May 29, 2009

Ticket sales and Brucon Training are available

So we silently launched our wiki (beta) to start our ticket sales. You can register as of this week. The wiki is far from finished and hopefully will find its own shape and individuality over time with your help.

We are happy to announce some training from some renowned trainers. What's the difference with workshops? Workshops are only 1-2 hour introduction courses into certain subject matters and are part of the conference. These trainings are full 2-day courses and are scheduled for 16 & 17 September. The prices for any of these courses are 900 euro (VAT excluded). We are providing the following three:
  • Crash course in Penetration Testing by Joe McCray, and Chris Gates
  • Web 2.0 Hacking – Attacks and Defense by Shreeraj Shah
  • Social Engineering testing for IT Security professionals by Sharon Conheady
More information about the courses and the trainers is available on our wiki.

Related posts:
(Photo under creative commons from CellPhoneSusie's photostream)

May 22, 2009

Ticket prices for BruCON

Everybody knows where and when BruCON will be. But we have been getting questions about the entrance fee. We are still in the process of finishing our new website which will include the ticket registration system.

We wanted to make BruCON as accessible as possible for everyone and tried to keep our prices as low as possible. The website should go live by next week but we can already announce our prices.

Ticket prices for BruCON are:

  • 180 Euro early bird (prior to July 1st 2009)
  • 250 Euro 1/7/2009 - 31/8/2009
  • 300 Euro afterwards and at doors

Students (full time):

  • 50 Euro early bird (prior to July 1st 2009)
  • 90 Euro afterwards and at doors
So we start with an early bird option and prices go up over time. In addition to getting a low price, early birds also have a chance to win a security course: "Pentesting with BackTrack".
"Pentesting with BackTrack" (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

"Pentesting with BackTrack" qualifies you for 40 ISC2 CPE Credits. This applies to students who submit their exercise documentation at the end of the course, or pass the certification challenge.
We will announce the lucky winner in the first week of July, so be sure to register&pay before July 1st!! We also made a deal with some hotels in Brussels to give discount prices to conference attendees. More info will follow next week. Mark 18 & 19 September in your calendar!!! See you in Brussels!

Related posts:
(Photo under creative commons from Tom Loth's photostream)

May 21, 2009

New Brucon media partner: Help Net Security and (IN)SECURE MAGAZINE

We are happy to announce our media partnership with Help Net Security and (IN)SECURE MAGAZINE.

Publication: Help Net Security

Help Net Security has been a prime resource for information security news since 1998. The site is updated daily with fresh content including quality articles, new product releases and latest industry news.

Publication: (IN)SECURE Magazine

(IN)SECURE Magazine is a free digital magazine published in a PDF format. It features articles written by some of the most prominent security experts. The magazine is released on a bi-monthly basis and averages 25,000 readers per issue.

May 15, 2009

BruCON is looking for crew members

As the first stages of organizing the conference are done, there is still a lot of work to be done. As BruCON is a non-profit organization, we still depend on volunteers to help with the conference. Here is a small overview of skills we are looking for:
  • BruCON CPU: organizational skills, coordination of activities and communication with external parties. Do you have people management skills, become a CPU!
  • BruCON Hologram: graphical design (posters, brochures, logos,...), web design, marketing skills, SEO, web 2.0 and social media skills,.. Got any of these skills, then you are perfect to become a BruCON hologram!
  • Brucon BOFH: maintain the webserver, set up the BruCON conference network, become a BruCON wiki admin, help program the CTF competition,.....
  • BruCON Sonic Screwdriver: be our hands and ears during the event. Help us set up the rooms, help the visitors, physical security, entrance checks, etc....
Are you enthusiastic about BruCON and want to help us out? Dedicated crew members get free entrance, an exclusive BruCON Tshirt and free lunch. Limited seats are available.

Come to the next Crew meeting on May Friday the 29th at 18:30 in Cafee Le Dome (Kruidtuinlaan 12, Brussels) or email us at volunteers (email$ign) brucon dot org. Don't forget to mark our meeting in your calendar!

(Photo under creative commons from dearbarbie's photostream)

May 13, 2009

Announcing the first part of the #brucon speaker track

Brucon is proud to announce the first part of the main speaker track:
  • Christofer Hoff - Cloudifornication - Indiscriminate Information Intercourse Involving Internet Infrastructure
  • Vincent Rijmen - Trusted Cryptography
  • Chris Nickerson - Red and Tiger Team
  • Chris Gates - Open Source Information Gathering
  • Jayson E. Street - “I am walking through a city made of glass and I have a bag full of rocks” (Dispelling the myths and discussing the facts of Global Cyber-Warfare)
  • Paul James Craig - Rage Against The Kiosk
  • Eric Vyncke - Transition to IPv6 on the Internet: Threats and Mitigation Techniques
  • Eric Adrien Filiol - How to prepare, coordinate and conduct a cyber attack
  • Esther Schneeweisz - Building Hackerspaces Everywhere
  • Brian Honan - Knowing Me Knowing You (The dangers of social networks)
  • Mario Heiderich - Malicious Markup - I thought you were my friend - cycle 3
The full program with more details of the presentations and ticket sales will soon be available. We are starting with an early bird pricing in addition to the chance to win a first class security course for the 50 first payments!!! Stay tuned for more news!! Follow through the RSS feed or email updates (right side panel).

Related posts:
(Photo under creative commons from givepeasachance's photostream)

May 8, 2009

Brucon Workshop #4: VOIP workshop

As we are finishing our main speaker track, expect some exciting news in the coming days. We'll begin with announcing another workshop!

Joffrey Czarny and Sandro Gauci will be giving a workshop about VOIP security.

Content of the Workshop:

The Goal of this workshop is to learn the risks and the weaknesses of default deployments of VoIP and the threaths posed by the misconfiguration of some telephony features. The workshop will provide specific guidelines and advice on how to build a secured VoIP architecture. An example of this is the use of SRTP combined to DIA/ARP guard as one of the ways to block wiretapping... Several of such features will be presented and discussed during the workshop.

Some comparative information will be presented about the security aspects of different voice vendors like Alcatel, Nortel, Cisco and Asterisk.

  • Identification of the VoIP Product
  • VLAN hopping, accessing the voice VLAN from the data VLAN
  • VoIP accounts enumeration
  • Communication wiretapping and injection of sound during a call
  • Spoofing of phone profiles and identity spoofing
  • UNISTM attack on Cisco IP phones
  • Bypass of call restrictions and voice gateway abuse
  • Grab of SIP or IAX credentials
  • Denial of Service on VoIP servers and IP phones
Joffrey CZARNY (France), working for Devoteam Security Business Unit
(FR). Since 2001, Joffrey is a pentester, he has released advisories on VoIP Cisco products and spoken at various security-focused conferences (Wireless Conference at Infosec Paris and Wireless Workshop at 2005, VoIP at 2007/2008 and ITunderground 2008/2009). On his site,, he maintains the Elsenot project ("") and posts video tutorials and tools on several security aspects.

Sandro Gauci is the owner and Founder of EnableSecurity ( where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes.
Sandro is the author of the free VoIP security scanning suite SIPVicious ( and VOIPPACK for CANVAS.
Other workshops:
(Photo under creative commons from bowbrick's photostream)