Apr 23, 2010

2010 Sneak peek: Presentation from Paul Asadoorian: Embedded System Hacking and My Plot To Take Over The World

We are happy to announce that Paul Asadoorian, also known from the @Pauldotcom security podcast, will be giving a presentation at BruCON. "Embedded System Hacking and My Plot To Take Over The World". This is just one of the many excellent presentations and workshops we have in store for the 2010 edition. More will be announced in the coming days.

Embedded systems, the purpose-built systems that encompass our world pose a threat to your data and infrastructure more than ever before. It seems that as Moore's law is proven time and time again, we as a society are seeing more and more embedded systems help us in our daily lives. Each time we use the computer on our home cable modem network, print an important document, or use a wireless network there is typically some kind of embedded system involved. These systems now represent the carriers of our data, from your computer to your online backing site, from the coffee shop network back to your corporate VPN. While embedded systems have made our lives easier, security is largely an afterthought. This presentation will take a look at common vulnerabilities in popular embedded systems that carry sensitive data every day.
Paul is also giving training during the BruCON training sessions on 22&23 September: Advanced Vulnerability Scanning Techniquess Using Nessus. Have a look at our entire training sessions for other excellent education opportunities.

Keep tuned for more announcements. Don't forget, you can still submit to our Call for Participation till next week!!!

Previous posts:

Apr 12, 2010

Announcing 1st Workshop: Malicious PDF Analysis

Our ticket sales started a few weeks ago. Although our CFP is still running, we'll start giving sneak peeks in the upcoming program of the 2010 BruCON edition. This might convince some of you to grab that ticket at early bird price since some of them are limited in number.

With great pleasure we are announcing an exclusive workshop from Belgian security researcher Didier Stevens! And what better subject it could be then a workshop in Malicious PDF analysis!

Workshops are part of the conference and we will announce more about these and upcoming presentations in the coming week so keep tuned! Also take a look at the BruCON training tracks prior to the conference.


This workshop will teach you the fundamentals you need to know to analyze (malicious) PDF documents. Didier Stevens will familiarize you with PDFiD and pdf-parser, two essential tools for PDF analysis he authored. The workshop is hands-on: bring your laptop, start the VM we provide you (VMware or VirtualBox) and you're ready to go! Contained in the Linux VM are the tools and PoC samples to do the exercises of the workshop. We start with a very simple, PoC malicious PDF file (you could even analyze this PoC file with Notepad or vi) to lay out the fundamentals, and then work through more complex examples.

Each attendee will receive a copy of a 20+ page PDF analysis document Didier Stevens authored. And yes, this document will be provided in the Portable Document Format, but hey, when you succesfully complete this workshop, you will know how to identify malicious PDF files ;-)


Didier Stevens (CISSP, GSSP-C, MCSD .NET, MCSE/Security, RHCT, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation. He is employed by Contraste Europe NV, an IT Consulting Services company (www.contraste.com). You can find his open source security tools on his IT security related blog at blog.DidierStevens.com.

Didier is a well-known expert on malicious PDF documents and authored the tools PDFiD and pdf-parser to assist with the analysis of PDF documents. PDFiD is one of the engines running on VirusTotal.