Jun 21, 2016

Brucon 0x08 Talks and Workshops

It's taken us a bit of time and some hard deliberation, but here are your talks and workshops for Brucon 0x08 !!

Firstly we'd like to thank everyone who took the time to submit. We had some truly awesome talks and workshops submitted and it was difficult to whittle it down to the final list.

So without further ado...

Talks:


  • "Building a Successful Internal Adversarial Simulation Team" - Chris Nickerson and Chris Gates
  • "What Does the Perfect Door or Padlock Look Like?" - Deviant Ollam
  • "New Adventures in Active Defense, Offensive Countermeasures and Hacking Back" - John Strand
  • "NO EASY BREACH:Challenges and Lessons Learned from an Epic Investigation" - Matthew Dunwoody and Nicholas Carr
  • "Decepticon The Rise and Evolution of an Intelligent Evil Twin…!!!" - Rushikesh Nandedkar, Amrita Iyer and Krishnakant Patil
  • "Hello to the Dark Side: Understanding YOUR Adversaries without All Those Expensive Threat Intel Tools" - L. Grecs
  • "Security through design - Making security better by designing for people" - Jelle Niemantsverdriet
  • "Esoteric Web Application Vulnerabilities" - Andres Riancho
  • "Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em'" - Daniel Bohannon
  • "Virtual Terminals, POS Security and becoming a billionaire overnight" - Grigorios Fragkos
  • "Hacking KPN: Lessons from the trenches" - Jeremy Goldstein and Bouke van Laethem
  • "Scraping leaky browsers for fun and passwords" - Stefaan Truijen, Adrian Toma and Arne Swinnen
  • "Smart Sheriff, Dumb Idea. The wild west of government assisted parenting" - Abraham Aranguren, Fabian Fäßler and Abraham Aranguren
  • Talk title incoming...listen to "Last Writes" at full volume in the mean time - Dual Core


Workshops:


  • "The Control Things Workshop" - Justin Searle
  • "Hacking The Enterprise" - Eden Froemming and Wim Remes
  • "Hello Friend: Creating a Threat Intelligence Capability" - Rebekah Brown and Scott J Roberts
  • "Brewcon" - Chris Lytle
  • "Hunting Malware with osquery at scale" - Nick Anderson, Sereyvathana Ty and Javier Marcos
  • "Analyzing Malicious Office Documents" - Didier Stevens
  • "Incident Response Workshop" - Maxim Deweerdt and Erik Van Buggenhout
  • "Crowdsourced Malware Triage: Making Sense of Malware With a Browser and a Notepad" - Sergei Frankoff and Sean Wilson
  • "How to securely build your own IoT enabling embedded systems: from design to execution and assessment" - Jens Devloo, Jean-Georges Valle and Vito Rallo
  • "802.11 Leakage: How passive interception leads to active exploitation: I now know where you live, work, and play, and oh btw, I have also MiTM'd your smart phone and laptop" - Solomon Sonya and Solomon Sonya
  • "Putting a lock around your containers with Docker Security Primitives" - Nils De Moor
  • "Visual Network and File Forensics using Rudra" - Ankur Tyagi


We will be publishing more detailed information on each of the talks in the coming weeks.
The training program will be announced soon ! 

In the mean time, we will be working on getting tickets ready for purchase.

Looking forward to seeing everyone in Ghent in October !!

BruCON Crew

May 3, 2016

Brucon 2016 CFP Extension

Greetings all
As you may know already (or know now for certain) the Brucon 2016 CFP has been extended by two weeks. This means it will close for good on Sunday the 15th of May  at midnight CET.
This give all of you a little more time to submit your talks to our awesome little conference.
Submissions that have arrived before May 1st 2016 will have a preference over the submissions that arrive during the extension.

CFP feedback will be sent before May 30th 2016. All accepted talks and
workshops will be published before June 15th 2016.

If there are any issues with the submission site please give cfp@brucon.org a heads-up. Send your submission by mail as a last resort.
The CFP is available here:
http://blog.brucon.org/2016/03/brucon-0x08-cfpcft-announcement.html

The Brucon team looks forward to welcoming you all again in October.
.Brucon Team.

Mar 24, 2016

Spring Training Update

We are appalled by the recent attacks that took place last Tuesday in Brussels. With regards to the current situation, we will keep an eye on the travel advice to Belgium during the coming weeks.
Since our Spring trainings are still a few weeks away, we currently see no reason to cancel this event.

Mar 9, 2016

BruCON 0x08 CFP/CFT Announcement

This is the Call for Papers (CFP) for talks and workshops and Call for Training (CFT) for the 8th edition of BruCON, a 2-day Security and Hacking Conference full of interesting presentations, workshops and security challenges. BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world including (but not limited to) hackers, security professionals, security communities, non-profit organisations, CERTs, students, law enforcement agencies, and many more.
The conference will be held in Ghent on the 27th and 28th of October 2016. The training sessions will be held from 24th until 26th of October 2016 (all trainings start on the 24th).

[CONFERENCE]
Topics of interest for the conference include, but are not limited to :

  • Electronic/Digital Privacy
  • Wireless Network and Security
  • Attacks on Information Systems and/or Digital Information Storage
  • Web Application and Web Services Security
  • Lockpicking & physical security
  • Honeypots/Honeynets
  • Spyware, Phishing and Botnets (Distributed attacks)
  • Hardware hacking, embedded systems and other electronic devices
  • Mobile devices exploitation, Symbian, P2K and bluetooth technologies
  • Electronic Voting
  • Free Software and Security
  • Legal and Social Aspect of Information Security
  • Software Engineering and Security
  • Security in Information Retrieval
  • Security aspects in SCADA, industrial environments and "obscure" networks
  • Forensics and Anti-Forensics
  • Mobile communications security and vulnerabilities
  • Information warfare and industrial espionage
  • Social Engineering
  • Virtualisation Security
  • ...

Possible formats are:

  • 1hr talk
  • 2hr workshop (preferably hands on)
  • 4hr workshop (preferably hands on)



[TRAINING]
Please take into account the following guidelines: 
  • BruCON hosts predominantly offensive technical security training sessions. We don't have any specific focus areas for now, so please submit any training you deem interesting !
  • Training should be either 2 or 3 days with a preference for the latter.
  • You are allowed to submit multiple training suggestions, however please specify if they can be hosted simultaneously.
  • If you have additional hardware that need to be taken into account, please specify including the additional costs.
If you submit a training, please include, at minimum, the following information: 

  • Description
  • Course content
  • Target audience
  • Trainer biography
  • Hosted before? If so, where and when

Possible formats are:
  • 2-day training
  • 3-day training

[SUBMISSION GUIDELINES]
Submissions will contain as much detail as possible and will be written in English.
We use EasyChair to collect and review talk, workshop and training proposals.
You will submit your proposal online: https://www.easychair.org/conferences/?conf=brucon0x08
Your submission will contain at least the following details:

  • Your name
  • Where do you live (country)
  • How to reach you
  • The title of your talk/workshop/training, including type [talk|2h workshop|4h workshop|2 day training|3 day training]
  • An abstract of your talk/workshop/training, including a brief biography
  • A number of keywords to characterise your submission
  • Whether you submitted and/or presented this proposal at other conferences, and which
  • Additionally you are encouraged to include, in plain text or PDF format, supporting materials such as slide decks, white papers, curriculums, prerequisites for talk/workshop/training, outline,...

Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accommodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!

This CFP closes on April 30th 2016 at midnight CET -- CFP feedback will be sent before May 30th 2016. All accepted talks and workshops will be published before June 15th 2016.

Small print: We do not accept product or vendor related pitches. If your presentation involves an advertisement for a new product or service your company is offering, please do not submit. Also, we do not accept presentations submitted by a third party including (but not limited to) company representatives, management bureau's, etc. BruCON presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. We want BruCON to be educational and entertaining to the attendees and the community.

Feb 29, 2016

Brucon Spring Training Update

Good evening all

Just a quick update from the Brucon team on our Spring Training.

We are quickly approaching our deadline for training attendees. If you're looking to attend a class with us in April, please could you look at booking before the 20th of March. We've had to set a hard deadline as some of the classes could face cancellation due to low attendee numbers. Obviously we don't want to do that unless it's absolutely necessary.

The training schedule can be found here

If you have any questions around the Spring training or would like to know a little more about anything, please don't hesitate to get in touch with us at training at brucon dot org.

We are looking forward to welcoming you in April.

Training team.


Feb 17, 2016

Corelan bootcamp course - additional seats

We are happy to announce that we have been able to arrange 10 additional seats for the popular Corelan Bootcamp course at BruCON Spring Training . The registrations for these will be opened next Friday 19/02 at 9 o'clock (GMT+1). 

You can register via this link

Your BruCON Training Team

Jan 27, 2016

Trainer spotlight - Dawid Czagan/Hacking web applications

In a "guest post" Dawid Czagan explains a little more about what attendees can expect from his training...


My hands-on training Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more is unique, because it is based on real, award-winning bugs found in famous companies like Google, Yahoo, Mozilla, Twitter,... Students will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

It will be the second edition of this training at BruCON. The first one (BruCON 2015) was sold out. 

After completing this training, students will have learned about:
  • tools/techniques for effective hacking of web applications
  • non-standard XSS, SQLi, CSRF
  • RCE via serialization/deserialization
  • bypassing password verification
  • remote cookie tampering
  • tricky user impersonation
  • serious information leaks
  • browser/environment dependent attacks
  • XXE attack
  • insecure cookie processing
  • session related vulnerabilities
  • mixed content vulnerability
  • SSL strip attack
  • path traversal
  • response splitting
  • bypassing authorization
  • file upload vulnerabilities
  • caching problems
  • clickjacking attacks
  • logical flaws
  • and more…

This hands-on training was attended by security specialists from big companies like Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector and it was very well-received (recommendations here: https://silesiasecuritylab.com/services/training/#opinions ).

Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What's more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.