2012 - Hacker Halted Asia Pacific

Organizer: Supporting Partner:
TM
H@cker Halted
Asia Paci�c
2 0 1 2
- Malaysia -
Nov 19-22, 2012
Berjaya Times Square Hotel Kuala Lumpur

TM
H@cker Halted
Recent victims of cyber-attacks include Google, RSA and Sony – all resulting to major security breaches, compromises on sensitive
customer data, loss of intellectual properties and even classi�ed due diligence reports.
2010 & 2011 news updates are rampant with similar attacks – and we see more every day. It’s becoming obvious that information
security is no longer an option for businesses instead now it should be included in the list of non-tangible investments essential to
company’s growth and stability.
The complexity of security requirements has greatly increased the value of ethical hackers and other information security
professionals. Network security technologies such as �rewalls, intrusion prevention systems and anti-malware/virus software are
now insu�cient.
Hacker Halted APAC 2012’s theme “Unravel the Enigma of Insecurity” clearly re�ects an understanding of today’s information security
dynamic and complex environment.
The History of the Hackers Halted
Introduced in 2004, the Hacker Halted series has been a constant source of knowledge to the information security community.
With interactive and power packed sessions, participants are set to gather and discuss relevant and up-to-date information, ideas
and strategies to enable better data protection. After all, prevention is always better than cure.
Hacker Halted APAC has been hosted in Malaysia since 2004 and has an annual average gathering of 500 individuals from the
information security industry.
Our intentions has remained steadfast and clear, to create a platform to facilitate knowledge transfer and sharing on the latest
information security threats, counter-measures, and to measure how the industry has evolved throughout the years. Participants will
be able to witness live hacking sessions, learn and compare best practices and network with industry leaders and peers.
Hacker Halted has been hosted in many cities around the world, including Miami, Mytle Beach, Kuala Lumpur, Singapore, Dubai,
Mexico City, Cairo, Taipei, Guangzhou and Tokyo.
Hacker Halted APAC is organized and presented to you by EC-Council | Academy Sdn Bhd.
Delegates
The Hacker Halted APAC event annually gathers around 500 individuals; this consists of everyone, from ethical hackers to key C-level
executives from corporates, government bodies and solution seekers.
The event is aimed at providing the opportunity to CEOs, COOs, CIOs, CFOs, Senior IT Professionals and all other decision makers to
assess the best practices in acquiring, implementing, managing and measuring information security.
DELEGATE BREAKDOWN
Key executives – CEO, CIO, CTO, CISO
Technical Specialist, Researchers, Engineers
IT Managers, IT Directors
Other, Academics
10%
Asia Paci�c
2 0 1 2
20%
- Malaysia -
30%
40%
GEOGRAPHICAL BREAKDOWN
Malaysia
Asia Paci�c
Rest of the world
17%
11%
72%

Conference - Nov 19, 2012
TIME
8.30am
9.00am
9.15am
10.00am
10.30am
11.15am
12.15pm
1.15pm
2.00pm
2.45pm
3.30pm
4.30pm
5.00pm
5.45pm
6.00pm
7.00pm
9.00pm
TOPIC
Registration
Opening
Welcome and opening keynote – Presenter: Jay Bavisi
Morning refreshment
Big bang theory: the evolution of pentesting high security environments – Presenter: Joe McCray
Hackers for hire – Presenter: Haja Mohideen
Lunch
How can I hack your mobile? – Presenter: Wayne Burke
Large scale HTTP header abuse – Presenter: Zachary Wol�
The cloud whisperer: what security secrets is your cloud not disclosing? – Presenter: Tim Pierson
Panel discussion
Afternoon refreshment
The shifting sands of GRC – Presenter: Drew Williams
Closing
Break (Dinner not included)
Night Hack Live
End
Security360 Workshop Series
An intensive and technical training that focuses on attacking and defending highly secured environments. Here you will have the
opportunity to learn and apply methods of attacking new operating systems such as Windows Vista, Windows 7, Windows Server
2008, and the latest Linux servers.
This workshop provides penetration testers the training needed to perform advanced pen testing against known or unknown
applications, services, and network systems which are patched and hardened with both Network and Host-based Intrusion
Detection/Preventions Systems (IDS/IPS) in place. The learning curve for this program is extremely steep, but the rewards are
astronomical where students are presented with the opportunity to learn what it REALLY takes to hack into some of the most secure
networks and applications in the world.
Views shared will include what it takes to hack and defend some of the most secured networks and applications around today under
the guidance and support of a world renowned advanced pen testing expert.
Who should attend:
Security360 Workshop Series - WORKSHOP 1
Nov 20-22, 2012 (9.00am - 5.30pm)
Run & Gun: Penetration Testing
Trainer: Joe McCray
Information Security Professionals, Penetration Testers, IT Managers, IT Auditors, Government & Intelligence Agencies interested in
real world attack and defense in today’s complex IT environments.

How protect your web applications from attacks by those who wish to do you harm by mastering the components of weapons and
the way hackers think currently.
Learn how to prop up authentication and authorization, plug holes in popular browsers, prop-up defenses against injection attacks,
and fortify Web 2.0 features. See how adding security into the Web (Software) Development Lifecycle (SDLC) and into the overall
enterprise information security program is key but is often overlooked.
This workshop will cover: hacker's footprinting, scanning, and pro�ling tools, including SHODAN, Maltego, and OWASP DirBuster.
Even see new exploits platforms of Java System Web Server and Oracle’s WebLogic. See and comprehend how attackers defeat
commonly used Web authentication technologies. See and observe how real-world session attacks leak sensitive data and how to
harden your applications.
Find and �x vulnerabilities in ASP.NET, PHP, and J2EE execution environments safety deploy XML, social networking, cloud
computing, and Web 2.0 services.
Defend against RIA, Ajax, UGC, and browser-based, client-side exploits. Understand and implement scalable threat modeling, the
forgotten code review and how to implement and provide a methodology for application scanning, fuzzing, and security testing
procedures.
Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection
techniques and what stops them cold!
Who should attend:
Security360 Workshop Series - WORKSHOP 2
Nov 20-22, 2012 (9.00am - 5.30pm)
The Combat of Web Application: Hackers vs. Developers
Trainer: Tim Pierson
Web Programmers, Web Developers and those who are responsible for designing and building secure Windows/Web based
applications with .NET/Java frameworks.
Mobile hacking and forensics is fast becoming a lucrative and constantly evolving �eld. This is no surprise as the mobile phone
industry has been witnessing some unimaginable growth, some experts say it may even replace computers for those only wishing
to send and receive emails.
As this area of digital forensics grow in scope and size due to the prevalence and proliferation of mobile devices. As the use of these
devices grows, more evidence and information important to investigations will be found on them. To ignore examining these
devices would be negligent and will result in incomplete investigations. This growth has now presented new and growing career
opportunities for interested practitioners in corporate, enforcement, and military settings.
Mobile hacking and forensics are certainly here to stay as every mobile device is di�erent and di�erent results will occur based on
that device requiring unique expertise. This course was put together to focus on what today’s mobile security practitioner requires.
Some of the advanced areas this course will be covering are the intricacies of manual acquisition (physical vs. logical) & advanced
analysis using reverse engineering , understanding how popular Mobile OS are hardened to defend against common attacks and
exploits.
Who should attend:
Security360 Workshop Series - WORKSHOP 3
Nov 20-22, 2012 (9.00am - 5.30pm)
Mobile Hacking and Forensic: Dark Side on the Moon
Trainer: Wayne Burke
Risk Assessment Professionals, Digital Forensics Investigators, Information Security Professionals, Mobile Developers, Penetration
Testers - CEH Professionals, Law Enforcement O�cers and Government Agencies, Attorneys, Paralegals and First Responders,
Accountants and Financial Personnel and anyone who deals with implementation, testing, security hardening of mobile devices.

The idea of Cyberwar has o�cially made its way into to the main stream media. Thoughts, ideas and opinions on the topic are
everywhere. With this elevated attention has come with a certain level of confusion. Facts and technical details around incidents are
either not known, reported inaccurately or simply don’t exist. At the same time, a large number of breaches will never see the light
of the public eye. In addition to this, the elevated attention has propelled a whole new set of players into the game.
Through those lenses, it would prove to be very di�cult to gain a solid understanding of Cyberwar. For this reason, we will take a
di�erent approach. Instead, we will look to a military treatise written between 771 and 476 BC, Sun Tzu’s The Art of War. We will look
at lessons from the manuscript and how they apply to Cyberwar.
Workshop overview and introduction:
This is a comprehensive technical workshop providing in-depth understanding of networks from an o�ensive and defensive point of
view. We will look at common but e�ective network based attacks and then into complicated targeted attacks. From a defensive
perspective we will review traditional perimeter based approaches and look at how these are combined with advanced techniques
to give you a unique and e�ective defensive posture. This will be done as an extension of the ideas described in Sun Tzu’s The Art of
War and will contain a number of hands on lab exercises.
Who should attend:
Security360 Workshop Series - WORKSHOP 4
Nov 20-22, 2012 (9.00am - 5.30pm)
The Art of Cyberwar - Network Hacking and Defense
Trainer: Zachary Wolff
Penetration Testers, Auditors, Digital Forensics Specialists, Information Security Professionals, Security Software Vendors, Security
Architects/Analysts/Engineers.
In this workshop participants will learn how to prepare for and manage diverse rules and regulations associated with Governance
Risk and Compliance — from an industry-speci�c perspective as well as international trends.
In today’s business world, more and more organizations are recognizing the increased costs, wastes and higher risks due to a
hodgepodge of technologies and processes working in silos. This workshop will present the common trends for managing risk and
complying with industry regulations and international laws.
Who should attend:
Information managers and senior level executives who want a fundamental understanding of GRC and how it may or may not a�ect
their business and their bottom line.
Position level:
Executives and anyone who is considered the point-person for security policy management, as well as anyone responsible for
authoring a security policy for their business.
Industry:
Government agencies, health care and businesses that rely heavily on web-based revenues.
Prerequisite:
Security360 Workshop Series - WORKSHOP 5
Nov 20, 2012 (9.00am - 5.30pm)
Managing the Multiple Personalities of GRC
Trainer: Drew Williams
People who understand (or need to create) operational and infrastructure policies. Part of this workshop will include an in-class
policy review with participants, with an additional (pre-pay) option of policy consulting on a business-by-business basis (schedule
one-hour follow-ups for additional reviews, if that's possible). A key to the success of this workshop will be for participants to bring
their security policies and implement a self-assessment as part of the workshop.

NIGHT HACK LIVE
STRICTLY NOT FOR THE WEAK HEARTED!
HACKERS ARE HERE.
WHERE ARE YOU?
Google. Sony. RSA. LinkedIn. Hacked.
Millions of dollar lost, consumer trust broken.
How did they do it?
Where are the countermeasures?
Back for the 3rd year, watch how real hackers
penetrate “secured” system and networks. - LIVE!
Exclusively Exclusively for for
Hacker Hacker Halted Halted
Asia Asia Paci�c Paci�c 2012 2012
Participants!
Participants!

Speaker
Jay Bavisi
Jay Bavisi is the Co-Founder and President of EC-Council, which came together post the 9/11 incident where issues of cyber terrorism were raised
in the forefront of security of nations at large. Jay, as he is popular known, regularly shares the platform with legislators and policymakers, to senior
o�cials of government agencies and educators at various international conferences and seminars. Jay is a distinguished and popular speaker on
information security. He has previously been invited to speak at various internationals events in the United States of America, Netherlands, United
Kingdom, Mexico, France, Greece, Germany, Malaysia, Singapore, Philippines, Hong Kong, United Arab Emirates, Indonesia, Taiwan, Australia,
Thailand, India and China.
Haja Mohideen
Haja is the Co-Founder and currently the Technical Director of EC-Council. He manages the certi�cations and training programs for EC-Council. Haja
is well-known as the creator of popular certi�cation programs such as the CEH, CHFI, ECSA/LPT and ECSP. With more than 17 years of experience
specializing in the development, support and project management of PC software and hardware in distributed computing environment, he has
trained various Fortune 500 companies as well as US government agencies.
Drew Williams
Drew Williams helped establish the foundation of what is now a multi-billion dollar IT security industry. In the mid and late 1990s, Drew worked for
or consulted with eight of top ten most in�uential IT security companies in America, including AXENT Technologies, Microsoft, BindView, HP, ISS,
NetIQ and BMC.
Drew de�ned new markets in IT security, security frameworks and services, and federal compliance standards. He has authored federal, state and
corporate policies on both global and national compliance standards and established business-to-business protocols for both international and
domestic IT security markets.
An author of hundreds of articles, features and several books, Drew has also presented at the United Nations, on CNN, MSNBC and CNN China, and
was named by an Australian IT security consortium as one of APAC’s Top 20 Most In�uential Leaders in IT Security for 2010.
Zachary Wol�
Zachary Wol�’s experimentation in subverting computer systems began in the early 90s. Barriers created by pay per minute internet and dial up
busy signals pushed him to explore alternative means of access. Not long after, he unintentionally blue screened his mom’s computer with a virus
he brought home on a �oppy disk from his high school programming lab. Naturally, a series of intentional blue screens would soon follow. These
experiences set the foundation for his future endeavors in security research.
Highlights include three years of malware analysis on Webroots Threat Research Team and large scale SIEM implementations with LogRhythm. He
currently works on the LogRhythm Labs team conducting research around log data correlation and attack signatures. Zachary believes strongly in
a neutral internet and is particularly interested in security research that aligns with such principals.
Joe McCray
Joe McCray has over 15 years of experience in the security industry with a diverse background that includes network and web application
penetration testing, forensics, training, and regulatory compliance. Having performed hundreds of penetration tests, assessing well over 250,000
hosts in the DoD, Federal, Financial, Gaming, Retail, and Hospitality industries – Joe’s specialty is pentesting high security environments, and
bypassing high end security systems.
Joe is a US Air Force veteran with 5 years of US Army contracting experience in information assurance (speci�cally Information Assurance Network
Engineering, Incident Response, Forensics, Vulnerability Assessments, and Penetration Testing). He is well versed in cyber war, cyber terrorism
tactics, having spent 2 years in Iraq and 1 year at US Army NetCom. He now gives advanced hacking and forensics training to the FBI, NSA, DHS,
Royal Canadian Mounties, and several other entities. Joe is also a frequent trainer and presenter at security conferences such as Black Hat, Def Con,
BruCON, Hacker Halted, Techno Security, Techno Forensics, and many others.
Joe was awarded the EC-Council Instructor of the Year award for 2010, and a Circle of Excellence (Instructor) recipient for 2009.
Tim Pierson
Tim Pierson has been a technical trainer for the past 23 years and is an industry leader in both security and virtualization. He has been a notable
speaker at many industry events including Novell's Brainshare, Innotech, GISSA and many military venues including the Pentagon and numerous
nuclear facilities addressing security both in the US and Europe. He is contributor to Secure Coding best practices and coauthor of Global
Knowledge Windows 2000 bootcamp. Current projects include contributing author of "VMware Virtual Infrastructure Security:- Securing ESX and
The Virtual Environment" released in April 2009 by Pearson Publishing and has done work for the bimonthly Virtualization Security Roundtable
Podcast available as a download on iTunes and Talk Shoe. Tim is one of the EC-Council's Master Instructor.
Wayne Burke
Wayne is currently the CSO for Sequrit CSI, responsible for the technical realm and security management, which includes consulting teams . He is a
captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered security assessments,
penetration test assignments and customized training for international corporations and many government agencies such as: EPA, FAA, DOJ, DOE,
DOD + 8570: Air force, Army, Navy, Marines, FBI and Statewide Law Enforcement O�ces in the USA.
Wayne’s consulting and training undertakings specializes in Penetration Testing, Forensics, Security Expert Advisor and Secure Infrastructure
Design. His expertise include DMZ �rewalls, Secure VPNs, EAP/TLS, PEAP, SSL, PKI, Smart Cards, Biometrics, IPSEC, IDS, Vulnerability Scanners, AV,
Honey Pots, Audits, �ltering policies, multi-layer encrypted �le systems, patch management and deployments. He additionally develops
customized and blended security curriculum.

Endorsed by:
Media Partners:
TM
H@cker Halted
Hacker Halted Asia Pacific
Level 3-10, Block F, Phileo Damansara 1,
Jalan 16/11, O� Jalan Damansara,
46350 Petaling Jaya, Selangor Darul Ehsan,
Malaysia.
Tel : +6 03-7665 0911
Fax : +6 03-7665 2022
admin@eccouncilapac.org
www.hackerhaltedapac.org
Asia Paci�c
2 0 1 2
- Malaysia -
www.facebook.com/HHAPAC
www.twitter.com/eccouncilapac

TM
H@cker Halted
Asia Paci�c
2 0 1 2
- Malaysia -
HACKER HALTED CONFERENCE & WORKSHOP 2012
REGISTRATION FORM
NOVEMBER 19 - 22, 2012
NOTE: All portions of this form must be completed. Print names as they should appear on meeting badge.
Registration will not be processed without payment. This form can be used as a company invoice.
Registrant’s Full Name (Same as per IC or Passport)
Title or Position
Company / Organisation
P.O. Box or Street Address
City State
Country Zip / Postal Code
Office Telephone (Include Country and City Code) Mobile Phone (Include Country and City Code)
E-mail Address
Registration Fees
PACKAGE
Conference (C)
Workshop (W)
2 in 1 (C + W)
Combo A : 3 In 1 (Training + C + W)
Combo B (Training + C)
Combo C (Training + W)
* Terms and conditions apply.
Confirmation Details
For promotional price: All payment must be received within 30 days after
promotional period.
For normal price: All payment must be received 2 weeks before the date of
the conference
After received payment, a receipt and confirmation letter will be issued.
If you have any queries regarding this, please contact Mr. Ven Ping,
Hacker Halted Asia Pacific on (60) 3 7665 0911.
Authorisation
Signatory must be authorized to sign on behalf of contracting organization.
TRAINING
TOTAL
Remarks
FEE PER
PERSON
Name:
Position:
Signature:
QTY
RM
RM
COST
Company Chop
TRAINING DATE
Start Date - End Date
MAIL or FAX to:
Registrar-
HACKER HALTED ASIA PACIFIC
Level 3 - 10, Block F,
Phileo Damansara 1,
Jalan 16/11, Off Jalan Damansara,
46350 Petaling Jaya,
Selangor Darul Ehsan,
MALAYSIA.
Tel: (60) 3 7665 0911
Fax: (60) 3 7665 2022
(If you fax this form, do NOT mail original)
Please visit
www.hackerhaltedapac.org
for further information on the Hacker Halted
Asia Pacific 2012 Conference & Workshop
PAYMENT OPTIONS:
Malaysia Ringgit Cheque or Demand Draft
Payable to EC-Council Academy Sdn. Bhd.
Electronic Transfer in Malaysia Ringgit to:
EC-Council Academy. Bank details will be
provided on the invoice.
MasterCard
Visa
(Credit Card Payment will be in Malaysia
Ringgit only.)
Note: 1. For credit card payment, 3% extra will be
levied for bank charges. 2. Cash & Credit Card
Payment will be in Malaysia Ringgit only.
Name as it appears on Card
Billing address of Card
Card Number
Security Code
Exp. Date
Signature
Cancellation Policy
Cancellation or refunds must be notified in writing.
Cancellation MUST be made before 10 September
2012. All refunds are subject to a 10% cancellation
charge on fees paid. A 50% cancellation charge is
subjected to the fees after 10 September 2012.
No refunds will be made for cancellation after 10
October 2012. The organizer reserves the right to
make any changes to the event.
All information contained herein is correct at time of printing
(September 2012) and is subject to changes without prior notice.
S
PSMB
CLAIMABLE
(HRDF)
Pembangunan Sumber Manusia Berhad
C
H
E
M
E
S