers and Malware

A Practical Course and Hands-on Lab

26 – 28 October 2015

Overview

IT security has over recent years become a crucial consideration for businesses and organisations across all industries in both the private and public sectors. As the number of threats is growing, all those involved in IT infrastructure, from the CEO right down to network users, need to keep one step ahead and alert regarding potential threats to their business.

This 3-#day course provides a comprehensive overview of the latest IT security issues and what they could mean for your business from both theoretical and practical perspectives. It includes a 1.5-day practical hands-on lab, during which participants will investigate and learn to fix and defend virtual images of infected systems.

Target audience

IT professionals from all industries such as :

• #Application or software developers
• Network and #system operators
• IT Directors or Chief Information/Security Officers (CIOs, #CISOs, CSOs)
• System #architects and managers

Organisation

• School of Computer and Communication Sciences (IC), Ecole Polytechnique Fédérale de Lausanne (EPFL)

Objectives

• Get a full overview of the latest IT security issues
• Understand the problems and main solutions of privacy protection
• Learn about what IT professionals must watch out for to develop and deploy secure software
• Get hands-on experience of a few common vulnerabilities and attack scenarios

Programme

• DAY 1
  BASICS & MECHANISMS
  Threats, risks, basic principles and practical limitations / Information security basics / Cryptography basics / Access control / Privacy & protection
  POLICIES & MANAGEMENT
  Authentication and identity management / Best practices in ensuring secure system and software / Development, deployment, installation, configuration, operation, governance, risk management & compliance
• DAY 2
  VULNERABILITIES, ATTACKS, #DEFENSES
  Technical view of the threats to IT security and the nature of malware / Overview and classification of the most frequent software vulnerabilities that lead to security violations / How hackers leverage these to break into IT systems, and what attack patterns are most frequent / How to defend, prevent, monitor, detect and recover from attacks
  HANDS-ON LAB PRACTICE (PART I)*
  Information Gathering, Forensics : Setup a small virtual environments of services / Use network and vulnerability scanners / Identify common configuration problems and weaknesses
• DAY 3
  HANDS-ON LAB PRACTICE (PART II)*
  Application vulnerabilities, Reverse engineering : Code injection / Buffer overflows, stack smashing / Breaking improper cyptography.
  Web security : XSS and CSRF exploitation and prevention / SQL injections / Misc. topics (steganography, password cracking)

Dates and schedule

• 26 – 28 October 2015, from 8.30 am to 5.30 pm

Registration

Course fee : CHF 2,100.–

Special 10% discount for members of the ALUMNIL and contributing members of EPFL Alumni.

Application deadline : 15 September 2015

Places are limited.

Programme Director

• #Arjen Lenstra, Professor, Laboratory for Cryptologic Algorithms

Instructors

• Philippe Janson, Adjunct Prof., Computer Science & Communication Systems
• Maxime Augier, Doctoral assistant, Laboratory for Cryptologic Algorithms

Certification

A certificate of participation will be delivered at the end of the course.

Course venue

UNIL-EPFL campus, Lausanne, Switzerland

* Note : Participants should bring their private laptop equipped with minimum :

• VirtualBox installed, or the privileges to install it
• 1.5 GB free disk space
• 256 #MB free memory (not counting host OS consumption)
• Recommended: 512 MB free memory
• Virtualization-assisted CPU (either Intel VT-X or AMD-V)

• See more at: