Aug 31, 2009

Last day of BruCON discount tickets.

Starting from September 1st, ticket prices will go up slightly. If you want to buy a discount BruCON ticket, register before 1st of September and complete your registration. If you know people who are interested in the event, please inform them.

A few seats are still available for the BruCON training sessions, have a look at

Aug 27, 2009

BruCON wifi puzzle winner & the solution

Of all the submissions, we received 5 correct answers. Out of those, Tyler H. is the winner.

Other persons to submit a correct answer were:
  • Jo B.
  • Pascal R.
  • Phil A.
  • Patrick H. (from Redteam Pentesting who was also the winner of the first challenge)
Here is the solution of the wifi puzzle provided by Didier Stevens. A big thanks to him for all his hard work and dedication! All participants expressed they had loads of fun with this challenge. For more puzzles, join the Hex Challenge at BruCON.


Here's one way to solve the Brucon WiFi Puzzle: open the capture file with Wireshark.

The capture file contains one beacon frame for the brucon09wifi network. If you're a bit familiar with beacon frames, one tag will stand out: the vendor specific tag which Wireshark can't interpret because it's from a vendor it doesn't know.


The hidden data is inside the vendor specific tag. Select it and export the selected bytes:


How do you decode this data? You can try all types of encoding and encryption schemes, but to prevent you from wasting time trying countless possibilities, I've given you a hint in the name of the vendor: XortecOy. The data is XOR-encrypted. And the key is tecOy. ;-)

Open the saved bytes with Cryptool:


And apply XOR-decryption with key tecOy:


Et voilĂ !

Aug 26, 2009

BruCON Podcast ep3: Didier Stevens and The BruCON Hex Challenge

This time Wim is joined by Didier Stevens, pdf wizard extraordinaire and co-conspirator of The Hex Factor. He explains the idea behind the game that will keep us audience captivated during the conference, how they started and what you can expect from it.

Didier will also be giving a workshop on digital ID during BruCON and a lightning talk about his home automation system. There are still free slots available to register your own lightning talk.

You can download it through this XML feed or get it through iTunes.

Interesting links for this episode :

Podcast music by and with permission from Sah Ril. Sah Ril gets us hyper once again, this time with the great song F**k Me Famous from his album Wet.Plug.Trip.

There are still a few hours left to join the challenge from yesterday for some BruCON discounts.

Aug 25, 2009

Hex Challenge #2: Win a 10% discount on a BruCON training and a conference ticket

Want to win a 10% discount on a conference ticket and a BruCON training of choice? We'll even throw in some BruCON stickers as a bonus. Here is another sample of the Hex Challenge that will be running at BruCON.

Located in this file, is a hidden message. Send your answer to contest {removethisbyATsign} brucon (dot) org by Wednesday 26th of August by 16:00 GMT+1 at the latest. We will select a winner from all the correct answers randomly. We will announce the winner and post the answer on Thursday.

Good luck!

Aug 24, 2009

7 days of discount #brucon tickets available and last training seats

Brucon is getting nearer, it looks like it is going to be an awesome event.
  • Internet access will be native ipv6 and we'll have a gigabit uplink
  • The lounge will be filled with fun stuff to do and see (amonst others the Hex challenge). It will have an arcade / space invaders theme.
  • A great selection of Belgian beers will be available and let's not forget Club Mate
  • There are some dinners and guided tours available for those arriving early. Check the wiki for more information
  • Last but not least the BruCON afterparty.
Don't forget that our discount tickets end at the 31th of August. That leaves you with 7 days to complete your registration before prices will increase.

There are also some seats left for the BruCON training courses. Don't miss this chance to follow a course from one of these renowned trainers.
  • Crash course in Penetration Testing (By Joe McCray, and Chris Gates)
  • Web 2.0 Hacking – Attacks and Defense (By Shreeraj Shah)
  • Social Engineering testing for IT Security professionals (By Sharon Conheady)
Go to the training page for more information.

Aug 20, 2009

BruCON Podcast ep2: Jayson E Street about Cyberwarfare

Those who subscribed to the iTunes channel already noticed the release of episode 2. You can download it through this XML feed or get it through iTunes.

Episode 2 shownotes:

Getting our groove on with a good beat, this time contributed by Dave Lewis (@gattaca on twitter) of . Much to our amazement this dude laces the tracks with heavy basses that grab you by the throat in this track named 'Crisis' (the title seems appropriate to an infosec podcast) by his music project Mescaline.

On with the show. We got into a good discussion about information security, cyberwarfare and privacy with Jayson E. Street. Jayson will be speaking at the Brucon conference in September (don't tell me you have yet to book your ticket, right?) and was awarded the prize for the longest title. Apart from being an extremely likable guy, he's very knowledgeable on the subject and he's a published author. If we are not misinformed, his book "Dissecting the hack" (Syngress '09) was launched in Vegas last week. Have a look at it.

Interesting links for this episode :

We will release episode 3 real soon. Keep watching the blog because there will be another contest in the next week.