Jun 15, 2017

BruCON 0x09 talks and workshops announcement

Thank you everyone for massively submitting to our CFP. From all the high quality submissions we have made this selection for BruCON 0x09!

Keynotes:
  • Keynote: The cyber short. A market solution for product safety and corporate governance. - Justine Bone
  • Keynote: How hackers changed the security industry and how we need to keep changing it. - Chris Wysopal
Talks:
  • See no evil, hear no evil: Hacking invisibly and silently with light and sound - Matt Wixey
  • XFLTReaT: a new dimension in tunnelling - Balazs Bucsay
  • Knock Knock... Who's there? admin admin and get in! An overview of the CMS brute-forcing malware landscape. - Anna Shirokova, Veronica Valeros
  • Exploiting IoT Devices over Software Defined Radio, ZigBee, WiFi and BLE - Swaroop Yermalkar
  • Races, Reaches and Rescues!!! (Race condition vulnerabilities revisited) - Sampada Nandedkar, Rushikesh Nandedkar
  • Weaponizing the BBC Micro:Bit - Damien Cauquil
  • Secure channels: Building real world crypto systems - Sander Demeester
  • MEATPISTOL, A Modular Malware Implant Framework - Josh Schwartz, John Cramb
  • Open Source Security Orchestration - Gregory Pickett
  • Detecting malware even when it is encrypted - Machine Learning for network HTTPS analysis - František Střasák and Sebastian Garcia
  • Evading Microsoft ATA for Active Directory Domination - Nikhil Mittal
  • Browser Exploits? Grab them by the collar! - Debasish Mandal
Workshops:

  • Mimikatz workshop - Benjamin Delpy 
  • Programming Wireshark With Lua - Didier Stevens
  • Getting the Most Out of Windows Event Logs - David Szili
  • Building a cheap, robust, scaling, penetration testing/bug bounty super computer - Steven Wierckx, Andy Deweirt
  • Practical iOS App Exploitation and Defense using iGoat - Swaroop Yermalkar
  • Malware Triage: Malscripts Are The New Exploit Kit - Sergei Frankoff, Sean Wilson
  • Jedi's trick to convince your boss and colleagues - Emmanuel Nicaise
  • May the data stay with you - Network Data Exfiltration Techniques. - Leszek Mis
  • Hacking Bluetooth Smart locks - Slawomir Jasek
  • Defeating Proprietary Protocols the Smart Way - Georges Bossert and Frédéric Guihéry
  • Practical Machine Learning in InfoSecurity - Anto Joseph, Clarence Chio
  • Playing with RFID workshop - Vinnie Vanhoecke, Tom Kustermans, Joachim Schäfer
  • Windows malware development: A JMP in the dark - Yannick Wellens 
We are working on the final schedule.
Looking forward to see you all in October!

BruCON Crew

Jun 8, 2017

BruCON 0x09 Training open for registration

For the BruCON 0x09 edition, we are bringing you no less than 8(!) courses to choice from ! Early-bird registration till the 30th of June 2017 ! 

The line-up! : 
  • Corelan Advanced by Peter Van Eeckhoutte (3-day training) - The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. Only limited seats available so get them while you can.
  • Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich (3-day training) - Probably one of the best courses when it comes to exploiting websites and application returns to BruCON once more. Mario of Cure53 will host this 3-day course and will guide you through the latest and greatest in offensive website security for you to adsorb and put to concrete use!
  • SensePost OSINT: Stalk like a boss by Daniel Cuthbert and Jonathan Hargreaves (2-day training) - A course which needs no introduction (and yet we bothered to write one). This course, by SensePost COO Daniel Cuthbert and Jonathan Hargreaves teaches you how to harness information online to build up a solid dossier of intel and gives you the confidence, as an investigator, to research individuals, companies, organisations and internet traffic.
  • Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) - After the great success last year (+30 students), we are bringing this back to you ! In this course, you'll learn how to attack Windows network using PowerShell, based on real world Red team assessments. The course runs on a lab network with multiple active directory forests to which attendees will have free access for one month after the raining. The class consists of hands-on, challenges and demonstrations.
  • Pentesting the Modern Application Stack by Bharadwaj Machiraju and Francis Alexander (2-day training) - Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.
  • Modern Red Team Immersion Bootcamp by Josh Schwartz (aka FuzzyNop) (2-day training) - The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
  • Windows Kernel Exploitation by Ashfaq Ansari (3-day training) - This is the most requested training according to our previous students, so we had to bring him back ! The devil is in details, and for Windows, it's Kernel remains the most devilish part and the most important target from the point of view of exploitation these days. This course of Windows Kernel Exploitation, is unique course by Ashfaq which is fast winning over the world. Ashfaq has delivered this course on all the 3 major continents in short span of a year along with disclosing many CVEs on regular basis.
  • Smashing the SSL/TLS protocol with practical crypto attacks by Marco Ortisi (3-day training) - Smashing the SSL/TLS protocol with practical crypto attacks is a 3-days long course dedicated for professionals and students eager to keep pace with latest crypto attacks affecting SSL/TLS services and learn the relative defensive countermeasures. This is a completely hands-on course, because there is no better way to understand crypto theory than put into practice attacks and techniques to defeat crypto algorithms. The course is also one of a kind. The practical part is based on a new framework called cryptosploit (code will be released for free as part of class materials).
All information, details and registration instructions can be found on our training page!

This year, next to the regular Novotel Gent Centrum, we will also host two courses as the nearby (<1 minute walking distance) NH Gent Belfort hotel. The Novotel is still recommended for accommodation and will be used to host the social event for students on Tuesday evening. Check out our website for more information about travel and accommodation

We hope to welcome you soon at BruCON 0x09!

The BruCON Crew

May 8, 2017

BruCON 0x09 Ticket sales have started!

The ticket sales for BruCON 0x09 has started.
During 1 month you can buy a limited amount of early bird tickets for a discounted price, get them while they are available!
You can find all our ticket types on: https://registration.brucon.org/conference-registration/
We are working hard on reviewing all CFP submissions and we will give you an update before 15/06 for the talks and workshops.

Mar 1, 2017

BruCON 0x09 CFP/CFT Announcement

This is the Call for Papers (CFP) for talks and workshops and Call for Training (CFT) for the 9th edition of BruCON. 

On the off chance you don't know BruCON (where have you been?). We host a 2-day Security and Hacking Conference full of interesting presentations, workshops and security challenges for about 600 attendees. BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in the computer security world including (but not limited to) hackers, security professionals, security communities, non-profit organisations, CERTs, students, law enforcement agencies, and many more. Next to the conference we offer several world-class, deep-dive mostly offensive technical training courses given by the most recognised experts with huge industry experience in their domain! These training sessions take place twice a year, Spring Training takes places on 19, 20 and 21st of April 2017 (Registration and line-up here) and conference training tracks are on 2, 3 and 4th October 2017. Our slogan is "Hacking for Beer" of which you'll find plenty during and after the conference.

The conference will be held in Ghent on the 5th and 6th of October 2017. The training sessions will be held from 2nd until 4th of October 2017 (all courses start on the 2nd!).

[CONFERENCE]
Topics of interest for the conference include, but are not limited to :
  • Electronic/Digital Privacy
  • IoT Security
  • Wireless Network and Security
  • Attacks on Information Systems and/or Digital Information Storage
  • Web Application and Web Services Security
  • Lockpicking & physical security
  • Honeypots/Honeynets
  • Spyware, Phishing and Botnets (Distributed attacks)
  • Hardware hacking, embedded systems and other electronic devices
  • Mobile devices exploitation, Symbian, P2K and bluetooth technologies
  • Electronic Voting
  • Vulnerability research and disclosure
  • Free Software and Security
  • Legal and Social Aspect of Information Security
  • Software Engineering and Security
  • Security in Information Retrieval
  • Security aspects in SCADA, industrial environments and "obscure" networks
  • Forensics and Anti-Forensics
  • Mobile communications security and vulnerabilities
  • Information warfare and industrial espionage
  • Social Engineering
  • Virtualisation Security
  • ...
Possible formats are:
  • 1hr talk
  • 2hr workshop (preferably hands on)
  • 4hr workshop (preferably hands on)
If you want to get an idea about the atmosphere at BruCON, check out the previous talks on our Youtube channel

[TRAINING]
Please take into account the following guidelines : 

  • BruCON hosts predominantly offensive technical security training sessions. We don't have any specific focus areas for now, so please submit any training you deem interesting !
  • Training should be either 2 or 3 days with a preference for the latter.
  • You are allowed to submit multiple training suggestions, however please specify if they can be hosted simultaneously.
  • If you have additional hardware that need to be taken into account, please specify including the additional costs.
If you submit a training, please include, at minimum, the following information : 
  • Description
  • Course content
  • Target audience
  • Level (Beginner, Advanced, Expert)
  • Trainer(s) Biography
  • Hosted before? If so, where and when
Possible formats are:
  • 2-day training (1100 € Early-bird / 1200 € Regular)
  • 3-day training (1400 € Early-bird / 1500 € Regular)

[SUBMISSION GUIDELINES]
Submissions will contain as much detail as possible and will be written in English.
We use EasyChair to collect and review talk, workshop and training proposals.
You will submit your proposal online: https://www.easychair.org/conferences/?conf=brucon0x09
Your submission will contain at least the following details:
  • Your name
  • Where do you live (country)
  • How to reach you
  • The title of your talk/workshop/training, including type [talk|2h workshop|4h workshop|2 day training|3 day training]
  • An abstract of your talk/workshop/training, including a brief biography
  • A number of keywords to characterise your submission
  • Whether you submitted and/or presented this proposal at other conferences, and which
  • Additionally you are encouraged to include, in plain text or PDF format, supporting materials such as slide decks, white papers, curriculum, prerequisites for talk/workshop/training, outline,...
Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accommodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!

This CFP closes on April 30th 2017 at midnight CET -- CFP feedback will be sent before May 30th 2017. All accepted talks and workshops will be published before June 15th 2017.

Small print: We do not accept product or vendor related pitches. If your presentation involves an advertisement for a new product or service your company is offering, please do not submit. Also, we do not accept presentations submitted by a third party including (but not limited to) company representatives, management bureau's, etc. BruCON presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. We want BruCON to be educational and entertaining to the attendees and the community.

Feb 27, 2017

Training Teaser - Windows AppLocker bypass

In this short teaser, we want to demonstate a simple AppLocker bypass. AppLocker, which will be the main focus of the ‘Windows Breakout’ (Day 1) section of the BruCON spring training, is the de-facto standard for locking down Windows machines in an enterprise environment.

It is the successor to SRP (Software Restriction Policies) and allows definition of fine-grained rules to allow or deny execution based on the path, file hash or publisher of the executable or script.
For this post, let us consider a scenario where the system administrator of a company has deployed the following AppLocker rules on all company machines through Group Policy:


The executable rules permit Administrators to run anything, while users which are part of the 'Employees' group are only allowed to run Microsoft signed binaries, with a few exceptions.

The explicitly-blocked binaries are the usual suspects; each of them would allow users to run arbitrary commands on their corporate machine if not blocked by AppLocker. The training course will go into detail on how to attaining code execution through regsvr32, rundll32 and InstallUtil.
The aim of this exercise is to run PowerShell and subsequently launch any binary on this box, such as a Meterpreter reverse shell.

Trying to run PowerShell directly is a no go:


Even though the publisher information matches an 'Allow' rule in AppLocker, it is explicitly denied by path. 'Explicit Deny' takes precedence over 'Explicitly Allow' in AppLocker. 

If we look closer at the rules, we can see that the offending rule is applied on the path of the binary and hence moving it to another location, such as the Desktop, would invalidate the rule and allow execution:

Easy right? The next step is to run any executable with the help of Powershell. At this point we could either beg Microsoft to sign our Meterpreter reverse shell or use the Invoke-ReflectivePEInjection PowerShell script, which is part of PowerSploit, to reflectively load our executable in memory and execute it that way. 

This time we'll go for the latter. Transfer the Meterpreter reverse shell to the box and run the following commands:


The result is a complete bypass of this AppLocker policy:



This is just a taste of what we'll be covering during the 'Windows Breakout' section of this 3-day training course. 

In addition to this we'll be going through Windows Privilege Escalation and UAC Bypasses. For a more complete overview as well as registration information, please visit this page

BruCON Spring Training is hosted on 19,20 and 21 April 2017 at the Novotel Ghent Centrum in Belgium.  http://2017.brucon.org

See you there!!



Feb 10, 2017

Training Feedback - What we have learned from you !

After each training, we invite our students to complete a feedback form and provide us some input and honest opinions on how we can further improve the BruCON training experience.

On average about 70% of student typically complete the survey and a majority of them go beyond the rating scale and provide us detailed feedback and areas with room for improvement.

So what have we learned so far ? 



There have been an number of issues in the past with the hotel wireless network. That being said, we aim to provide you a standard solid internet connection that allows you to do your research and check your emails and not for heavy downloading. The hotel has improved and upgraded the wireless network since last BruCON. During Spring Training 2017 in April, we'll evaluate the progress and if required we'll be deploying our own wireless (or even wired) network in October once again.



When it comes to food, there is no such thing as pleasing everybody. We've tried different approaches in the past, but as of this year, we'll be going back to a buffet format with cold starters and a choice of three warm main courses (meat, fish and vegetarian). To speed things up, the classes will again be split into two groups giving you more free time during the lunch break.






After a long day of absorbing the sweet security goodness (and possibly frustrations ;-) ) you get during your training, you deserve some time off. And what would be better then having a beer together with your fellow students, after all, BruCON's slogan is still "hacking for beer". After the second day of training, we will be inviting you for a drink in the hotel bar. The first one is on us ! 




Check out our Spring Training 2017 lineup (19-21 April) here
If you want to share with us some other feedback, you can contact us on Twitter or via email at training@brucon.org

Dec 23, 2016

BruCON 0x09 Spring Training open for registration

Right on time for Christmas, we bring you the BruCON 0x09 Spring training track (19-21 April). Early-bird registration till the 20th of January ! 

The line-up! : 
  • Malicious Documents for Blue and Red Teams by Didier Stevens (3-day training) - Our resident trainer Didier Stevens will teach you how to both analyse as well as create malicious files such as PDF, Word and Excel documents. You'll learn how to analyse malicious files as well as create your own for Red team testing ! 
  • Corelan Bootcamp by Peter Van Eeckhoutte (3-day training) - Once again we bring you Corelan ! One of the best exploit development courses available, now in our spring training track. Prepare yourself for 3 long days (+10 hours/day) of intensive exploit development ! Lunch and dinner are included and, as always enough coffee to keep you going! We will be hosting the Advanced course in October (2 - 4 October 2017) and you can now already register for both! (limited seating)
  • Mobile Application Exploitation (iOS and Android) by Prateek Gianchandani and Dinesh Shetty (3-day training) - A completely hands-on training on exploiting mobile applications for the iOS and Android platform. Even wondered how different attacking a Mobile application would be, from a traditional web application? Including iOS 10 and Android 7 Nougat, we are bringing you an updated version of this successful and very well received course !
  • Windows Breakout and Privilege Escalation by Jason Cook and Francesco Mifsud (3-day training) - This training will provide the required knowledge to perform post-exploitation actions on locked down Windows machines. Tools, tips and techniques will be shared to break out of restrictive execution environments and escalate privileges from a low level user to SYSTEM on modern Windows operating systems. Contrary to common perception, Windows machines can be really well locked down if they are configured with care. As such, attackers will need to dig deep in order to break out of restrictive environments and escalate privileges.
  • Open Source Defensive Security Training by Leszek Miś (3-day training) - Open Source Defensive Security Training is a 3-days long, advanced IT Security laboratory dedicated for professionals who need close the gaps in Linux & Open Source Security knowledge. Very detailed and up to date course content with focus especially on defensive vs offensive approach, based on real world scenarios gives you the best opportunity for making stronger defensive layers inside your Open Source network infrastructures or a Linux-based products. Check out a detailed agenda, find it interesting and register as soon as possible. May the packets be with U!

The training location will be Novotel Ghent Centrum.

All training details and registration links can be found on the BruCON training pages (link)

your BruCON team.