At BruCON we're pretty idealistic. We truly believe that, as a community we can achieve great things. For many of our speakers, workshop organizers and trainers, BruCON was the first venue they presented/trained at.
Last year, Mathy Vanhoef was one of those 'new kids on the block' as he presented his research on new flaws in WPA-TKIP. We were aware of Mathy and his technical chops for a while so we were excited when he submitted to BruCON. More so when he got selected to speak at our event.
Today we were informed that Mathy has worked further on the research he performed for his presentation and together with Frank Piessens he wrote an paper on the subject. This paper, called 'Practical Verification of WPA-TKIP vulnerabilities', which has now been officially been accepted as an academic research paper.
All credit for this obviously goes to Mathy and Frank for their research and their commitment, but as an organisation that is focused on stimulating the community, research and cooperation this is a sign that we're moving in the right direction. We couldn't be happier with this news.
Let's all congratulate Mathy (@vanhoefm on twitter ;-)) and Frank but more importantly, let's do more of this!
Apr 18, 2013
Apr 12, 2013
Registration is open!
this post could alternatively be titled "how you can't keep a cat in a bag in front of a bunch of hackers"
* no cats were harmed during the opening of the BruCON registrations
We know it has taken a while but as we ran some tests this morning to validate our registration and payment systems, it didn't take long for people to find out that registration had opened and we received a live test by what we can probably best describe as "our fans" =)
As of yesterday you can start registering right here:
* no cats were harmed during the opening of the BruCON registrations
We know it has taken a while but as we ran some tests this morning to validate our registration and payment systems, it didn't take long for people to find out that registration had opened and we received a live test by what we can probably best describe as "our fans" =)
As of yesterday you can start registering right here:
If you want to come out and celebrate our 5th anniversary with us, our speakers and trainers and - most obviously - our fantastic audience, don't waste time. We are looking forward to be your hosts!
Mar 1, 2013
BruCON CONstruct
FOR IMMEDIATE RELEASE
Traditionally BruCON has been an held in a 4-day format, 2 days of trainings (which will be announced soon) and 2 days of conference (talks, workshops). However, as FX and the PH Neutral crew aptly describe here, we too have observed a demand for a conference format that moves away from the traditional one-to-many format to a many-to-many format that allows for the exchange of knowledge and accelerated output of prototypes and solutions.
This year BruCON will host its first CONstruct day on September 25th. The event will loosely adopt to the PXE RFC linked to above and will invite 50 individuals that submit a topic of research, keeping in mind the following items of interest (from the PXE RFC) :
Traditionally BruCON has been an held in a 4-day format, 2 days of trainings (which will be announced soon) and 2 days of conference (talks, workshops). However, as FX and the PH Neutral crew aptly describe here, we too have observed a demand for a conference format that moves away from the traditional one-to-many format to a many-to-many format that allows for the exchange of knowledge and accelerated output of prototypes and solutions.
This year BruCON will host its first CONstruct day on September 25th. The event will loosely adopt to the PXE RFC linked to above and will invite 50 individuals that submit a topic of research, keeping in mind the following items of interest (from the PXE RFC) :
- Code and tools that facilitate computer security research and hacking, both offensive and defensive in nature
- Concepts, algorithms, procedures that aid research
- Reports on research experiences, preferably including a time line of steps and their success or lack thereof
- Of special interest are reports on FAILED RESEARCH, meaning that the intended goal was not reached
Every individual shall come prepared to explain their topic in a 10 minute presentation, work together with other participants and present results at the end of the event.
CONstruct will take place on September 25th, will be hosted by BruCON and the location will be disclosed to the selected participants. Purchase of a BruCON ticket is not required and the event is free for the invited participants.
You are urged to submit your topic of research by email to construct@brucon.org.
Credit for the PXE format goes to FX and the PH-Neutral crew. Kudos for pushing the envelope for more than a decade.
Feb 26, 2013
the 5by5 race is on
At BruCON 2012 we announced that we launched our 5by5 project where we were looking forward to see submissions coming in from individuals or groups that we could support to drive or speed up development. With a budget of €25000 we coud support 5 projects with up to €5000 and here we are today, ready to support the following projects:
1. OWASP OWTF (Abraham Aranguren)
More details on the Offensive Web Testing Framework can be found here : https://www.owasp.org/index.php/OWASP_OWTF
2. The Cloudbug Project (Carlos Garcia Prado)
The Windows OS integrates a mechanism to report technical information when a program crashes. This information is pretty useless to a normal user and the crash is going to happen anyway so why don’t do something useful with it?
By installing a small, nonintrusive program (it will only kick in if another program crashes) the users will be reporting anonymous information about the state of the application at the time of the crash. This information is invaluable to security researchers in order to find software flaws that could indicate critical security issues.
Data mining and reverse engineering will be performed on the submissions pool. The vulnerabilities found will be reported to the corresponding vendors for fixing.
3. A tool a month (Robin Wood)
4. Eccentric Authentication (Guido Witmond)
Eccentric Authentication (Ecca) is a protocol to replace password authentication with client certificates. By doing so we can:
1. OWASP OWTF (Abraham Aranguren)
More details on the Offensive Web Testing Framework can be found here : https://www.owasp.org/index.php/OWASP_OWTF
2. The Cloudbug Project (Carlos Garcia Prado)
The Windows OS integrates a mechanism to report technical information when a program crashes. This information is pretty useless to a normal user and the crash is going to happen anyway so why don’t do something useful with it?
By installing a small, nonintrusive program (it will only kick in if another program crashes) the users will be reporting anonymous information about the state of the application at the time of the crash. This information is invaluable to security researchers in order to find software flaws that could indicate critical security issues.
Data mining and reverse engineering will be performed on the submissions pool. The vulnerabilities found will be reported to the corresponding vendors for fixing.
3. A tool a month (Robin Wood)
Over the last few years I've created and publicly released over 30 free open source tools. Almost all of these have been done in my spare time without any kind of monetary backing. I'm happy doing this as I enjoy creating new tools but doing it this way means that paid work comes first and so good ideas often get delayed or forgotten about.
If I were selected for the project I would use the money to take time off client paid work and build a selection of tools for the community. BruCON is at the end of September which gives about 10 months from selection date to conference so I propose to write/publish a tool a month each month leading up to the event. The tools would not be huge Metasploit sized projects, more along the lines of CeWL [1] or Pipal [2].
I have a bunch of ideas but would like to see what the community needs so I think I'd like to have 5 tools that I've thought up then open the other 5 up to community submissions. I'm sure there are plenty of people out there who would like to automate a task or have an idea they don't have the skills to program themselves.
4. Eccentric Authentication (Guido Witmond)
Eccentric Authentication (Ecca) is a protocol to replace password authentication with client certificates. By doing so we can:
- make it easier to login and log out of web sites;
- make it anonymous; you can sign up to site without providing any details that would tie the account to your person;
- make communication more secure; with certificates, people can send encrypted and signed messages securely without revealing their identities. Ideal for a dating site;
- make it possible to bootstrap other communication protocols securely.
Feb 25, 2013
It's official: our keynote speakers
Every year we get loads of suggestions on "this would be an awesome keynote speaker" or "I would really like to see this person present at BruCON". Every year we are on the lookout for remarkable individuals that are defining, influencing and shaping the information security community and industry to present their unique perspective to you, our BruCON audience.
There are always the usual suspects: big names you'll eventually see at one of the bigger venues in the course of a year. Then comes the realization of what a keynote means to somebody. Is it a figurehead that you "rent" to sell your conference? We don't think so and we don't need to...
For us a keynote is one of those persons that you'd gladly start talking to early in the evening over some tasty cocktails, a person that listens and shares knowledge over a good meal and that thinks -just like you- it's too early to leave when the waiter kicks you out of the bar at 3am in the morning.
We believe that for our 5th anniversary we once again lucked out with both of our keynote speakers agreeing to come out to BruCON. The team can not wait to have them and you over for another epic edition of BruCON !!
Without further ado:
Justine Aitel
There are always the usual suspects: big names you'll eventually see at one of the bigger venues in the course of a year. Then comes the realization of what a keynote means to somebody. Is it a figurehead that you "rent" to sell your conference? We don't think so and we don't need to...
For us a keynote is one of those persons that you'd gladly start talking to early in the evening over some tasty cocktails, a person that listens and shares knowledge over a good meal and that thinks -just like you- it's too early to leave when the waiter kicks you out of the bar at 3am in the morning.
We believe that for our 5th anniversary we once again lucked out with both of our keynote speakers agreeing to come out to BruCON. The team can not wait to have them and you over for another epic edition of BruCON !!
Without further ado:
Justine Aitel
Justine Aitel has worked in Information Technology and Security for fifteen years, serving private and public sectors in technical, analyst and management roles. Her career started at New Zealand’s Government Communications Security Bureau, where she entered the world of security research and computer/network offense. She was later employed by ISS (now IBM) X-Force as a security researcher and consultant. During that time she relocated to New York City. In 2002 Justine joined Bloomberg L.P as a software security expert, taking on increasing responsibilities over time, leading to head of global risk management. Justine later joined her husband to growing the specialized security firm Immunity Inc, which remains a leader in the security offense space. In 2013 Justine took on the position of Head of Digital Infrastructure and Security at Dow Jones.
Dan Guido
Dan Guido leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in these massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries. Previously, Dan has worked for the Federal Reserve System where he proposed and developed a centralized function for threat intelligence; a team that used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. In addition to his professional work, Dan is a Hacker in Residence at NYU-Poly where he oversees student research and teaches classes in Application Security and Vulnerability Analysis.
Are you as excited as we are? That's what we thought ;-)
Jan 21, 2013
The BruCON CFP (presentations and workshops) is open ...
So as we have now properly closed down 2012, we're looking forward to make 2013 count double.
It is our 5th edition and we've been reinventing the way we've handled our CFP over the past few years. This year will be no different :-) Firstly, we are making our CFP fully anonymous. This means we don't request biographies but only abstracts. We have learned that anonymizing submissions is virtually impossible after they've been received. This year the only thing that will identify you is the email address you use to communicate with us so to convince the CFP panel, the content will need to speak for itself. Another new initiative is the "recommended talk". Here we're intentionally not looking for new content but for content that has been presented before and that you deem interesting for our audience.
We are looking for 2 kinds of submissions for talks :
===================
1. Your own thang
You have been researching something incredibly cool and you believe (like we do) that BruCON is the ideal venue to present your research and share your knowledge. Sounds like a match! We expect you to submit a detailed abstract to cfp -at brucon -dot- org. You do not include a bio. Nope, we're not interested in what you have previously done and we will not select on who you are or which entity you represent. The selection will purely be on the content of your abstract. You may be contacted if anything is not clear.
2. Something you recommend
You have seen someone present something completely and utterly awesome and you believe this specific talk or workshop will be of value for the BruCON audience. Please send us an email at cfp -at- brucon -dot- org and provide us the following details :
===================
Possibly formats are :
Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accomodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!
This CFP closes on March 31st 2013 at midnight CET -- CFP feedback will be sent before April 30th 2013. All talks will be published before May 15th 2013.
It is our 5th edition and we've been reinventing the way we've handled our CFP over the past few years. This year will be no different :-) Firstly, we are making our CFP fully anonymous. This means we don't request biographies but only abstracts. We have learned that anonymizing submissions is virtually impossible after they've been received. This year the only thing that will identify you is the email address you use to communicate with us so to convince the CFP panel, the content will need to speak for itself. Another new initiative is the "recommended talk". Here we're intentionally not looking for new content but for content that has been presented before and that you deem interesting for our audience.
We are looking for 2 kinds of submissions for talks :
===================
1. Your own thang
You have been researching something incredibly cool and you believe (like we do) that BruCON is the ideal venue to present your research and share your knowledge. Sounds like a match! We expect you to submit a detailed abstract to cfp -at brucon -dot- org. You do not include a bio. Nope, we're not interested in what you have previously done and we will not select on who you are or which entity you represent. The selection will purely be on the content of your abstract. You may be contacted if anything is not clear.
2. Something you recommend
You have seen someone present something completely and utterly awesome and you believe this specific talk or workshop will be of value for the BruCON audience. Please send us an email at cfp -at- brucon -dot- org and provide us the following details :
- who was the presenter
- the topic the person presented on
- the venue the person talked at
- any public documentation on the talk/workshop
- possible contact details for the person you recommend
===================
Possibly formats are :
- 1hr talk
- 2hr workshop (preferably hands on)
- 4hr workshop (preferably hands on)
Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accomodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!
This CFP closes on March 31st 2013 at midnight CET -- CFP feedback will be sent before April 30th 2013. All talks will be published before May 15th 2013.
Nov 13, 2012
A mea culpa ... video ain't easy.
It feels like it's 2011 again :-)
Last year we learned that streaming and recording an event like BruCON (or any conference) is not an easy feat. As we didn't want to lose another year of awesome BruCON talks, we did everything we could to ensure high quality recordings and we have them ... but they're not ready for publication yet. In an effort to bring them to you as fast as possible, the cutting of the video wasn't done as good as it could have been and (more importantly) there are not enough keyframes in the final video files.
All of this means that the talks don't always begin at the beginning or end at the end. Moreover the sound gets out of sync very quickly too. The combination of both issues forces us to redo the whole editing effort.
You can rest assured that we do have the content and we're doing everything we can to bring it to you as soon as possible but at this moment, we can not fix ourselves to a date.
This is another year of learning for us and we're honest to admit that A/V is probably one of our weakest points ... Knowing this, we're already putting everything into place to improve on this in 2013.
We are not Derbycon (Adrian, how do you do it?) but the least we can do is capture our awesome content for posterity.
Last year we learned that streaming and recording an event like BruCON (or any conference) is not an easy feat. As we didn't want to lose another year of awesome BruCON talks, we did everything we could to ensure high quality recordings and we have them ... but they're not ready for publication yet. In an effort to bring them to you as fast as possible, the cutting of the video wasn't done as good as it could have been and (more importantly) there are not enough keyframes in the final video files.
All of this means that the talks don't always begin at the beginning or end at the end. Moreover the sound gets out of sync very quickly too. The combination of both issues forces us to redo the whole editing effort.
You can rest assured that we do have the content and we're doing everything we can to bring it to you as soon as possible but at this moment, we can not fix ourselves to a date.
This is another year of learning for us and we're honest to admit that A/V is probably one of our weakest points ... Knowing this, we're already putting everything into place to improve on this in 2013.
We are not Derbycon (Adrian, how do you do it?) but the least we can do is capture our awesome content for posterity.
Subscribe to:
Posts (Atom)
