Jun 3, 2015

BruCON 0x07 Training track complete

We are proud to present to you our complete training track for this 0x07 edition of BruCON. 

The line-up! : 
  • Practical Malware Analysis: Rapid Introduction by  Andrew Honig (3 day training) : One of BruCONs most popular trainings is back. The co-author of the book will be hosting one of our most popular training tracks. Students also get a free copy of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. 
  • Tactical Exploitation and Response by Russ Gideon (3 day training) : Russ, being the Director of Training and Malware Research at Attack Research bring along a ton of experience and a well balanced program for tactical exploitation and response.
  • Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan (2 day training) : Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this two-day hands-on training!
  • Wireshark WiFi and Lua-Packet Class by Didier Stevens (2 day training) : Wireshark is the number one network security tool according to SecTools.org top 125 Network Security Tools survey. But did you ever spend time to familiarize yourself with the many powerful features of this excellent security tool? If you did not, then now is your chance to learn as much as you can in this class and receive your complementary AirPcap adapter for Windows.
  • Cyber Breach Management by Chris Nutt (3 day training) : This course will teach students how to successfully manage the people, processes, and voluminous data required to successfully investigate and recover from a breach. All phases of the incident response process will be covered and hands-on exercises will provide tools for analyzing system artifacts as well as scrutinizing and communicating technical findings.
  • Offensive IoT Exploitation by Aditya Gupta and Aseem Jakhar (3 day training) : A brand new and unique course which offers penetration testers the ability to assess the security of  smart devices. The training will cover assessing IoT attack surfaces and finding security issues. 
  • Assessing and Exploiting Control Systems by Don C. Weber (3 day training) : This is not your traditional SCADA security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, and master servers.
The training location will be Novotel Ghent Centrum.

All training details and registration links can be found on the BruCON training pages (link). Early Bird registration is possible until the 1st of August  and be found here

your BruCON team.

May 16, 2015

BruCON 0x07 Line-up and Early Bird Registrations

Hello there BruCONneers!

Over the past month we have been chewing over the CFP submissions. We received really great proposals and had to make some tough choices. And finally, white smoke!

We are thrilled to propose you the Line-Up for BruCON 0x07:

Keynotes
  • Dave Kennedy, Co-founder of TrustedSec and Binary Defense Systems. Co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery
  • Shyama Rose, Vice President of Information Security for Live Nation Entertainment

Talks
  • Willi Ballenthin and Jon Tomczak - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
  • Alexandre Dulaunoy and Pieter-Jan Moreels - cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
  • L. Grecs - Creating REAL Threat Intelligence ... with Evernote
  • Mark Hillick - Levelling Up Security @ Riot Games
  • Samuel Hunter and Adam Schoeman - Explosive Honey: Improving intelligence collected by Honeypots
  • Ryan Kazanciyan and Matt Hastings - Desired state: compromise
  • Dhia Mahjoub and Thomas Mathew - Unified DNS View to Track Threats
  • David Mortman - SSO: It's the SAML SAML Situation (With Apologies to Mötley Crüe)
  • Rushikesh Nandedkar and Amrita Iyer - The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */
  • Chris Nickerson - Nightmares of a Pentester
  • Kuba Sendor and Ivan Leichtling - OSXCollector: Automated forensic evidence collection & analysis for OS X
  • Eric Smith - Advanced Red Teaming: All your badges are belong to us
  • Richard Thieme - Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live
  • Mathy Vanhoef - Advanced WiFi Attacks using Commodity Hardware

Workshops

  • Pieter Danhieux and Erik Van Buggenhout - Hands-on Incident Response Workshop
  • Sergei Frankoff and Sean Wilson - Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
  • Prateek Gianchandani - iOS application pentesting
  • Chris Lytle and Leigh Lytle - Hands-On Old School Cryptography
  • Chris Lytle and Matt Jakubowski - BrewCon
  • Vito Rallo - Kernel Tales
  • Vivek Ramachandran - Wi-Fi Network and Host based Intrusion Detection & Forensics for Pentesters
  • Arnaud Soullie - Pentesting ICS 101
  • Didier Stevens - A Hands On Introduction To Software Defined Radio
  • DJ Jackalope, Ocean Lam, Count Ninjula and Keith Myers - DJ workshop

Villages
  • ICS Village
  • Hak4kidz - Hacking conference for children (Sunday 4-Oct)

Sounds
  • Ocean Lam (Hong Kong)
  • DJ Jackalope (Las Vegas)
  • Count Ninjula (Los Angeles)
  • Keith Myers (Los Angeles)
  • keroSerene (Serene Han, pianist)

Training
  • Andrew Honig - Practical Malware Analysis: Rapid Introduction (3 day training)
  • Russ Gideon - Tactical Exploitation and Response (3 day training)
  • Dawid Czagan - Hacking web applications - case studies of award-winning bugs in Google, Yahoo, Mozilla and more (2 day training)
  • Didier Stevens - Wireshark WiFi and Lua-Packet Class (2 day training)
  • Chris Nutt - Cyber Breach Management (3 day training)
Stay tuned for more training announcements!

You might want to come earlier, as we have some extra activities on Wednesday 7-Oct in the pipeline :-)

Early Bird registration is now open for the conference and the trainings!

Cheers,


the BruCON team

Apr 2, 2015

Brucon 2015 CFP Extension

Greetings all

As you may know already (or know now for certain) the Brucon 2015 CFP has been extended by two weeks. This means it will close for good on Wednesday the 15th of April at midnight CET.
This give all of you a little more time to submit your talks to our awesome little conference.

CFP feedback will be sent before April 30th 2015. All accepted talks and
workshops will be published before May 15th 2015.


If there are any issues with the submission site please give cfp@brucon.org a heads-up. Send your submission by mail as a last resort.

The CFP is available here:


The Brucon team looks forward to welcoming you all again in October.

.Brucon Team.

Mar 16, 2015

Cancellation BruCON Spring Training 2015

We regret to inform you that due to the low amount of registrations, we have to cancel our 2015 Spring training track. With about one month to go, despite our promotional efforts, we have not been able to get the attendee numbers up to an acceptable level, a problem we have seen shared by others.

We strive to provide quality trainings with international trainers to make it attractive to a larger audience. Because of this, the decision was taken now rather then waiting for the last minute. We are working on re-planning some of this trainings to the fall training track (5-7 October) which will be announced soon.

People who already registered will soon be contacted to discuss the options.

If you have any other questions, you can contact us at training[att]brucon.org

The BruCON Training team

Jan 21, 2015

BruCON Spring Training 2015

We are extremely proud to present to you our program for the 2015 Spring Training which will be hosted between the 22 and the 24 of April. 

The line-up! : 

  • Practical Malware Analysis: Rapid Introduction by Michael Sikorski (3 day training) : Our almost "resident" BruCON trainer and speaker Michael joins us once more for his popular rapid introduction training and is already booked for an advanced training session during our fall track.
  • Tactical Exploitation and Response by Russ Gideon (3 day training) : Russ, being the Director of Training and Malware Research at Attack Research bring along a ton of experience and a well balanced program for tactical exploitation and response.
  • Red Team Testing by Ian Amit and Chris Nickerson (3 day training) : Chris and Ian are both frequent speakers at large security conferences and have contributed tremendously to the security world. Their combined experience can easily fill a two week training course and unfortunately we "only" have three days.
  • Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan (2 day training) : Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this two-day hands-on training!
  • Wireshark WiFi and Lua-Packet Class by Didier Stevens (2 day training) : Wireshark is the number one network security tool according to SecTools.org top 125 Network Security Tools survey. But did you ever spend time to familiarize yourself with the many powerful features of this excellent security tool? If you did not, then now is your chance to learn as much as you can in this class and receive your complementary AirPcap adapter for Windows.

The training location will be Novotel Ghent Centrum.

All training details and registration links can be found on the BruCON training pages (link)

your BruCON team.

Jan 14, 2015

5by5 announcement 2015

Hackers and security enthusiasts of the world,

In 2013 we launched our first 5by5 program. We set aside 25,000 euros to sponsor independent research and contributions to the information security field and sponsored projects with a maximum of 5,000 euros. As BruCON we were very happy with the results and we were happy to do it again in 2014. With another group of enthusiastic contributors doing amazing things...

We just can't get enough :) 2015 will be our 3rd year of 5by5 projects.

As of today we are launching our call for projects! Any project of an independent non-commercial nature will be considered for the 5by5 program and BruCON will work together with the participants to contribute to its success.

These are the rules for 5by5 2015:


  • Submit a detailed description of your project, its goals and its milestones to 5by5@brucon.org before February 10th 2015. You will be informed of acceptance before March 10th 2015.
  • If your team includes more than 1 person, nominate a primary contact for 5by5 correspondence.
There are no limitations towards the projects. We accept new initiatives or projects that are already under development for a while. As long as it is relevant for the information security space we will add it to the list for consideration.

After acceptance, you will be assigned a 5by5 Mentor. This person will work with you to keep an eye on progress of the project, determine milestones and he/she will be your guide through the whole process. 

From BruCON 5by5, you can expect :
  • Project sponsorship/contribution up to 5,000eur
  • Project mentorship by an experienced community member
  • A venue to put your project in the spotlight at BruCON 2015 (travel+hotel covered by BruCON)
  • Eternal gratitude from the information security community
We look forward to your submissions and another successful BruCON year!


RockON BruCON!

The BruCON team

Jan 12, 2015

CFP Announcement Brucon 0x07

This is the call for papers (CFP) for talks and workshops for the 7th edition of BruCON, a 2-day Security and Hacking Conference full of interesting presentations, workshops and security challenges. BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world including (but not limited to) hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,etc. The conference will be held in Ghent on the 8th and 9th of October 2015

Topics of interest include, but are not limited to :
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Web Application and Web Services Security
* Lockpicking & physical security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Hardware hacking, embedded systems and other electronic devices
* Mobile devices exploitation, Symbian, P2K and bluetooth technologies
* Electronic Voting
* Free Software and Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Security aspects in SCADA, industrial environments and "obscure" networks
* Forensics and Anti-Forensics
* Mobile communications security and vulnerabilities
* Information warfare and industrial espionage
* Social Engineering
* Virtualisation Security
* ...

Possibly formats are:
* 1hr talk
* 2hr workshop (preferably hands on)
* 4hr workshop (preferably hands on)

How to submit:
Submissions will contain as much detail as possible and will be written in English.
This year we use EasyChair to collect and review talk and workshop proposals.
You will submit your proposal online: https://www.easychair.org/conferences/?conf=brucon0x07
Your submission will contain at least the following details:
* Your name
* Where do you live (country)
* How to reach you
* The title of your talk/workshop, including type [talk|2h workshop|4h workshop]
* An abstract of your talk/workshop, including a brief biography
* A number of keywords to characterise your submission
* Additionally you are encouraged to include, in plain text or PDF format, supporting materials such as slidedecks, white papers, curriculums, prerequisites for talk/workshop, ...

Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accomodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!

This CFP closes on March 31st 2015 at midnight CET -- CFP feedback will be sent before April 30th 2015. All accepted talks and workshops will be published before May 15th 2015.

Small print: We do not accept product or vendor related pitches. If your presentation involves an advertisement for a new product or service your company is offering, please do not submit. Also, we do not accept presentations submitted by a third party including (but not limited to) company representatives, management bureau's, etc. BruCON presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. We want BruCON to be educational and entertaining to the attendees and the community.