Safeguarding your Business Assets through Understanding of the Win32API presented at BlackHatWindows 2001

by David Goldman, Todd Feinman,

Summary : As Windows 2000 becomes integrated with indispensable corporate operations, the operating system acts a portal through which hackers can breach and compromise sensitive business resources. Through case study analysis we will discuss numerous vulnerabilities inherent to the Win32API. You must protect your business against threats that exploit these features. This session will arm you with critical knowledge and an arsenal of assessment techniques that will help you not only battle todays vulnerabilities, but also prepare you for unknown future threats.
Todd is currently pursuing an MBA at Harvard Business School. Combining this with his experience as a manager for PricewaterhouseCoopers technology-security consulting practice, he is assisting corporations with the integration of secure systems into their daily operations and e-business systems. At PwC, he was responsible for delivering Windows NT/2000 services including security assessment, penetration, as well as strategy development and implementation. He is a principal author of several books, white papers, and articles including Microsofts technical reference book on Windows NT Security and Audit, as well as an Electronic Commerce book published by Irwin/McGraw Hill.
David is currently in PricewaterhouseCoopers technology-security consulting practice and is focusing on assisting businesses secure their online environments. Leveraging his background in e-business systems and Internet enabled application design, he facilitates the incorporation of sound security practices into corporate operations. Currently, he is managing the assessment, design, and implementations of security and controls on systems and applications across disparate environments. His specialty is Windows NT/2000 and has written several white papers and articles on the subject.
Todd and David are the developers of eXcalibur Security 2000, a Windows NT/2000 security collection tool that utilizes many security-related Win32 API calls.