The attendees of the SANE 2000 conference will probably all be White Hats, or simply 'the good guys'. This lecture will give the Black Hats viewpoint, i.e. that of the hackers who are trying to break in to your computers. As somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet who are really hacking is decreasing. However, the bad thing is that we now have a new phenomenon: the script kiddies. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort. This Black Hats Session will highlight the problems that exist in present operating systems, application software and how administrators set up and work with these issues. Not only will these problems be discussed on a high level (buffer overflows, denial of service attacks, privileges, sniffing, security through obscurity, etc.) but also on a tangible level (ypx, insecure default settings, portmapper, sendmail, etc.). The session will follow intruders from the data-gathering stage, to the actual break-in and beyond, demonstrating the ease at which this can be done using actual systems. Not only will we talk about the problems, we will also give hints on how to prevent your systems from being vulnerable. A large part of the lecture will therefore be about ways to prevent break-in attempts. After the lecture, attendees will have an insight into the methods that are being used to break in to computer systems, and common examples of these methods. The attendees will also have a set of tools and methods that can help prevent, detect and limit the effects of break-ins. Who should NOT attend People who should _not_ attend can be divided into two categories: 1) people who know how to break into systems, because they probably will not hear new things, and 2) people who don't care if others break into their systems or networks, because we don't want to waste their time.

Walter Belgers Walter Belgers (30) lives in Eindhoven, the technological centre of the Netherlands. His interest for the Internet and UNIX started in 1988. In 1994, he got his degree in Computing Science and started working as Internet Specialist for what is now Origin, the largest Dutch IT company. Walter now mainly works on secure access (firewalls, VPN) and scalable remote management. He has given tutorials at conferences like SANE and FIRST. His interests include security in its broadest sense (including things such as lockpicking), music, sailing and swimming. Hans van de Looy Hans van de Looy (37) lives in Utrecht, the geographical centre of the Netherlands. He started using the C language and UNIX in 1979 and has not stopped since. After finishing his study Computing Science in 1984 he has worked for several companies in various functions. Ranging from Senior Software Engineer at a nuclear R&D laboratory, Development Manager for a telecommunications company and Product Manager/Security Consultant for a high-end computer manufacturer. Hans now works as a full time Senior (network and computer) Security Consultant for both the governement and large(r) companies. He has presented papers and tutorials at several (international) conferences and universities. His interests include but are not limited to security in its broadest sense (including leisures such as lockpicking), music, reading and sailing.