My information Resource (blog.mir.net)

The MVP Award Program and the Windows IT Pro teams are pleased to offer a *free* live webcast, as part of a global community event, to provide first hand guidance about Windows 10 Enterprise for IT Pros. Join Microsoft MVPs as they take you through topics such an overview of the Windows 10 Enterprise, Windows Security, Windows as a Service, Windows Deployment, Windows Management & Store, and Windows Networking. Hope you are able to join us! This webcast is a great opportunity for you to learn and also participate live in Q&A session with some of the top Windows IT Pro experts.

Learn more about Windows 10!

The Windows team is empowering the MVPs with technical content and a specific private training so each MVP delivering the session is fully equipped with content, and guidance to better support you as an attendee of the webcast. We hope you are able to join us in this global community event!

I will be one of the MVP presenting

Topics include

The above time are PST Time

To register click HERE

Go digital and save 90%

For a limited time, tell us what Microsoft Press book is on your shelf and receive a special discount code to save 90% on the multi-format eBook edition!

Locate the ISBN on your book’s copyright page or back cover to get started. A unique code will be displayed on screen after you submit this form.

Please note: Products submitted for this special offer will not be listed as registered products in your microsoftpressstore.com account. For additional benefits, register your book today.

I just found this on Microsoft Site..

 

Spotlight on   “PowerShell for Auditing and Security.” workshop speaker Guy Herman

PowerShell for Auditing and Security

PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment.  PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem.  Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows.  This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.

Starting with the basics of using the shell and cmdlets along with the included help system, we examine the command syntax, command discovery, and how to work with the PowerShell Pipeline.  We then progress into some of the many things you can do with PowerShell right now to audit and secure your environment.  We then delve into some of the more sophisticated aspects of PowerShell and how it can be best used by Windows Administrators.  You will be exposed to the Desired State Configuration tool, as well as Best Practices and specialized techniques for auditing and securing your environment.

This session is packed full of Hands-On-Labs to demonstrate just how easy to use and powerful PowerShell really is:

• Lab: Configuring Windows PowerShell
  • · PowerShell Console Application
  • · PowerShell ISE Application
• Lab: Finding and Running Basic Commands
  • · Finding Commands
  • · Running Commands
  • · Using “About” Files
• Lab: Using the Pipeline
  • · Selecting and Sorting Data
• Lab: Converting, Exporting, and Importing Objects
  • · Converting Objects
  • · Importing and Exporting Objects
• Lab: Filtering Objects
  • · Filtering Objects
• Lab: Enumerating Objects
  • · Enumerating Objects
• Lab: Working with Pipeline Parameter Binding
  • · Predicting Pipeline Behavior
• Lab : Formatting Output
  • · Formatting Command Output
  • · Reproducing Specified Output
• Lab : Working with WMI and CIM
  • · Querying Information by Using WMI
  • · Querying Information by Using CIM
  • · Invoking Methods
• Lab : Moving From Command to Script
  • · Test the Command
  • · Parameterize Changing Values
  • · Add Verbose Output
  • · Add Comment-Based Help
• Lab : Moving From Script to Function to Module
  • · Convert the Script to a Function
  • · Save the Script as a Script Module
  • · Add Debugging Breakpoints
• Lab : Implementing Basic Error Handling
  • · Add Error Handling to a Function
  • · Add Error Handling to a New Function
• Lab : Creating an Advanced Function
  • · Test an Existing Command
  • · Create a Parameterized Function
  • · Handle Multiple Targets
  • · Add Error Handling
• Lab : Using Basic Remoting
  • · Enable Remoting on the Local Computer
  • · Performing One-to-One Remoting
  • · Performing One-to-Many Remoting
• Lab : Using Remoting Sessions
  • · Using Implicit Remoting
  • · Multicomputer Management
• Lab: Desired State Configuration
  • · Enabling or disabling server roles and features (like IIS)
  • · Managing registry settings
  • · Managing files and directories
  • · Starting, stopping, and managing processes and services
  • · Managing groups and user accounts
  • · Managing environment variables
• Lab : Documenting Servers and Workstations
  • · Finding the Right Script
  • · Performing the Inventory
• Lab : Auditing User Passwords

Come and learn what PowerShell can do for you, and how you can use it to audit and secure your Windows ecosystem.

This session  will be offered as a pre-conference workshop on Tuesday, October 13th at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Register here this will sell out and no walking will be allowed

 

Instructor: Tim Singletary, Technical Director, Cyber Security Services, Harris Inc.

The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.

From smartphones, tablets, wearables, to the IOT (Internet of Things), wireless technologies have taken over both consumers and corporate America. Knowing the types of attacks and inherent weaknesses and vulnerabilities of wireless networks is half the battle, in keeping both your personal and corporate information secure and away from prying eyes.

In this presentation we will talk about issues within wireless technologies that every individual using wireless should know. We will see firsthand demonstrations of weaknesses in wireless and how to mitigate those risks and protect critical resources (personal and corporate)

Deployments of wireless LANs (WLANs) are being used today more and more in our business and home use. While this technology has made it easy to create a mobile workforce, it has some security issues that we need to deal with. In this session you will learn about Wireless technologies include WI-FI, Bluetooth, IRDA, 3g/4g., How they works, what are the risks to you data and company.

Most enterprises have some degree of wireless connectivity to their networks. Even if wireless technology is not formally sanctioned or supported by the IT organization, the end user community may have installed some wireless devices. Such widespread use of wireless technology may present substantial risk to the organization, not only to the wireless network but also to the wired network. WLANs eliminate physical barriers that have traditionally been used to separate trusted internal network traffic from unauthorized users outside of the organization, and therefore present an appealing target for attackers. You will learn about WEP, WPA1, WAP2, TKIP, Preshared Key, AES, and use of cryptographic techniques that you will use to you design and security of your network. The session will then demonstrate how security is so important by breaking in to wireless networks.

This session  will be offered as a pre-conference workshop on Tuesday, October 13th at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Register here this will sell out and no walking will be allowed.

 

Spotlight on   “All your data belongs to us.” workshop speaker Chris Roberts

“All your data belongs to us.”

This simple statement is becoming more of a reality as both technologies accelerate and we (the soggy human element) get left behind.  The variety of means and methods for storing and transmitting data have increased exponentially over the past few years and the tidal wave that is the Internet of Things (or IofE) is set to continue that trend. We have found ever-inventive means for distributing our data and our very lives across the electronic spectrum that we no longer really understand the extent of the saturation. This trend is not constrained to our personal lives as those delineation marks between personal and “work” have significantly blurred with both society and technological shifts. It is these traits among others that make the art of human engineering and intelligence gathering so much more involved.

Outline:

• We have simply become walking attack vectors…
• Digital footprints, what are they, why are we talking about feet and what use are they to us as we work through the masses of data?
• We are going to take a look at the core of an organization…its data. We will strip away the misconceptions that the data still is in the control of the organization and begin to understand WHERE the data is, HOW it got there and how WE can access it, learn from it and ultimately use it against our intended targets.
• Targeting and attack vectors, looking beyond the perimeter. Reviewing an organizations structure, it’s VAR’s, partners, suppliers and other entities that are either trusted or shared resource entities.
• We all love the IT department, the developers and the resources they use without thinking.
• When YOU and YOUR work bleeds into your personal life…and the reverse. Why your E-Mail is one of the best fingerprints you leave behind. Why your HOA or your kids soccer team should never have your company mail address.
• Targeting it outside of the borders, how much easier it is to attack in certain territories.
• What public tools are out there, how GoogleFu is good, but not always adequate.
• CLEAR/LEXIS NEXIS, what data can you gather from there vs. other entities, what works and what needs supplemental sources. At this point we’ll take a look at the other options open to individuals doing their own research.
• The Darker side of the Internet, what it is, how to get to it and how useful it CAN be (if only the Feds would stop closing down sites!)
• Making sure the DarkNet doesn’t follow you home, HOW to search, what tools to use and when to throw the computer away… The art of the VM and how to anonymize yourself.
• All this and we’ve yet to actually “touch” the company, no CFA violations, no laws bent and nothing that’s going to show up on the radar…all this legally done, above board and simply piecing together the jigsaw. We now have our target, our attack vectors and our plans, what’s next?
• Reversing the mindset, how we can take ALL of this and use it in a defensive manner, how to actually be PROACTIVE in security and start to consider the preemptive capabilities of intelligence gathering in the commercial world.

This session  will be offered as a pre-conference workshop on Tuesday, October 13th at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Register here this will sell out and no walking will be allowed.

 

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE .

The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cybersecurity & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).

You can and should register here this will sell out and no walking will be allowed

The event will be held at

 Microsoft NYC Office
11 Times Square, New York City, NY

The schedule includes

You can and should register here this will sell out and no walking will be allowed

 

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE

NYMJCSC is also offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.

Register here this will sell out and no walking will be allowed.

Workshops will be offered at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Workshop 1: PowerShell for Auditors

Speaker Guy Hermann

Hand on PowerShell for IT security and auditors … requires BYOD Instructor: Guy Hermann PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment. PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem. Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows. This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.

Workshop 2: Wireless Shock and Awe 

Speaker Tim Singletary

Be worried about what exposed via Wireless Instructor: Tim Singletary The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.

Workshop 3: Privacy and the Dark Net

Speaker Chris Roberts

What the Internet knows about you and your company

Workshop 4: Application Security

Speakers

Tom Brennan, Ken Belva, Vladislav Gostomelsky 

Part 1: Take a tour of the OWASP foundation:

Part 2: Live hacking demonstration using OWASP ZAP and OWASP WebGoat to find vulnerabilities.

Part 3: Deep dive into specific application threat surfaces.

Register here this will sell out and no walking will be allowed.

 

If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode .

Xcode is used for developing iOS and OS X apps by developers.  If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode.  This malicious code infected an unknown number of iOS apps and reports range from 0v34 80 apps depending on the news media report you read. 

If you find you have installed one of the infected apps, the solution is to uninstall the app or update if available and some of the infected have not been replaced and are currently unavailable in the App Store. Once you have removed or updated all the infected apps you should change your iCloud password and any other passwords inputted on your iOS device as a precaution.

http://bgr.com/2015/09/21/app-store-hack-iphone-malware-apps-list/

http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/

 

Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices.

Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. Windows 10 employs Device Guard as well as code integrity and advanced hardware features such as CPU virtualization extensions, Trusted Platform Module, and second-level address translation to offer comprehensive modern security to its users.

You can learn more about this feature here

Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. The new features rely on the same hypervisor technology already used by Hyper-V.

Credential Guard offers the following features and solutions:

Using hardware-based virtualization to extend whitelisting and protecting credentials. Hardware-Based security has the advantage of platform security features, such as Secure Boot and virtualization to increase security

Microsoft has also fixed the issue that could result in to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket, with, Credential Guard. This new technology uses virtualization-based security to isolate secrets so that only privileged system software can access them when they are stored on disk or in memory.

You can learn more about Credential Guard here

Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, face, or eye recognition. Most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon. For face recognition you will need a special camera like the Intel® RealSense™ .

You can learn more about Hello here

 

 

 

 

 

 

 

Download all formats (PDF, Mobi and ePub) at the Microsoft Virtual Academy.

July 15, 2015 update: You can now get this eBook with interactive features by downloading the free Microsoft Press Guided Tours app from the Windows Store.