Simple Nomad is the founder of the Nomad Mobile Research Centre, an international group of hackers that explore technology. By day he works as a Senior Security Analyst for BindView Corporation. He has spent years developing and testing various computer systems for security strengths. He has authored numerous papers, developed a number of tools for testing the security and insecurity of computer systems, a regular lecturer at popular hacker and security conferences, and has been quoted in various media outlets regarding computer security.

Eric Ahlm brings to Vigilar 10 years of experience in information technology, 5 of which were dedicated to information security. At Vigilar, Ahlm is the Director of Security Architecture, where his primary role is to evaluate new security technologies and consult with clients who are looking to solve security challenges. He also runs Vigilar’s evaluation labs and works with hundreds of security products to find the best solutions for today’s security challenges. Prior to Vigilar, Ahlm worked for various security consulting firms and was a Regional Manager for Symantec Worldwide, an information security firm that provides a broad range of software, appliances and services to help companies, secure, and manage their IT infrastructure. While at Symantec Worldwide, he was responsible for managing the company’s enterprise security line. In addition, Ahlm has written numerous whitepapers published on security topics, participated as a keynote speaker at various security conferences, and consulted with top companies in the United States. His areas of interest and study is in hacking techniques, penetration testing, and working with security professionals to discover new exploits and uses proof of concept tools to help clients tighten their security. Ahlm holds a B.S.E.E.T. (Bachelor of Science Electrical Engineering Technologist) from Devry University.

Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks.

Ofir holds 10 years of experience in data security research and management. Prior of co-founding Insightix, he had served as a CISO of a leading Israeli international telephone carrier. In addition, Ofir had consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors.

Ofir conducts cutting edge research in the information security field and has published several research papers, advisories and articles in the fields of information warfare, VoIP security, and network discovery, and lectured in a number of computer security conferences about the research. The most known papers he had published are: "ICMP Usage in Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back", "Etherleak: Ethernet frame padding information leakage", etc. He is a co-author of the remote active operating system fingerprinting tool Xprobe2.

Ofir is an active member with the Honeynet project and he co-authored the team's books, "Know Your Enemy" published by Addison-Wesley."

Dan Connelly is a Penetration Testing Specialist with Eagle Research Group performing penetration tests and security audits. Mr. Connelly has a wide range of expertise including: Web Applications, Databases, and Wireless Security. He has a Masters degree in Information Assurance from Norwich University.

Visualization IDS

Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a Masters Degree in Computer Science from Johns Hopkins University and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, interface design and information warfare.

In addition to teaching computer science at West Point, Greg has worked at a variety of military intelligence assignments specializing in Signals Intelligence. Currently he is on a Department of Defense Fellowship and is working on his PhD in Computer Science at Georgia Tech. He is conducting research into Denial of Information Attacks.

Real World Vulnerability Management - What Vulnerability Management vendors don't want you to know

Joseph Dell is the VP of North America for Insightix, Inc, bringing to bear over 12 years of experience within the information security arena. Formerly the Chief Technology Officer of Vigilar, Inc, he was responsible for providing strategic technological direction for the company while evaluating new technologies, driving the technical creation of customized solution offerings, and focusing security solution sets on market trend analysis.

Prior to joining Vigilar, Dell managed the VeriSign Professional Services Security Services division (formerly SecureIT). He not only provides vast security knowledge but also carries extensive experience with market leading technologies from vendors such as Check Point, Nokia, ISS and Cisco products. While at VeriSign, Dell managed a team of 36 engineers, developed courseware on behalf of partners for delivery to end-users, controlled security audits for international financial institutions, and lead the information security practice.

Dell is a published author of several network security whitepapers and industry regarded articles. In addition, he has delivered numerous speaking engagements nationwide. He holds the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Microsoft Certified Systems Engineer, Certified Novell Engineer, Nokia Security Administrator and Certified Check Point Security Administrator (CCSA), Expert (CCSE) and Instructor (CCSI) certifications. He is in the final stages of writing a technical book focused on Wireless LAN Security.

Dell holds a B.A. from Emory University in Atlanta, GA.

50% hacker. 50% artist. 50% engineer. Plays well with yaks.

At Enterasys, Mr. Gula was Vice President of IDS Products and worked with many top financial, government, security service providers and commercial companies to help deploy and monitor large IDS installations. Mr. Gula was also the Director of Risk Mitigation for US Internetworking and was responsible for intrusion detection and vulnerability detection for one of the first application service providers. Mr. Gula worked for BBN and GTE Internetworking where he conducted security assessments as a consultant, helped to develop one of the first commercial network honeypots and helped develop security policies for large carrier-class networks. Mr. Gula began his career in information security while working at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research. Mr. Gula has a BS from Clarkson University and a MSEE from University of Southern Illinois. Ron Gula was the recipient of the 2004 Techno Security Conference "Industry Professional of the Year" award.

Chris Hurley (known in some circles as Roamer) is a Senior Penetration Testing Engineer working in the Washington DC area. He is the founder of the WorldWide WarDrive, a four year survey conducted by information security professionals and hobbyists to document the security posture of currently deployed wireless networks and generate awareness of the insecurities associated with them. Primarily focusing his efforts on penetration testing, he also performs vulnerability assessments, forensics, and incident response operations on both wired and wireless networks. He has spoken at several security conferences, been published in numerous online and print publications, and has been the subject of several interviews and stories related to wireless network security. He is also the primary organizer of the WarDriving contest held at the annual DEF CON hacker conference and is the author of WarDriving: Drive, Detect, Defend from Syngress Publishing.

With the ever-increasing threat of cyber attacks, today's Web environment has made application security an essential element in the application development lifecycle. This workshop will define what Web application security is, why it is needed, and how it differs from other categories of Internet security. Additionally, we will examine appropriate procedures and technologies essential to the security of Web application code. Through a review of recent Web application breaches, we will expose the prolific methods hackers use to execute break-ins via the Web. By taking an in-depth look at how Web-based applications work and the techniques hackers use to exploit them, you will be better equipped to protect your confidential information.

After completing this workshop, attendees will be versed in the underlying protocol that allows hackers to exploit Web based applications, but more importantly attendees will understand how to better protect critical applications at the root of development.

Dennis Hurst is a senior consulting engineer for SPI Dynamics where he is responsible for working with customers to educate them on the need for Web Application security and practical ways to protect Web Applications from hacking attacks. Dennis has more than 15 years experience in the Information Systems/Application Development industry. He is an expert in system design, implementation and maintenance of complex multi-vendor, multi-platform computer applications and networks, and has extensive experience in planning developing and enhancing Internet systems as well as integrating Internet systems with legacy systems. Dennis is a Microsoft Certified Solution Developer and a Certified Novell Engineer.

Automated Debugging and Process Analysis

Secure and Scalable Network Design

Andrew Kalat has ten years experience in the computer industry as a security consultant, network infrastructure and security engineer, technical manager, and sales engineer working for well known security companies. Background includes designing and implementing networking and security solutions for organizations ranging in size from small companies to Fortune 500 firms. Currently employed by Check Point Software as a Security Engineering Manager.

Building an Anonym.OS aka H.O.T.S.E.A.T.
a Hardened, Optimized Transportable System for Encrypting and Anonymizing Traffic

Richard soldered together his first personal computer in 1975. He helped found the East Bay Microprocessor Users Group (EBMUG) and was a fringe member of the Homebrew Computer Club. He led the 8080 assembly language special interest group of the San Diego Computer Society and wrote a monthly column entitled 'Softwareland' for their newsletter.

During his four years in the Army Security Agency Richard held a Top Secret codeword clearance. He did field work in Russian language voice intercept and translation.

Richard has had just about every title there is in programming and has worked with a broad range of mainframe and network systems. As a systems programmer, he implemented an application for a bank that stored traffic from their entire teller network on microfiche in a screen image format for auditing and debugging. He has designed systems and databases and written extensive documentation for an insurance company where auditing is a way of life. However, Richard is at heart an application programmer, a job providing a satifying combination of the fun of seeing code work and of being able to talk directly with peer clients.

Recently Richard quit his day job to devote himself to developing his consulting business, Lindberg Designs.

Metasploits

System Emulations: Old school high level coding for machine manipulations

I am a programmer, age 22, living in Texas. I am an aquarius, enjoy long walks on the beach, and like reading Knuth while sipping a glass of Macallan's. (Optyx has been a good friend of interz0ne since the beginning, and interzone says THANKS Optyx!)

Mike Petruzzi is a Penetration Testing Specialist with Eagle Research Group. Mr. Petruzzi has 7 years of experience with information systems and networking with focus on Information Assurance and Security. He has published a white paper entitled Security Concerns with Peer-to-Peer Software. He is a Certified Information Systems Security Professional (CISSP). He enjoys long walks on the beach, holding hands and puppies. His turn-offs are bad breath, stinky people and bios.

Hendrik Scholz is a VoIP developer and systems engineer at Freenet Cityline in Kiel, Germany. He earned his Bachelor in Computer Science from the german University of Applied Sciences Kiel in 2003. While studying and working in Melbourne, Australia, Atlanta, Ga and Orlando, Fl. he contributed to FreeBSD and specialized in networking security issues.

The growth of e-business and use of the Internet to automate data intensive functions has driven many companies to open their networks to wider audiences. The ability of hackers to continually evolve with security initiatives has created a difficult cycle for many companies to keep up. As the sophistication of tools to prevent or detect hackers has increased, the technical knowledge required to attack a network has sharply decreased and the continual surge of new hacker techniques is dramatically on the rise. This has left growing numbers of companies exposed to an ever-increasing list of potential attacks.

The lack of proactive security permits even attempted attacks to go unnoticed. It puts the company in a reactive security mode, where nothing gets fixed until after the potentially critical situation occurs. Reactive security could mean sacrificing sensitive data as a catalyst for policy change.

This presentation will explore new trends in hacker exploits and the vulnerabilities they plague, including SQL injection, Google hacking, binary analysis and cell phone security.

Caleb Sima is the co-founder and CTO of SPI Dynamics, the expert in Web application security assessment and testing. Caleb is responsible for directing the lifecycle of the company's Web application security solutions and is the director of SPI Labs, the renowned application security research and development group within SPI Dynamics. Prior to co-founding SPI Dynamics in 2000, Caleb worked for the elite X-Force R&D team at Internet Security Systems, and as a security engineer for S1 Corporation. Caleb is widely known within the Internet security community for his expertise in penetration testing and his ability to identify emerging security threats and trends in the enterprise environment.

It sucks when your sploit crashes.

Jason Spence has been, at times, a security consultant, a Sun missionary, a network engineer, a flaming Linux zealot, a process manager, a VMS cleric, a radio operator, a Windows proselytizer, a (bad) cook, a Mac evangelist, a classical pianist, a BSD proponent, a swordsman, a Netware administrator, a 3-D graphics programmer, a Perl monk, and is sometimes seen wearing a funny red hat. During his time in between security conventions, Jason consults for a few Bay Area companies in need of someone with the Ponytail of UNIX Wisdom. In whatever spare time he has left, he maintains the only publicly accessible quad Xeon FreeBSD machine on the Internet and thinks about epistemology.

Metaploits

Disposable email sites have appeared as a solution to the growing SPAM crisis. While they serve a great purpose, they should not skimp on security and privacy. This presentation will explain the innate insecurities of these systems and it will present a solution in the form of a new web site from the DDP that provides similar functionality without the loss of privacy and security. "The Revolution Will Be Digitized."

StankDawg is a senior programmer/analyst who has worked for Fortune 500 companies and large universities. He is a staff writer for 2600 Magazine as well as blacklisted411 magazine. His time is spent working on numerous projects, writing articles, and anything that will help the community. He is founder of "The Digital DawgPound" (the DDP) which is a group of white-hat/gray-hat hackers who produce their own magazine, radio show, TV show, and other projects at http://www.binrev.com/.

Caveat Lector: Authentication, the Forgotten, Should-be

Justin Troutman is an independent contract cryptographer and cryptanalyst, based in North Carolina, who sports a forte consisting of a specialization in the structural design semantics of cryptographic primitives and their mathematical cryptanalyses, on which he has authored publications and lectured abroad. On a contract basis, his array of engagements include consulting, conceptualizing, constructing, and cryptanalyzing tactful cryptographic protocols and their respective algorithmic components. On an academic basis, he is pursuing doctorate-level research in the pure mathematical corpus of cryptology. More information, including his concise curriculum vitae, is located at his autobiographical site, http://www.justintroutman.org.

Latest Progress on Spam/Spyware Busting

Pete is the founding partner of Wellborn & Butler, LLC (the "Firm") in Atlanta, Georgia. Prior to establishing the Firm in April 2001, Pete was the Chairman of the Technology Law practice at Arnall Golden Gregory, a 150 person multi-department firm in Atlanta. His clients include Internet Service Providers ("ISP's"), hardware wholesalers and retailers, software developers and resellers, defense contractors, and other technology and e-commerce companies. Pete has handled a number of high-profile cases involving unsolicited commercial e-mail (pejoratively known as "spam"). In 1998, he obtained a $2 million judgment against Cyber Promotions (the most prolific spammer in the country) on behalf of one of the world's largest ISPs. In 2000, he obtained landmark spam-related victories in which all ISP's and Internet users worldwide were protected as express third-party beneficiaries from the future misconduct of the spammers.

In July 2002, he obtained a $25 million judgment against a Tennessee spammer who was also engaged in massive identify theft and credit card fraud. Approximately 75% of Pete's practice relates to the prosecution of civil cases against parties involved in spamming, spoofing, and/or Internet fraud. Pete has had a primary practice focus on Internet Law since 1996.

Pete's interest in technology began with his degree in Information and Computer Science from Georgia Tech, where he now teaches a course on Internet Law. Pete also teaches Internet Law at Mercer University Law School, where he obtained his J.D. in 1989. He has substantial trial, arbitration, and mediation experience. Pete was a nominee for the 2000 Georgia Technology Application Award on the basis of his anti-spam lawsuits and efforts. He also served as a Technology Advisor to the late Senator Paul Coverdell.

Among the interz0ne crowd I'm most known for my work two years ago with Acidus on the Blackboard system. Since then I've been exploring large scale data-mining and AI-related stuff.