CSI 2007
November 3-9
Washington, DC

CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.  Register now for savings on conference fees and/or free exhibits admission.

Register Now:
https://www.cmpevents.com/CSI34/a.asp?option=B&SC=ANNHP

For more Info:
http://www.csiannual.com

Venue

Hyatt Regency Crystal City
2799 Jefferson Davis Highway
Arlington VA 22202
Phone: 703-418-1234 or 800-233-1234
http://crystalcity.hyatt.com/

Don

Hope everyone is having a good time this week in DC. Feel free to share your thoughts and experiences of this or any previous CSI Annual Conference.

This is yet another event sponsored by EH-Net this year as we strive to support the security community.

Have fun,
Don

Hey back again, sorry I didn't post sooner I just been busy with my new job. Anyways, this year CSI was a wonderful experience. Met a lot of cool people from different parts of the world.

The courses I took mainly focused on computer forensic and attacks & countermeasures. The most interesting course for me was the "Malware Reverse Engineering and Behavioral Analysis" taught by Visveswaran Chidambaram from Infosys Technologies. This session through live demos taught us how to unearth malware's secrets by studying its behavior on a safe lab environment using Vmware and several tools such as Regmon and Filemon from Sysinternals and Ollydbg.

Another interesting course was the "Web Site Vulnerabilities: Trends, Business Effects, How to Fight Them" taught by Jeremiah Grossman from WhiteHat Security, Inc and also the coauthor of "Cross Site Scripting Attacks: Xss Exploits and Defense". I've learned that 9 out of 10 websites are vulnerable to attacks and if your work for a financial institution like I do, you might be interested to know that the top 3 vulnerabilities for banking websites are XSS, SQL Injection and Information leakage.

Last but not least, I would also like to mention the "VoIP Attacks!" course taught by  Dustin Trammel a security researcher. He spoke about current attacks against VoIP systems and tools that are helping hackers launch these attacks. A couple of tools he mentioned was written by him. Dustin is an interesting character. This guy likes green. From his head to his toe and even his laptop is green. Anyways this session was an interesting and intuitive course and overall a good presentation.

I also for the first time, participated in a Capture the Flag event using EH-Net BackTrack. What I've learned from this challenge is that I have to improve on my speed. Damn! these people are fast. Oh well, better luck next time.

If anybody is interested, you can now download some of the presentations given in the conference. Here's the link:

CSI 2007

Enjoy!!

answer my question!

well that's my bad then, i really did want to know what the speaker said about it, especially on the where VoIP vulns are going.

thanks for the link blackazarro, i'll check it out