Oct 4, 2011

Pictures wanted

I'm hoping everybody has recovered from BruCON 0x03, had some time to spent with friends and families and maybe took some of the things you picked up at BruCON and gave them a twhirl for some work-related or other project.

While we are already looking at BruCON 0x04, we have one little request for you. We do not have an official BruCON photographer and we figured the best viewpoint to capture how BruCON was, would be that of an actual attendee.

If you took pictures at brucon, please send us a mail with a link to them @ info 0x40 brucon.org.

Thank you (and standby for more news on the next edition !!)

Sep 16, 2011

a lot of hands make work light ...

and the experience awesome ...

There's a lot of work to be done at a conference like BruCON : setup, running the workshops, catering duty, bar duty, security, break up, ...

A big challenge this year for instance is that we can only enter the conference venue at 7am on Monday. You can imagine that it will be hectic to get everything ready and it will be kinda a all-hands-on-deck moment :-)

If you're coming out and want to lend a hand before, during or after the conference, please register to our volunteer management system here : https://ssl.brucon.org/gabriel/

Even just for one hour, your help will be appreciated by everyone at the conference !

See you at BruCON !

Sep 15, 2011

Last minute changes to the schedule !

There was a time when I thought the last few months leading up to a conference were hectic. Back then I didn't know how it would be one week before the conference. I believe there's one thing that keeps us going and that's the enthusiasm we feel from our volunteers, our attendees (many are flying in from all over the globe) and our volunteers. We're so much looking forward to kick Brucon 0x03 off!

One thing you have to take into account is that a speaker can always have to cancel his attendance. It's never bad will, it is just stuff that happens for various reasons. It is pretty rare that you are suddenly looking at three empty spots on your schedule. I can tell you it's pretty scary ... one week before the conference :-) Emergency management suddenly gets a whole different meaning. And I think we pulled a small 'Dora The Explorer' here : WE DID IT!

Thanks to awesome friends and people doing all they could to juggle their schedule around, we were able to fill in the three spots on the schedule. With further adue, here they are :

Dan Kaminsky - Black Ops of TCP/IP 2011

There's what networks are supposed to do, and then there's what they're actually capable of. In this talk, I'll discuss some interesting findings in BitCoin, UPNP and TCP. I'll also discuss a (probably inadvisable) mechanism for password based authentication via public key cryptosystems. Finally, I'll talk about N00ter, a mechanism I'm developing to expose biased networks.

Andreas Bogk - Certified programming with dependent types : Because the future of defense is liberal application of math.

Dependent types expand the concept of types in programming languages by arbitrary predicates depending on the value of the type. This lecture will introduce the necessary fundamentals using code examples and show how dependent types can be used to develop formally verified and thus more secure code.

Aluc - Incident response the good the bad and the ugly, or how to keep your face after a security breach.

Security breaches occur every day and we have to get used to it. But our Customers won't be happy if their data are published. Now there are some questions to be answered : How do we handle such a breach? Which data should we release to the public? How do we create an incident response plan? How to work with our forensic partner? Which data should you give to the Police and what should we be quiet about? All these and more will be discussed on real life examples.

We have to thank Aluc, Dan and Andreas to be so willing to make last-minute arrangements to help us out. I hope you all are looking forward to BruCON as much as we are !

See you at BruCON!

Sep 13, 2011

Finding your way around Brussels during Brucon

For many of our attendees, this may be the first time they're visiting Brussels. Finding your way around may not be the easiest thing to do .... Some will just go at it, some like to plan everything before leaving. The latter group will be relieved when they see the effort @5M7X has gone through to create an awesome map where all the important Brucon events are indicated on!

See you at Brucon

Sep 12, 2011

Brucon Trainings -- a long-term knowledge sharing engagement

Since it's inception Brucon had two main goals. The first one to foster an environment where both the technology-oriented information security audience and the business-oriented information security audience could find knowledge, share experience, learn and be inspired. This became our two-day conference. The second goal was to create an event where our audience could learn the stuff they need to excel in their job, the skills they require to be ahead of the curve. This part materialized in the first place as the Brucon trainings.

The Brucon trainings aim to bring top-notch experts to Belgium to deliver a great learning experience at an affordable price. I believe we can pride ourselves in the fact that we can deliver these trainings at one of the lowest price compared to other conferences. We can only thank our trainers for this.

The trainings make our circle round. Thanks to the income from the trainings, we are able to keep the cost for the conference low. They contribute immensely to the budget we have for our conference. As a non-profit organisation we are not allowed to, well, make profit :-) Thus any excess money is contributed to community efforts. The Belgian hackerspaces and The Infosec Mentors project, amongst others, have been sponsored by Brucon in the past years. It's part of who we are, it's why we do this.

This year, unfortunately, we had to cancel two of our six scheduled trainings. Not as bad as many other conferences but still disappointing. For us, for the trainers who have prepared the materials and course content and for the people who actually registered for the courses.

Now, for the remaining trainings, we still have open spots. If you or anyone you know is still interested to join in for 2 days of learning from the best in the industry, don't hesitate to register !

To register for these trainings click here!

See you at Brucon !

workshop registrations are open !

To make sure everything around the workshops runs smoothly, we are opening registrations.
You can add your name to the workshop registration page.

Please observe the following rules :

  • enter your name only once.
  • Only register for yourself.
  • Only register if you are sure you will attend.
Registrations will close 24hr before the conference. If you were unable to register, please check the location of the workshop a few minutes before the start. It may be that some people did not make it or the trainer is ok to have a few more people attend.

See you at Brucon !

Entering the Brucon conference site by car

Hola (that's Spanish for hello),

You should already be aware that we are having this year's Brucon at the Campus of the 'Vrije Universiteit Brussel' (let it be known as VUB from here on forward).

For people that decide to come to the venue by car, our hosts have been so kind to create an entrance barcode that you should not forget to print and bring with you as it will open the gates at entrance 6 and 13 of the campus.

It can be found here : http://mcaf.ee/6w704

See you at Brucon !

September 18th is car-free Sunday !!

Public Service Announcement :

On Sunday September 18th, there will be a car-free sunday in Brussels. This means that people travelling to Brussels by car that day will not be able to enter the city with their vehicle before 7pm. Travel from the airport to the city center by taxi will be possible, but taxis will need to adher to a speed limit of 30km/h in the city (which may drive up your travel cost).

For people arriving at the airport, we strongly advise to use the train service into the city center. There is a train every 10 minutes which makes stops in the North, Central and South station and thus should make any hotel reachable.

The airport train station is located below the terminal (basement level-1). Up to 4 trains an hour connect the airport to Brussels North, Brussels Central and Brussels Midi stations.

Obviously, they don't organize such an event for the heck of it :-) a lot of things are planned at which pre-brucon enjoyment can be had. Find more information on these at :

See you at Brucon !

Aug 31, 2011

The schedule is online

Dear all,

Getting a ticket to Brucon is step one .... maybe even more important for our attendees is planning their days so they can see the talks they want to see, attend the workshops they want to attend and still have time for a beer, playing The Hex Factor or a chat with old and new friends.

Without further ado, here is the Brucon schedule : http://2011.brucon.org/index.php/Schedule.

Please be aware that this schedule is subject to change. Allthough most slots are locked, travel schedules, last minute decisions or someone coming up with an awesome idea can still influence the timing. Check back regularly.

See you at Brucon 2011 !

Aug 29, 2011

Introducing our Gold Sponsors

I can't believe it's less than a month until Brucon! It gets me excited to finally be able to see everything come together. Everything that numerous volunteers have spent hours on preparing. On Brucon days, as an organizer, you get satisfaction from very little things. Seeing the catering be run without a hitch, seeing people playing The Hex Factor, watching awesome discussions after the talks, seeing people learn in workshops. Those are the moments where you realize WHY you have done what you've done for the months prior. It feels awesome! Obviously, besides our kick-ass volunteers, there's also our sponsors who make everything possible. This blogpost is especially meant to thank our Gold Sponsors :

there are some Gold Sponsor places left. If you're interested in supporting one of the primary security events in Europe, don't hesitate to get in touch with us !

Jul 27, 2011

Where the party's at ...

So, what's a con without a party?

When I set out to organize the Brucon party this year I had a lofty goal. We all work hard enough in our day jobs. The volunteers bust their butt to make Brucon as amazing a conference as it can be. For you, for the volunteers, I wanted to host the most awesome party I could come up with. Finally, everything fell into place and I feel confident that the party will be as kick-ass as you would expect from us. Here's what we got :

IOActive is the exclusive sponsor for the Brucon party. We're very pleased to have them supporting us in what we're trying to do for and with the infosec community!

The party will be held at Havana Club Brussels (http://www.havana-brussels.com), Rue de l'Epée 4, 1000 Brussels.
It's a cuban inspired place with (at maximum capacity) 4 bars and 2 floors that will be exclusively available to the Brucon audience. As the location is modular, we will be doing a roll call a little bit closer to the event so we can make sure enough bars are open to keep you hydrated!

And then ... there's music!

You will be entertained by :
- Joernchen of Phenoelit (checkout http://www.phonoelit.org)
- Mumpi of Phenoelit (checkout http://www.phonoelit.org)
- Keith Myers (checkout http://www.myspace.com/djkeithmyers)

Now, those in the know understand that we're quite excited about this line up but most of all, we're hoping you will enjoy this part of the conference as much as all the rest of goodness we'll have to offer you!

Jul 25, 2011

Staying in Brussels during Brucon

This post is long overdue ... You are all waiting to hear from us which hotel will be the official conference hotel.

At this moment we have selected no hotel yet. The main reason for this is that we have learned that there are other events taking place in Brussels at the same time as Brucon. This has resulted in a price increase for hotel rooms (where Brussels is already not the cheapest city when it comes to hotels) and tough negotiations on our part to find the best deal. This will continue for a few more days so at this moment we want to suggest a few hotels that are ideally located in Brussels in several price categories.

Ideally located means that they are close to public transport to reach the conference venue and within walking (short cab drive) distance of the party location for Monday night (+close to the infamous Brussels nightlife)

Hotel Novotel off Grand Place
120, rue du Marché Aux Herbes
1000 Brussels, Belgium

Best Western Premier Carrefour De l'Europe
110, Rue du Marché aux Herbes
1000 Brussels, Belgium

Hotel NH Grand Place Arenberg
Stormstraat 15
1000 City of Brussels, Belgium

Hotel La Madeleine
Rue de la Montagne 22
1000 Bruxelles, Belgium

Obviously there are more hotels in Brussels ... Any hotel near gare du midi is pretty much ok too.

If you can gather 4 or more people to stay together, you might want to look into a short-term rent appartment as well :

Jul 14, 2011

Last day of early bird tickets BruCON Training

You've got until 12 midnight on Friday 15th July (CET timezone) to take advantage of BruCON's early bird tickets for great trainings:
  • FAIR - Factor Analysis of Information Risk by Jack Jones
  • Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte
  • There’s An App For That (Pentesting Mobile Apps) by Joe McCray
  • Threat Modeling and Architecture review by Pravir Chandra
  • Dissecting Wireless Network Security by Vivek Ramachandran
Details on http://2011.brucon.org/index.php/Training

Quick Decisions Might be the Best!

The BruCON team

Jun 23, 2011

Announcing Brucon workshops

Everybody knows by now that Brucon is not just another infosec conference. One of our primary objectives is to bring the skills to the people who need/want them by the people who know them. This year is no exception : Brucon will be filled with action in the presentation tracks but we'll also be hosting several workshops.
Here's the list of currently confirmed workshops, with more to come soon :

- White Hat Shellcode: Not for Exploits by Didier Stevens
- Agnitio: the security code review Swiss army knife by David Rook
- Collective Malicious PDF Analysis by Brandon Dixon
- Script Kiddie Hacking Techniques by Colin McLean and Ellen Moar
- Lock Picking Workshop by TOOOL
- Creating Wi-Fi Malware for Fun and Profit by Vivek Ramachandran
- Beer brewing workshop by Machtelt Garrels

register for Brucon here : https://ssl.brucon.org/register/
also, don't forget about the post-Brucon trainings! You can register here : https://ssl.brucon.org/register-training/

and then there's the party, The Hex Factor ... and beer ... and Brussels nightlife ... and beer

Jun 15, 2011

and ... registrations are open

In the past few weeks we have worked with fever to get our brand new registration page online, with online payment facility but technical difficulties have not been worked out yet.

Because we understand that you all need to start planning for an awesome time in Brussels and at Brucon, we are switching to plan B. We are now taking registrations for both the conference and the training sessions using our old (and tested) registration pages.

After registration you will receive an e-mail containing a personal registration code and payment details. At this moment it is still not possible to pay online. You can choose to pay through bank transfer now or wait until our online payment facility works and pay then. You will not lose early bird status if you choose the latter option.

We are all looking forward to having you over for another awesome conference in September!

Jun 3, 2011

Confirmed Speakers Brucon 2011

Without further delay, here is the final list of selected (and confirmed) speakers :

update June 15th :

  • Ripping Out Code: Practical Attack Surface Reduction for Open Source Systems by Craig Balding
update June 13th :
  • Myth-busting Risk by Jack Jones
  • Step-by-Step for Software Security (that anyone can follow) by Pravir Chandra

  • Botnets and Browsers - Brothers in a Ghost Shell by Aditja K. Sood
  • The 99¢ heart surgeon dilemma, How to fix penetration testing by Stefan Friedli
  • iOS Data Protection Internals by Andrey Belenko
  • Pushing in, leaving a present, and pulling out without anybody noticing, Data Exfiltration in highly secure environments by Ian Amit
  • Social Engineering Like In The Movies – The reality of awareness and manipulation by Dale Pearson
  • Botnet Identification and remediation, Cleaning up in your own back yard by Barry Irwin
  • Attacking SAP's J2EE Engine by Alexander Polyakov and Dmitriy Chastuhin
  • Abusing Locality in Shared Web Hosting by Nick Nikiforakis
  • Smart Phones – The Weak Link in the Security Chain, Hacking a network through an Android device by Nick Walker and Werner Nel
We're continuing selections as we speak.

The Brucon Team

Brucon pre-registrations

First off our sincere apologies for the delay we have ran into opening Brucon registrations.

This year we have, for the first time, teamed up with an online payment processor to enable payments by credit cards. Something that is new for us and which has been requested by many of you in the previous years. This has driven us to a complete overhaul and further automation of the registration process and seeing that we're all volunteers, a serious delay. We really want to make sure that everything works as expected and that whatever data you submit to us is secure. We just don't want to be the next Sony ;-)

While waiting for the official registration page (and online payment processing), you can preregister through e-mail at info@brucon.org.

if you want to register for a training, specify your name, your company (if applicable) and which training you wish to attend. Pricing for training is 895EUR (excl VAT) early bird (ends Jun 30th) and 995 (excl VAT) after that.

if you want to register for the conference, specify your name, your company (if applicable) and whether you're a student or not. Pricing for the conference are 50EUR for students, 90EUR early bird (ends Jun 30th or first 100 tickets) and 150EUR after that. Business tickets are 250EUR (excl VAT) early bird and 350EUR after that. We can only provide invoices for Business tickets not for regular tickets.

If you're a student, you will need to present your student ID at the entrance. Without a student ID you will need to upgrade to a standard 150EUR ticket or will be denied entrance.

If you preregister either for training, the conference or both you will be eligible for early bird pricing even if disaster strikes (e.g. we run really late with getting the page up).

Once the registration page opens, you will receive a code that will enable you to register at the correct conditions.

Now further to fill up those speaker and workshop slots! We're excited, are you?

See you at Brucon 2011!

Apr 29, 2011

A lot of announcements to make !

We're getting up to speed people. A new location, keynote speakers, trainings and a new registration process (payment at least)

your ar
e by now aware that we had to change locations. The address of the new location is :

Vrije universiteit Brussel
Pleinlaan 2
1050 Elsene

you can find more travel information here : http://2011.brucon.org/index.php/Travel

Keynote Speakers, we haz them

Haroon Meer, Alex Hutton and Jaron Lanier will be our keynote speakers for the 2011 edition. More information and their bio's here : http://2011.brucon.org/index.php/Schedule

Training, because Brucon is about learning

the following trainings have been confirmed :

- FAIR - Factor Analysis of Information Risk by Jack Jones

- Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte

- There’s An App For That (Pentesting Mobile Apps) by Joe McCray

- Threat Modeling and Architecture review by Pravir Chandra

Full descriptions of the trainings can be found here : http://2011.brucon.org/index.php/Training


We have teamed up with a Ogone who will be our payment processor for this editon of Brucon.
This means you will finally be able to register using your favorite credit card, which should hopefully
make the registration process less cumbersome.

We are working with Ogone to integrate their modules into our registration process. We should be ready
with this any moment now ... (hits the refresh button)

Ticket Prices

We have not changed a lot to ticket pricing for 2011 :
- Early bird tickets (until June 30th or first 100 tickets) : € 90
- From July 1st (or when first 100 tickets have sold out : € 150
- Student tickets : € 50 (valid student ID to be presented at registration desk)
- Early Bird Business tickets (until June 30th) : € 250 (excl. VAT)
- Business tickets (from July 1st) : € 350 (excl. VAT)
Invoices can only be provided for Business tickets.
More info on tickets : http://2011.brucon.org/index.php/Tickets

Feb 8, 2011

Confirmation of Brucon dates

Ladies and Gentlemen,

between kicking of the Call For Trainings a few weeks ago and launching our much anticipated Call For Papers today, we have been working hard to fix a date for our conference while looking for a location. When and where obviously are interdependent and we can assure you that we have nailed both. What we forgot in the rush, was to let you know ... So here, is the confirmation for the dates and the location of the Brucon conference and Brucon trainings :

September 19th and 20th : Conference! 2 days full of awesome talks and workshops. Find the CFP here .

September 21st and 22nd : Trainings! 2 days courses by renowned expert. Without telling too much, we can assure you that there will be awesomeness to be absorbed here! Find the CFT here.

The location has been set at the VUB (Vrije Universiteit Brussel) both for the conference and the trainings. Yes, it is sad that our previous location is not available, but we made sure to find a location that will provide ample space to let our and your creativity run free.

So, we hope to see you in September in Brussels to make Brucon v3 another awesome edition!

Jan 24, 2011

Brucon Call For Papers 2011

Call for Papers BruCON.v3 2011

Brussels, Belgium -- This is the call for papers (CFP) and participation for the 3rd edition of BruCON, a 2-day Security and Hacking Conference full of interesting presentations, workshops and security challenges. BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world including (but not limited to) hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,etc. The conference will be held in Brussels on the 19th and 20th of September 2011 on the VUB Campus.

Topics of interest include, but are not limited to :
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Web Application and Web Services Security
* Lockpicking & physical security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Hardware hacking, embedded systems and other electronic devices
* Mobile devices exploitation, Symbian, P2K and bluetooth technologies
* Electronic Voting
* Free Software and Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Security aspects in SCADA, industrial environments and "obscure" networks
* Forensics and Anti-Forensics
* Mobile communications security and vulnerabilities
* Information warfare and industrial espionage
* Social Engineering
* Virtualisation Security
* ...


The following dates are important if you want to participate in the CfP
  • Abstract submission: no later than 15th of May 2011
  • Notification date: around end May 2011
  • Full paper/presentation submission: no later than 31th of July 2011
Submissions can be entered at https://cfp.BruCON.org/submission

For further information and questions, please feel free to contact cfp 0x40 BruCON.org

Submission Guideline (for standard paper track)
Authors are encouraged to submit a paper in English or presentation slides, using a non-proprietary and open electronic format. Abstract is up to 500 words. Submissions must be sent via https://cfp.BruCON.org/submission. You can contact us if any errors or issues occur. The program committee will review all papers and the author of each paper will be notified of the result, by electronic means. Provide as much details about your talk as possible. It will enable reviewers who are not subject matter experts in the area that you focus on to still appreciate your abstract and make an informed decision when scoring it. Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport) and contact info. 2. Brief biography, list of publications or papers. 3. Any significant presentation and/or educational experience/background. 4. Reason why this material is innovative or significant to the BruCON audience 5. Optionally, any samples of prepared material or outlines ready. 6. Information about if yes or no the submission has already been presented and where. The information will be used only for the sole purpose of the BruCON conference including the information on the public website. We do not accept product or vendor related pitches. If your presentation involves an advertisement for a new product or service your company is offering, please do not submit. Also, we do not accept presentations submitted by a third party including (but not limited to) company representatives, management bureau's, etc. BruCON presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. We want BruCON to be educational and entertaining to the attendees and the community.

Additional Speakers Info

BruCON is a non-profit event organized by and for the security and hacking community. Speakers are not paid. Financial help on travel expenses and accomodation is possible, but will be handled on a case-by-case basis. Provide as much information about your requirements (including a cost estimation) and we will contact you personally after your talk has been accepted. Lectures should not exceed 45 minutes plus up to 10 minutes for questions and answers. The spoken language of a lecture will be English.

Publication and Rights

Authors keep the full rights on their publication/papers but give the right to redistribute their papers for the BruCON conference and the related electronic/paper publication under the CC-BY-NC-be license.

Sponsoring and Donations
If you want to support the initiative, please contact us by writing an e-mail to sponsors 0x40 BruCON.org

The following resources are available to stay up to speed with the event:

Jan 13, 2011

Call for Training 2011

Today we launch our call for training!

As all of you are living towards the 3rd BruCON edition in 2011, we are working hard behind the scenes to make sure it is as awesome as you've come to expect from us.

We believe that one of the strong points of BruCON is that we can offer quality training by industry experts that not only know what they teach, but also live it on a day to day basis.

If you teach a 2 day training course on any offensive or defensive information security subject and want to give it at BruCON in September, we want to hear from you. please submit the material you have to info@brucon.org.

We'd like to receive :
  • a course outline (what will the attendees learn).
  • the prerequisites for the course (what will the attendees need to know before attending the course).
  • description of course materials (what reference materials will the attendees receive)
  • your motivation (why is your course perfect for our conference and our attendees).
any additional material would be appreciated.
We are currently scheduling our trainings to take place on September 21st and September 22nd but as we are looking for a venue, these dates are subject to change.

This CFT starts now and ends on February 28th.
We will contact you personally to inform you whether your course is considered for the conference and if so to start negotiations on the details to offer the best trainings to our attendees.