Jun 30, 2010

First Diamond sponsors

"BruCON is proud to announce two of the confirmed Diamond sponsors for our conference:

Both organizations were sponsors in our first edition last year and we are very happy to receive their support and commitment again to make this non-profit conference an open platform to discuss of critical infosec issues, privacy, information technology and its cultural/technical implications on society.

Some of our sponsors will be present during the conference with a small booth providing some presents for our visitors. We encourage you to pay them a visit to see what they have to say.

Hardhack.org featuring at BruCON

Our hardware hacking area with Mitch Altman will be joined by the hardhack.org crew!
hardhack.org is a hands-on hardware event. It will include hands-on workshops and demos showcasing a large variety of open source hardware, hardware kits, and hardware hacking. The workshops includes soldering, firmware hacking, and other open source hardware topics. Our aim is to encourage hands-on exploration of hardware rather than presentations. Kits will be for sale at the event and tools will be provided.
As we said, we still have some surprises for the coming BruCON event. And what is even better! Fridayevening will be Fracknight, meaning open and free access to the hardhack area for everyone!!! The only limitation is our venuecapacity... as long as we don't exceed the 400 people for firesafety reasons, you are free to come to BruCON and have fun with us in the hardware hacking area! (from 20:00 till ????). The bar will also remain open of course.
Come solder your first brainwave machine or TV-b-Gone or whatever crazy invention you're bringing yourself!!! There will be several workshops during the day including a DIY arcade box workshop.

We have more good news but let's not spoil everything at once. The only bad news is that you have to wait till 24th of September for all the fun at BruCON!!!

Jun 23, 2010

Bonus: 2 extra presentations and 1 workshop

With 7 days to go before the end of our early bird tickets, we are announcing some bonus presentations and workshops:
Have a look at the complete schedule at


Keep tuned to our RSS feed or mailinglist since we have MORE surprises for you coming!!! Don't forget the early bird will end for our training sessions as well!

Jun 16, 2010

BruCON - The Barcelona connection

Another security conference is taking place in the same week as BruCON in Barcelona, Spain but luckily not on the same days. This created a great opportunity to visit both conferences.

Although we are not officially affiliated, SOURCE Barcelona has offered BruCON attendees a 50% discount to visit their conference. Simply use the code "SOURCEBru10" at registration - (www.sourceconference.com). With flights starting at 109 euro between BRU and MAD, this could be a tempting offer.

Tapas in Barcelona, beers in Brussels? You decide.

Jun 15, 2010

BruCON speaker/trainer at OWASP BE meeting Wednesday 16th of June on SQL injection

Joe McCray is in Brussels and will give a talk on SQL injection at an extra OWASP BE Meeting Wednesday 16th of June.

Joe is a also a BruCON 2010 speaker and trainer. He will give a presentation on "You Spent All That Money And You Still Got Owned" next September.

Abstract: This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC).

The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.

He is also giving a pentesting class based on this called Pentesting High Security Environments.

This course will focus on penetration testing techniques that can be used when testing highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. If you are tired of attacking unpatched Windows 2000 Servers in your hacking courses and want to take a course where you will be attacking new Operating Systems/Applications that are patched, locked down, and protected with an IDS/IPS then this is the course for you.

The first day of the course starts with attacking heavily protected environments from the outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and dealing with Load Balancing, common application security measures in PHP/ASP.NET, and Web Application Firewalls.

The second day covers attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers gaining control of Active Directory.

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

Want to join the OWASP BE Meeting????


June 16th 2010 18h-20h


Location is sponsored by Zenitel Belgium.

Location: Zenitel Belgium, Z.1. Research Park 110 – 1731 Zelli! k, Belgium (same building as http://www.u2u.net/Route.aspx)


* 18h00 - 18h30: Welcome & Refreshments
* 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, Zenitel, OWASP Board)
* 18h45 - 20h00: Advanced SQL Injection (by Joe McCray, Learn Security Online)

More information can be found at http://www.owasp.org/index.php/Belgium#tab=Chapter_Meetings .

WHO should attend?

Anyone interested in Web Application Security (management, security
professionals, developers, students, etc). OWASP Belgium chapter
membership is free. All meetings are free. There are never vendor
pitches or sales presentations at OWASP meetings.

Check our chapter page http://www.owasp.org/index.php/Belgium on
meeting details, sign up to the chapter mailing list and introduce


Please send a mail to 'belgium at owasp.org' if you plan to attend,
so we can size the venue appropriately and keep you updated on
last-minute changes.

Jun 3, 2010

Be a part of BruCON. Give a lightning talk!

Do you have something interesting to share and you can tell it in 5 minutes? Go to our wiki and sign up for a lightning talk! It doesn't have to be mindblowing research or 0-days, your favorite tool or project might interesting to others as well!! Lightning talks are presentations of about 5 minutes. Death by bulletpoint is not allowed.

One of our speakers Craig Balding together with blogger Chris John Riley proposed to coordinate the lightning talks which will result in a both educational and entertaining hour. This year the talks will be held on the main stage. Word got out quickly and a lot of the slots have already been taken so be fast to get one of the last ones!

More details on

Note: To avoid unnecessary questions, you will get nothing in return for giving a lightning talk. Except 5 minutes on the spotlight, interesting feedback and maybe a beer from someone in the audience.