CONFidence 3


Hotel Sympozjum - Krakow




About conference

The speakers of the CONFidence 2007 were the most prestigious so far. And this is taking into account not only the previous editions of our meetings but also all other national conferences on network security.

This time we met at the Sympozjum Hotel on Kobierzyńska Street in Krakow. The city with magic, reputation and universality that definitely serves the internationality of CONFidence. We’ve planned some interesting competitions for participants but let’s talk about it later. First, let's take a look at our speakers and the talks they have prepared for the attendees. Anton Chuvakin, a security specialist with an international reputation, co-author of "Security Warrior", appeared with "System Network and Security Log Forensic" with a presentation introducing participants to the issue of log management, Chuvakin's main professional interest. Stefano Zanero has refuted the myths on the intrusion detection systems (IDS). Entrepreneur Henning Brauer, the owner of a hosting and security company, gave us a taste of the OpenBGPD project - his own version of the Border Gateway Protocol, used to announce the availability of networks managed by them. Joanna Rutkowska also returned to CONFidence.

We are proud to announce that the first conference in Poland with such a good cast has been successfully completed. We would like to thank all the sponsors, participants, speakers, guests for coming and creating a great atmosphere together. Amazing lectures, excellent participants and a touch of Krakow's magic contributed to the atmosphere of a perfect event.

Both the presentations of Polish speakers and guests from abroad aroused great interest of the participants. On the first day of CONFidence 2007, the biggest applause was raised by lectures of Dinis Cruz (amazing exploits of .NET), Raoul Chies (unforgettable protocol X.25) and Alexander Kornbrust (using Oracle errors). The most liked polish speakers were Grzegorz Flak with the company of Qumak and Robert Pająk on the subject of a professional approach to the problem of phishing and Paweł Pokrywka's lecture on the location of devices in the Ethernet network. Hot discussions on the topics discussed lasted a long time after the presentation was over!

The participants and speakers spent the evening together, enjoying the hospitality and the extraordinary atmosphere of countless Krakow’s pubs, clubs and restaurants. We talked a lot and even had a chance to listen to our speakers playing a concert (big shoutout to the drum performance by Dinis Cruz!). The second day of CONFidence, started punctually at 9:00(despite the fun last night). Alongside with lectures we’ve held some exciting competitions:
secure network configuration based on Cisco solutions - a sponsor of Cisco Polska, funded an award in the form of an XBOX console - the contest was prepared and led by Grzegorz Wróbel together with Łukasz Bromirski.
the first Capture the Flag competition in Poland - the task of the participants was to break into the servers - the competition was organised and led by Jarosław Sajko, the prize was funded by the Helion Publishing House and the PROIDEA Foundation.
The fierce struggle between the participants lasted until the last seconds of the competitions. Winners proudly returned home, and the defeated could get a chance for the rematch it they came to the CONFidence in 2008.
On the second day lectures the most popular were taks by Richard Bejtlich, Wojciech Świątek - Motorola's representative (corporate approach to security) and, traditionally, Łukasz Bromirski - Cisco Polska, who talked about security problems in our networks, was best evaluated.


Dzień Pierwszy
Sesja1 Sesja2
Prelegent Temat Prelegent Temat
9.00-10.00 Anton Chuvakin System Network and Security Log Forensic Adam Zabrocki Shellcody a architektura MIPS ? na systemach IRIX
10.10-11.10 Daniel Cid Log analysis using ossec Błażej Miga Windows PKI
11.10-11.40 Przerwa kawowa
11.50-12.50 Stefano Zanero My IDS is better than yours… or is it? Paweł Pokrywka Radar w Ethernecie czyli jak określić lokalizację hosta w sieci LAN
13.00-14.00 Alexander Kornbrust Oracle for pentesters 2007, how to hack Oracle databases Grzegorz Flak, Robert Pająk Czy z “phishingiem” można wygrać? Co banki mogą zrobić by rzadziej padać ofiarą
14.10-15.10 Lunch
15.10-16.10 Angelo Rosiello Crypto Viruses: an Overview Shawn Merdinger VoIP Security Tools and Attacks
16.20-17.20 Dinis Cruz Buffer Overflows on .Net and Asp.Net Raoul Chiesa X.25 (in)security in 2007: real-life experiences
17.30-18.30 Dinis Cruz OWASP, the Open Web Application Security Project Wim Vandenputte Calorie restricted OpenBSD
18.40-19.40 Henning Brauer OpenBGPD Luca Carettoni, Claudio Merloni String Analysis for the Detection of Web Application Flaws
19.40-19.50 Zakończenie dnia, rozlosowanie nagród
21.00- Spotkanie wieczorne
Dzień drugi
Sesja1 Sesja2
Prelegent Temat Prelegent Temat
9.00-10.00 Richard Beijtlich The Self-Defeating Network Łukasz Bromirski Cisco Threat Control and Containment
10.10-11.10 Luca Carettoni, Claudio Merloni BlueBag Project Łukasz Bromirski Wirtualizacja sieci - bezpieczeństwo w sieciach MPLS i izolacja ruchu w sieciach lokalnych
11.10-11.40 Przerwa kawowa
11.50-12.50 Felix Kronlage Secure roaming for the modern roadwarrior Wojciech Świątek Current Security Issues in Corporate IT Environments
13.00-14.00 Joanna Rutkowska A la carte Piotr Sasak, Bartosz Brodecki Obowiązkowa kontrola dostępu w systemie Linux
14.10-15.10 Maurycy Prodeus Testowanie oprogramowania i jego bezpieczeństwo Krzysztof Maćkowiak Analiza ryzyka podstawą wdrożenia Systemu Zarządzania Bezpieczeństwem Informacji
zgodnego z ISO/IEC 27001:2005
15.10-16.10 Lunch
16.10-17.10 “E-pracownik” - dofinansowane szkolenia, zakończenie konferencji, rozlosowanie nagród