Mar 27, 2009

Brucon Workshop #3: Wireless auditing

We all know that WEP encryption is not much better then no encryption at all. But how strong is WPA encryption today? Should you move to WPA2? How secure is your wireless network against rainbowtables? Find out how to audit your own network during our wireless workshop and how to secure it.
Thomas d'Otreppe, creator of aircrack-ng, is a graduate of
the Haute Ecole de Bruxelles (informatics high school in in Brussels). He has
also designed WiFu, a proactive wireless security course, with Mati

During this workshop, I'll tackle different scenarios that could happen during an audit of WiFi networks (Open, WEP and WPA). Including the use of CUDA and FPGA to accelerate bruteforcing. Aircrack-ng is not only meant for auditing wireless networks, it can also be used for site surveys and different tools based on it will be presented:- Airgraph-ng, graphing wireless networks and its integration in Maltego.- GISKismet, representing wireless networks in Google earth.- And more...

There will also be a contest. More details will follow
(Photo under creative commons from's photostream)

Mar 26, 2009

Announcing Vincent Rijmen, co-designer of AES as our second keynote speaker

We are proud to announce Vincent Rijmen as our second keynote speaker. He will provide a keynote on the current state of security and cryptography.

Vincent Rijmen is a Belgian cryptographer and one of the designers of the Rijndael, the Advanced Encryption Standard (AES). Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ciphers Anubis, KHAZAD, Square, NOEKEON and SHARK.

Since 1 August 2001, Rijmen has been working as chief cryptographer with Cryptomathic. From 2001–2003, Rijmen was a visiting professor at the Institute for Applied Information Processing and Communications at Graz University of Technology (Austria), and a full professor there from 2004–2007. Since October 2007, Rijmen is an associate professor (hoofddocent) at K.U.Leuven, working once again with the COSIC lab.

Mar 23, 2009

Toool will be present at Brucon

The dutch wing of Toool will be present at Brucon. Toool is the The Open Organisation Of Lockpickers, a growing group of enthusiasts interested in locks, keys and ways of opening locks without keys.

The Open Organization of Lockpickers (TOOOL) was founded in Amsterdam. Meanwhile, we have groups in Eindhoven (Netherlands) and the USA as well. We regularly meet to practice lockpicking and discuss techniques used in locks. Every year, championships are being held in lockpicking, safe lock manipulation and impressioning.

Our knowledge about locks is also used to inform the general audience. This helps them in making informed decisions when buying locks. Also, we strive to have open communication with the lock industry and help them eliminate weaknesses in locks before they hit the market.

Toool will give a presentation and demonstration about the weaknesses and strengths of common locks. This will help visitors choose better and more secure locks for their homes or enterprises.

Toool was featured in a Dutch television program "Nova" (link) where they warned about the dangers of bump keys. If you want to know how to mitigate this technique, come and visit us at Brucon.

Mar 17, 2009

Hakin9 joins Brucon as media sponsor

Brucon is proud to announce Hakin9 as our first media partner.

Hakin9 is a bimonthly magazine about IT security and hacking techniques. It presents methods of breaking into computer systems, defence and protection methods. Their magazine is useful for all those interested in hacking - both professionals (IT Security officers, system administrators, security specialists) and hobbyists.

CCCure is known as one of the world's best education resource. As such we are VERY selective in our partnership. We are proud to be associated with Hakin9, it is the only magazine that cover security from both an offensive and defensive point of view. It is great to know about the latest vulnerabilities but it is a lot better if you fully understand how they can be used against you and how your assets could be exploited and taken advantage of. Hakin9 is a must read for any security professionals who wish to have a broad view of their environment threats and the desire to proactively defend it by knowing the secrets that are usually only shared between crackers. A subcription to Hakin9 is money very well invested. I strongly recommend the magazine to all.

Clement Dupuis, CD
President, Founder, and Security Evangelist

Hakin9 offers an in-depth look at both attack and defense techniques and concentrates on complex technical and highly practical issues. The Hakin9 magazine is published in other countries and language versions:

    • in English (in the USA, Australia, Holland, Singapore);
    • in German (in Germany, Austria, Switzerland, Luxembourg and Belgium);
    • in French (in France, Canada, Luxembourg, Belgium, Marocco);
    • in Polish (in Poland).

The official Hakin9 website:

Mar 10, 2009

Didier Stevens will give a Digital ID workshop during Brucon

We are happy to announce that Belgian Security Researcher and Blogger Didier Stevens will provide a Digital ID workshop. Didier Stevens (CISSP, GSSP-C, MCSE/Security, ...) is an IT Security Consultant for Contraste Europe currently working at a large Belgian financial corporation and maintains a security blog at If Didier is not playing with Google adwords, he is playing with pdf readers, twitter controlled xmas trees or playing with RFID tags.
This is just one example of the many things we have in store for you during the Brucon conference. If you would like to submit a workshop yourself, please contact us.

Abstract Digital ID workshop:

This workshop will show you how to read your digital identification documents you're carrying with you. Think of your bankcard, credit card, Belgian Electronic ID card, SIS, Proton, hotel room keycard, RFID passport, RFID access badge,SIM card, train ticket...

You'll learn the basic principles of magnetic stripe cards, smartcards and RFID tags. Bring your laptop with a Windows XP install (virtualized is OK too, provided USB is supported) and a smart card reader if you have one. Didier will provide you with several Python and C programs to read your IDs on your machine (you don't want somebody else to read your credit card on their machine, right?). The workshop will also show you how to program a simple smart card for your own digital ID applications.

Keep following our updates on our blog for more upcoming talks and workshops.

(Photo under creative commons from Uwe Hermann's photostream)

Brucon Volunteers meetup

In the next weeks, there will be two meetups between the Brucon crew and potential volunteers. Questions can be asked, ideas can be exchanged and proposals can be made. You don't have to be shy. Everybody can probably contribute to the event in his own way.

We will be available on the 13th and 20th of March. If you cannot make one, feel free to drop by on the second date.

Location: Café Le dome
Bd. du Jardin Botanique 12-13
1000 Brussels
(Google maps)

It's just in front of the Underground Parking Rogierplein and a few minutes walk from the Brussels North Trainstation.

Please drop a message on this Doodle poll if you intend to come or leave a message.

(Photo under creative commons from deSKOLtrolado's photostream)

Mar 1, 2009

30 days remaining for the Brucon Call for Papers

We got some great submissions and more are on the way. This is a gentle reminder that we have entered the month of March and that you have 30 days to enter an abstract of your presentation. We have decided to end the first phase of our CFP on the 30th of March. See our CFP policy for more information.

Follow our RSS feed to stay up to date on the latest news.

Related posts:
(Photo under creative commons from ToniVC's photostream)

Announcing the Brucon Keynote speaker

Lifting a tip of the curtain. The Brucon Crew is proud to announce Christofer Hoff as it's first speaker.

Christofer Hoff has over 15 years of experience in network and information security architecture, engineering, and operations. Hoff's expertise is focused on developing strategies for innovation in the area of information assurance, resilience, and rational risk management.

He is a prolific blogger (, a featured speaker at numerous information security conferences, holds several security credentials and is an accomplished and accredited instructor in multiple security disciplines.

Cloudifornication - Indiscriminate Information Intercourse Involving Internet Infrastructure

What was in is now out.

This metaphor holds true not only as an accurate analysis of adoption trends of disruptive technology and innovation in the enterprise, but also parallels the amazing velocity of how our datacenters are being re-perimiterized and quite literally turned inside out thanks to Cloud computing and virtualization.

One of the really scary things happening with the massive convergence of virtualization and cloud computing is its effect on security models and the information they are designed to protect.

Where and how our data is created, processed, accessed, stored, backed up and destroyed in what is sure to become massively overlaid cloud-based services -- and by whom and using whose infrastructure -- yields significant concerns related to security, privacy, compliance and survivability.

Further, the "stacked turtle" problem becomes incredibly scary as the notion of nested clouds becomes reality: cloud SaaS providers depending on Cloud IaaS providers which rely on Cloud network providers. It's a house of, well, turtles.

This "infrastructure intercourse" where your resources and data can be located anywhere makes it very interesting to try and secure your assets when you don't own the infrastructure and in most cases can't control the level of security.

We will show multiple cascading levels of failure associated with relying on cloud on cloud infrastructure and services including exposing flawed assumptions and untested theories as it relates to security, privacy and confidentiality in the Cloud with some unique attack vectors.

The Call for papers is still open. If you are interested to do a training or a presentation at BruCON, please submit an abstract.