Oct 6, 2017

BruCON 0x0A - Who do you want to see at the 10th edition of BruCON ?

Next year (2018), the 10th edition of BruCON takes place and to celebrate this, we want to do something special. In honour of this edition, we will let you select which talks of the last 9 editions you liked the most.

We will invite the top 7 speakers to present their original talk (with some additional slides showing what has changed since) on the first day of the 3-day 10th edition of BruCON (First week of October 2018).

But what is in it for you? Next to picking your preferred talks and seeing the evolution of the last 9 years, you can also win some awesome prizes! After specifying your choices on the survey website, you can provide your email address. Out of the people who responded to the survey (and who specified their contact details obviously), we will randomly select 5 people who can win one of the following prizes: 
  1. All expenses paid trip to BruCON 0x0A (Travel and accommodation) for two persons (VIP Package)
  2. One free training for one of the courses hosted at BruCON 0x0A
  3. Free admission to BruCON 0x0A including all goodies AND a free drinks bracelet for conference and party
  4. Free admission to BruCON 0x0A including all goodies
  5. - 10. Free admission to BruCON 0x0A

You can find an overview of all talks, the slides and recordings (if available) here
The slides can be found here

The survey itself can be found here

We will close this survey November 30th 2017 !

Oct 4, 2017

Mentor/Mentee initiative

On Thursday October 5th 2017 we are launching the Mentor/Mentee initiative, sponsored by Google.
With this initiative we want to provide a stepping stone for people who are new to the infosec community. 
During this event you can choose to be a Mentor or a Mentee or even both.

Mentors are typically seasoned professionals, having done quite some miles on the professional infosec road, and are willing to provide advice to the Mentees. 
This advice can vary from Mentee to Mentee, but could include: which training should I follow, what are key messages you can give based on personal experience, how do I get to know new people, whom to follow on Twitter, general advice to survive in this industry, to help with presenations and much more.
Mentees, can be people who are fairly new to the security scene, or a willing to receive advice from more seasoned professionals.

We all started at some point in time within this industry, and we have all had our challenges. With this programme we want to close this gap and create a stronger bond between 
seasoned professionals and people new to the industry. The Mentor/Mentee programme is a initiative that can vary in duration. For some this might be a one-off event, but for others this
might create a bond with a mentor that will last. 

Please join us from 19 (7 PM) until 21 (9 PM) at the Novotel Bar. Be sure to use the mentor / mentee stickers to indicate the role you want to play.

Aug 16, 2017

Introducing "The Legends of Ghent" - BruCON 2017 CTF

For our 9th edition, we bring you a very special CTF. Hosted by Wim Remes, Chris Nickerson, Deviant Ollam and DualCore !

The CTF takes you on a historic trip through the rich history of one of the most beautiful cities in Belgium. The LoG CTF can be played by individuals, or teams of all proficiency levels and will contain a mix of technical, logical, and physical challenges. While the challenges during the day will test your limits, you will have to stay on your toes as you solve challenge after challenge. When the conference ends, we will take you on a 60 minute real life physical and technical challenge course somewhere in Ghent where you will leverage all the clues you gathered during the day.

Players are expected to have access to a laptop computer with internet access. In order to solve logical and physical challenges, all necessary basic tools will be provided but players are encouraged to be creative in order to find other solutions to the challenges.

Day : Thursday, October 5th
Start : After the first keynote

Aug 10, 2017

Workshop registration procedure

BruCONers,

We would like to inform you that the workshop registrations will open on the 1st of September 2017. (2017-09-01) at 13:00 UTC+2 (Europe/Brussels time).


Please note:
- The registrations are a first come first serve
- You will not be able to register before the opening date (2017-09-01)
-- Any registration made before the opening date (2017-09-01), will be removed :)
- To register, follow this link: http://sched.brucon.org
- You might see that all the workshops appear as full. This is normal, the registration will open on the 1st of September (2017-09-01)
- To preview how to register to the workshop, follow this link: http://2017.brucon.org/index.php/Workshop_Registration

We're looking forward to seeing you there!

BruCON

Jun 15, 2017

BruCON 0x09 talks and workshops announcement

Thank you everyone for massively submitting to our CFP. From all the high quality submissions we have made this selection for BruCON 0x09!

Keynotes:
  • Keynote: The cyber short. A market solution for product safety and corporate governance. - Justine Bone
  • Keynote: How hackers changed the security industry and how we need to keep changing it. - Chris Wysopal
Talks:
  • See no evil, hear no evil: Hacking invisibly and silently with light and sound - Matt Wixey
  • XFLTReaT: a new dimension in tunnelling - Balazs Bucsay
  • Knock Knock... Who's there? admin admin and get in! An overview of the CMS brute-forcing malware landscape. - Anna Shirokova, Veronica Valeros
  • Exploiting IoT Devices over Software Defined Radio, ZigBee, WiFi and BLE - Swaroop Yermalkar
  • Races, Reaches and Rescues!!! (Race condition vulnerabilities revisited) - Sampada Nandedkar, Rushikesh Nandedkar
  • Weaponizing the BBC Micro:Bit - Damien Cauquil
  • Secure channels: Building real world crypto systems - Sander Demeester
  • MEATPISTOL, A Modular Malware Implant Framework - Josh Schwartz, John Cramb
  • Open Source Security Orchestration - Gregory Pickett
  • Detecting malware even when it is encrypted - Machine Learning for network HTTPS analysis - František Střasák and Sebastian Garcia
  • Evading Microsoft ATA for Active Directory Domination - Nikhil Mittal
  • Browser Exploits? Grab them by the collar! - Debasish Mandal
Workshops:

  • Mimikatz workshop - Benjamin Delpy 
  • Programming Wireshark With Lua - Didier Stevens
  • Getting the Most Out of Windows Event Logs - David Szili
  • Building a cheap, robust, scaling, penetration testing/bug bounty super computer - Steven Wierckx, Andy Deweirt
  • Practical iOS App Exploitation and Defense using iGoat - Swaroop Yermalkar
  • Malware Triage: Malscripts Are The New Exploit Kit - Sergei Frankoff, Sean Wilson
  • Jedi's trick to convince your boss and colleagues - Emmanuel Nicaise
  • May the data stay with you - Network Data Exfiltration Techniques. - Leszek Mis
  • Hacking Bluetooth Smart locks - Slawomir Jasek
  • Defeating Proprietary Protocols the Smart Way - Georges Bossert and Frédéric Guihéry
  • Practical Machine Learning in InfoSecurity - Anto Joseph, Clarence Chio
  • Playing with RFID workshop - Vinnie Vanhoecke, Tom Kustermans, Joachim Schäfer
  • Windows malware development: A JMP in the dark - Yannick Wellens 
We are working on the final schedule.
Looking forward to see you all in October!

BruCON Crew

Jun 8, 2017

BruCON 0x09 Training open for registration

For the BruCON 0x09 edition, we are bringing you no less than 8(!) courses to choice from ! Early-bird registration till the 30th of June 2017 ! 

The line-up! : 
  • Corelan Advanced by Peter Van Eeckhoutte (3-day training) - The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. Only limited seats available so get them while you can.
  • Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich (3-day training) - Probably one of the best courses when it comes to exploiting websites and application returns to BruCON once more. Mario of Cure53 will host this 3-day course and will guide you through the latest and greatest in offensive website security for you to adsorb and put to concrete use!
  • SensePost OSINT: Stalk like a boss by Daniel Cuthbert and Jonathan Hargreaves (2-day training) - A course which needs no introduction (and yet we bothered to write one). This course, by SensePost COO Daniel Cuthbert and Jonathan Hargreaves teaches you how to harness information online to build up a solid dossier of intel and gives you the confidence, as an investigator, to research individuals, companies, organisations and internet traffic.
  • Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) - After the great success last year (+30 students), we are bringing this back to you ! In this course, you'll learn how to attack Windows network using PowerShell, based on real world Red team assessments. The course runs on a lab network with multiple active directory forests to which attendees will have free access for one month after the raining. The class consists of hands-on, challenges and demonstrations.
  • Pentesting the Modern Application Stack by Bharadwaj Machiraju and Francis Alexander (2-day training) - Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.
  • Modern Red Team Immersion Bootcamp by Josh Schwartz (aka FuzzyNop) (2-day training) - The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
  • Windows Kernel Exploitation by Ashfaq Ansari (3-day training) - This is the most requested training according to our previous students, so we had to bring him back ! The devil is in details, and for Windows, it's Kernel remains the most devilish part and the most important target from the point of view of exploitation these days. This course of Windows Kernel Exploitation, is unique course by Ashfaq which is fast winning over the world. Ashfaq has delivered this course on all the 3 major continents in short span of a year along with disclosing many CVEs on regular basis.
  • Smashing the SSL/TLS protocol with practical crypto attacks by Marco Ortisi (3-day training) - Smashing the SSL/TLS protocol with practical crypto attacks is a 3-days long course dedicated for professionals and students eager to keep pace with latest crypto attacks affecting SSL/TLS services and learn the relative defensive countermeasures. This is a completely hands-on course, because there is no better way to understand crypto theory than put into practice attacks and techniques to defeat crypto algorithms. The course is also one of a kind. The practical part is based on a new framework called cryptosploit (code will be released for free as part of class materials).
All information, details and registration instructions can be found on our training page!

This year, next to the regular Novotel Gent Centrum, we will also host two courses as the nearby (<1 minute walking distance) NH Gent Belfort hotel. The Novotel is still recommended for accommodation and will be used to host the social event for students on Tuesday evening. Check out our website for more information about travel and accommodation

We hope to welcome you soon at BruCON 0x09!

The BruCON Crew

May 8, 2017

BruCON 0x09 Ticket sales have started!

The ticket sales for BruCON 0x09 has started.
During 1 month you can buy a limited amount of early bird tickets for a discounted price, get them while they are available!
You can find all our ticket types on: https://registration.brucon.org/conference-registration/
We are working hard on reviewing all CFP submissions and we will give you an update before 15/06 for the talks and workshops.