Mar 22, 2010

Announcing BruCON Training #5: Advanced Vulnerability Scanning Techniques Using Nessus by Paul Asadoorian (@pauldotcom)

Course abstract:

This course teaches advanced scanning techniques by using a real-world scenario to demonstrate how these techniques help to solve problems in an example work environment. In this course you (or you and your team) will take on the role of a brand new security engineer for a financial company. You will be tasked with configuring and auditing a system to be used within your network environment. The system, and associated applications, make up the environment used to manage the business. Currently, the old systems are in place and an upgrade is planned. The current vulnerability scanning process takes over a week to complete and there is duplication of effort and a known false positive rate. Additionally, breaches have occurred on the network and your company is in jeopardy of being fined due to compliance violations. The vulnerability management process is missing vulnerabilities that were exploited by attackers. A sample system has been provided for you, that exactly mirrors what will be used in production, right down to the passwords and configuration.

Paul Asadoorian - Biography

Paul Asadoorian is currently the “Product Evangelist” for Tenable Network Security, where he showcases vulnerability scanning and management through blogs, podcasts and videos. Paul is also the founder of PaulDotCom, an organization centered around the award winning “PaulDotCom Security Weekly” podcast that brings listeners the latest in security news, vulnerabilities, research and interviews with the security industry’s finest. Paul has a background in penetration testing, intrusion detection, and is the author of “WRT54G Ultimate Hacking”, a book dedicated to hacking Linksys routers.

More information on the course can be found here.

Related posts:

Mar 17, 2010

Early bird tickets will be available starting Monday 22 March

This is a little advance notice that our ticket sales will start on Monday 22 March around 13:00 GMT+.

Tickets will be available starting at 90 euro including three meals (breakfast, lunch and dinner) for both days! We are convinced this will be affordable for everyone and was only made possible by all the volunteers organizing and helping out at the conference as well as the organizations supporting us.

Our schedule is not available yet as our Call for Papers still runs till the 30th of April. If you have a fun idea, topic or workshop idea for the conference, please let us know!

To have an impression of what our conference has to offer, have a look at last year's edition.

If you need travel and lodging advice, please have a look at our Travel page.

You can read about all the details and conditions of our tickets at

Don't wait to buy your ticket as we only have 400 seats!

Mar 16, 2010

Announcing BruCON Training #4: Assessing and Exploiting Web Applications with Samurai-WTF

Course abstract:

This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF). Day one will take students through the steps and open source tools used to assess applications for vulnerabilities. Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves.

Justin Searle - Biography

Justin Searle, a Senior Security Analyst with InGuardians, specializes in penetration testing and security architecture. Justin currently leads the Smart Grid Architecture group of the Cybersecurity Coordination Task Group (CSCTG) for the National Institute of Standards and Technologies (NIST) and serves as a member of the Architecture Board for the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) group.
Previously, Justin served as JetBlue Airway’s IT Security Architect and has provided top-tier support for the largest supercomputers in the world. Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities and corporations.
Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. In his rapidly dwindling spare time, Justin co-leads prominent open source projects including The Middler, Samurai Web Testing Framework, and the social networking pentest tools: Yokoso! and Laudnum. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).

More information on the course can be found here.

Related posts:

Mar 8, 2010

Announcing BruCON Training #3: Social engineering (for pentesters)

In 2007, one of the biggest diamond robberies ever found place. The thief used no violence. He used one weapon -- his charm -- to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were. You can have all the safety and security you want, but if someone uses their charm to mislead people it won't help.

Course abstract: Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security program, people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.

Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your IT systems to be compromised. Such tests can:

  • Give a good indication of and even improve your staff’s level of security awareness
  • Teach your staff how to identify and deal with social engineering situations
  • Provide valuable recommendations on both security awareness and physical security
However, it can be difficult to know how to conduct a social engineering test. This two-day training course will teach participants how to conduct an ethical social engineering test, the theory behind social engineering, as well as giving recommendations on how to defend against social engineers. The course will include practical exercises and is open to anyone with an interest in social engineering.

Sharon Conheady – Biography

Sharon Conheady is a Director at First Defence Information Security in the UK where she specializes in social engineering. She has social engineered her way into dozens of organizations across the UK and abroad, including company offices, sports stadiums, government facilities and more. She has presented on social engineering at security conferences including Deepsec, Recon, Brucon, CONFidence, ISSE, ISF, SANS Secure Europe and more.

After inventing the Internet alongside Al Gore, Sharon moved on to the development of security protocols that were used to crack 128 bit encryption. She holds a degree in Computer Science from Trinity College Dublin and a MSc in Information Security from Westminster University. Three times winner of the Nobel Prize, Sharon enjoys belly dancing and space travel.

If you see Sharon around your office, she kindly requests that you open the door to let her in.

Martin Law – Biography

Martin Law has over 19 years security expertise and has been performing social engineering tests since 1994. He specializes in accessing datacenters by using social engineering techniques and bypassing physical security like a geeky James Bond.

Martin also undertakes investigations into actual or suspected security breaches, and specializes in the area of Information Warfare. He attempts to breach not only the logical security of systems and networks, but also the physical security of the infrastructure and buildings, including the use of social engineering when engaged in an “All-Out-Attack” against an enterprise.

“If you can't go through the firewall, go through the secretary” -- Sharon Conheady

More information on the course can be found here.

Mar 4, 2010

Announcing BruCON Training #2: A crash course in pentesting and securing VOIP networks

BruCON is proud to announce this second training session. More training sessions will be published in the following days, so check back regularly.


As VoIP networks become more and more part of the way organizations communicate, security professionals need to understand their strengths and weaknesses. This knowledge will help them make sound decisions on the security (or lack of) of their VoIP system and network.

Attendees who follow the VoIP security training will gain valuable hands-on experience in testing VoIP equipment and networks. During the training they will make use of existent security tools as well as custom built tools to help them get the job done.

These are some of the hands-on topics that are covered:
  • VLAN Hopping
  • Fingerprinting VoIP devices
  • Abusing SIP
  • Toll fraud issues
  • Wiretapping VoIP phone calls
  • Denial of service attacks
  • Attacks on VoIP configuration interfaces
    • web application attacks
    • default configuration issues
  • Covert channels through VoIP
BIO trainers:

Sandro Gauci is the owner and Founder of EnableSecurity ( where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious ( and VOIPPACK for CANVAS.

Joffrey CZARNY, working for Devoteam Security Business Unit (FR). Since 2001, Joffrey is a pentester, he has released advisories on VoIP Cisco products and spoken at various security-focused conferences (Wireless Conference at Infosec Paris and Wireless Workshop at 2005, VoIP at 2007/2008 and ITunderground 2008/2009). On his site,, he maintains the Elsenot project ("") and posts video tutorials and tools on several security aspects.

For more information, visit our website.

Related posts:

Announcing BruCON Training #1: Pentesting High Security Environments

BruCON is offering for a second year some state of the art training sessions at an affordable price. The first training we announce is "Pentesting High Security Environments". More training sessions will be published in the following days, so check back regularly.


This course will focus on penetration testing techniques that can be used when testing highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. If you are tired of attacking unpatched Windows 2000 Servers in your hacking courses and want to take a course where you will be attacking new Operating Systems/Applications that are patched, locked down, and protected with an IDS/IPS then this is the course for you.

The first day of the course starts with attacking heavily protected environments from the outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and dealing with Load Balancing, common application security measures in PHP/ASP.NET, and Web Application Firewalls.

The second day covers attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers gaining control of Active Directory.

BIO Trainer:

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

For more information, visit our website: