Dec 3, 2013

2014 5by5 announcement

Hackers and security enthusiasts of the world,

In 2013 we launched our first 5by5 program. We set aside 25,000 euros to sponsor independent research and contributions to the information security field and sponsored projects with a maximum of 5,000 euros. As BruCON we were very happy with the results and we hope the security community enjoyed this as well.

It was good. So good that for 2014 we will do it all over again. As of today we are launching our call for projects! Any project of an independent non-commercial nature will be considered for the 5by5 program and BruCON will work together with the participants to contribute to its success.

These are the rules for 5by5 2014:


  • Submit a detailed description of your project, its goals and its milestones to 5by5@brucon.org before January 1st 2014. You will be informed of acceptance before January 15th 2014.
  • If your team includes more than 1 person, nominate a primary contact for 5by5 correspondence.
There are no limitations towards the projects. We accept new initiatives or projects that are already under development for a while. As long as it is relevant for the information security space we will add it to the list for consideration.

After acceptance, you will be assigned a 5by5 Mentor. This person will work with you to keep an eye on progress of the project, determine milestones and he/she will be your guide through the whole process. 

From BruCON 5by5, you can expect :
  • Project sponsorship/contribution up to 5,000eur
  • Project mentorship by an experienced community member
  • A venue to put your project in the spotlight at BruCON 2014 (travel+hotel covered by BruCON)
  • Eternal gratitude from the information security community
We look forward to your submissions and another successful BruCON year!


RockON BruCON!

The BruCON team

Nov 28, 2013

Extra BruCON Spring Trainings 2014


BruCON edition 0x06 will take place in Ghent on 22-26 September 2014 next year. The conference on 25-26 September, and the regular BruCON trainings  on 22-24 September 2014.

Our BruCON trainings have always been highly successful and well attended in the last 5 editions.
On popular demand we organize an extra batch of BruCON Spring Trainings on 23-25 April 2014!



We are extremely proud to present a fine line up of trainers and topics:
  • Rapid Reverse Engineering by Russ Gideon (Attack Research)
  • Assessing and Exploiting Web Apps with SamuraiWTF by John Sawyer (InGuardians)
  • Pentesting Smart Grid and SCADA with SamuraiSTFU by Justin Searle (UtiliSec)
  • Corelan Live! by Peter Van Eeckhoutte (Corelan GCV)
  • Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich (Cure53)

The training location will be Novotel Ghent Centrum.

Training details and registration will soon be available, make sure to reserve your agendas and training budgets and keep an eye on @BruCON.

your BruCON team.

Sep 2, 2013

Training in the spotlight: Hacking PDF by Didier Stevens


We have some great trainings lined up for you at BruCON this year.
Just to make it even harder for you to choose one, we will put some of these trainings in the spotlight.

The second training is Hacking PDF, taught by Didier Stevens. Didier is a pioneer in malicious PDF document research, and has developed several tools to help with the analysis of malicious PDF documents. Steven on this unique training:



"What do you want from training? I want to gain knowledge. I designed my “Hacking PDF” training with this goal in mind.
“Hacking PDF” is a 2-day training focusing on the PDF language, not on reversing PDF readers. By attending this training, you will first acquire knowledge about the PDF language. And then we will use this knowledge to analyze malicious PDFs (day 1) and create PDFs for fun and profit (day 2).
Learning to use tools is nice, and learning new skills is interesting. But I want more. I also want to get a deep understanding of the subject. Because with this knowledge, I can develop new tools and invent new techniques.
On day one I explain the fundamentals of the PDF language. We take a look at several features of the language that malware authors use and abuse. And then we start analyzing PDFs. You learn to use my tools pdfid and pdf-parser on 20 simple PDF exercises. The exercise is to find the malicious behavior of the PDF, the goal is to gain understanding of PDF malware. And then we move on to the real deal: analyzing real, in-the-wild PDF malware.
On day two we use our understanding of the PDF language and PDF malware to create our own PDF files and modify existing PDF files. This is done with pure Python tools and other free tools. Adobe products are not used in this training, except to view PDFs. We will learn to do simple and smart fuzzing of PDFs, create PDFs that exploit vulnerabilities in PDF readers, embed files and PDFs, and a lot of other interesting hacks … 
You can find a “Hacking PDF” slideshow here: http://www.slideshare.net/DidierStevens/teaser-hackingpdfslides
There are not many pre-requisites for this training:
  1. You don’t need to know anything about PDF, I will teach you what we need to know.
  2. We use Python scripts, but you don’t need to be a Python programmer. We will modify existing scripts, so a bit of programming knowledge like if statements and loops is enough.
  3. Not need to understand assembly or shellcode, we use a shellcode emulator. And I will provide you the shellcode for day 2, you do not need to write it yourself.
  4. You need to be at ease with the command-line
  5. A security mindset is an advantage ;-)"


Aug 29, 2013

New workshop and hackaton announcement: Cuckoo Sandbox @ BruCON


We are thrilled to announce to have a Cuckoo Sandbox hackaton and workshop at BruCON!


Cuckoo Sandbox is an open source for automating the dynamic analysis of malware. It allows you to run and monitor any suspicious file inside an isolated environment and collect indicators and evidences of its behavior.

Cuckoo is growing to be an established but complex software and there are many features, improvements and fixes that are yet to be developed.

At Brucon core developers, contributors and users will be able to sit down to discuss, hack, break (and possibly build) Cuckoo Sandbox and wonder about the future of fighting malware.

A 4 hour workshop will also be included in the - soon to be published - schedule.

Kind regards,

The BruCON crew

Aug 28, 2013

BruCON training in the spotlights: "The Art of Exploiting Injection Flaws"


We have some great trainings lined up for you at BruCON this year.
Just to make it even harder for you to choose one, we will put some of these trainings in the spotlight.

We start with The Art of Exploiting Injection Flaws, taught by Sumit ‘Sid’ Siddharth. Sid is the contributing author of the book SQL Injection: Attacks and Defense (2nd Edition). We caught up with Sid and asked him what the USPs of the course are:

Sid: "If you do penetration testing or security consultancy as a day job and want to take your skills to the next level, then this is the right course for you. In the class we focus on Injection Flaws and only Injection Flaws and cover the topic inside out. We don’t teach people how to use sqlmap to exploit sql injection but give people deep underlying concepts so that they know when a tool is going to work and how the tool does work. So, next time when the tool gives up working, they are not stuck. 

To elaborate a bit more on this:
So, everyone’s favourite tool is BURP Professional to carry out web pentesting. What are the SQL Injection checks which burp does and more importantly what it doesn’t do? Anyone who has experience with BURP scanner would have noticed 1 particular check where it injects the query “select 1” and then inject “select 1,2” and based on the response often reports it as false positive SQLI. Fair enough! But why does it do that? And what happens when this 1 time out of 10 it’s not a false positive?

This is not a 101 class, we expect audience to have a basic understanding of app security, familiarisation with SQL language and OWASP standards. We cover advance topics such as 2nd order injection, injection in stored procedures, double encoding/decoding etc.
The 2nd day is also niche stuff which hasn’t received as much coverage as SQL Injection. So, we cover:

  • Hibernate Query language Injection (ORM)
  • LDAP Injection
  • XPATH Injection
  • XXE

Again, we don’t just touch the surface, but we go deep dive into topics like Blind LDAP/XPATH injection; XPath 2.0; combining XPath and XXE to do more fun stuff!
A lot of people have told me that they have never seen XPath injection in the wild. I myself didn’t see it until I researched the topic and in last 2 years, I have seen a fair few of them. They say, knowledge is power, for a reason ;-)"

There are a bunch of teaser slides about the course which can be found here:
http://www.slideshare.net/notsosecure/injection-flaw-teaser

Sid: "While I have delivered this class many times at Black Hat, Appsec etc, this is my first brucon. So, I am quite excited about it and hope to have a good turnout."

details and registration link are available on the BruCON web site: here.

regards

The BruCON crew


Aug 15, 2013

Without these companies, BruCON would not exist

During the last four editions, BruCON has been supported by a group of dedicated sponsors. Without their commitment and aid, BruCON would not be what it is today. The support of these organisation allows us to:
  • keep the conference affordable for everyone
  • provide catering and a party for free
  • invite quality speakers from all over the world and support their travel and accommodation
For our 2013 edition, we are very proud to announce the following organisations ... some are usual suspects and others are new joiners:

Our Two Diamond Sponsors



NVISO was founded by a group of enthusiastic security professionals working in the Information Security industry. Each of us has a specific field of expertise, allowing us to offer services ranging from security research and risk management to incident response and security testing. We firmly believe in and support the information security community and are proud to be a diamond sponsor of this precious Belgian event. Come and visit our booth at BruCON and you might just go home with a nice prize ;)


Ernst & Young (supporting since the last 4 years) is a renowned leader in Information Security both as a global player and locally. Security services truly lie at the heart of our delivery. On a global level, more than 1000 professionals work professionals are working within the information security practice on a daily basis. Key services that we deploy are based on our information security management framework.


Our Four Gold Sponsors


The SANS Institute was established in 1989 as a cooperative research and education organisation and is now the most trusted and by far the largest provider of information security training and security certification in the world, offering more than 50 expert training courses. SANS programs now reach more than 165,000 security professionals around the world with SANS' instructors and courseware being considered the very best in the industry. SANS also offers a myriad of free resources to the InfoSec community including consensus projects, research reports and newsletters; and it operates the Internet's early warning system - the Internet Storm Center.


 Microsoft  Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services, and solutions that help people and businesses realize their full potential.





Rapid7’s solutions, Nexpose, Metasploit and Mobilisafe, give defenders visibility & management of the risk around their IT environment, users & threats. Used by 2,400+ enterprises & government agencies in 65+ countries, its solutions are top rated by Gartner®, Forrester® & SC Magazine. Its free products are downloaded 1,000,000 times a year & enhanced by 200,000 open source community members.



PwC Technology  helps organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with more than 7.660 consultants who are committed to delivering quality in secure, manage and transform technology. Tell us what matters to you and find out more by visiting us at www.pwc.be/Technology-Consulting

 Our Party & CTF Sponsors



Also thanks to:

TrueSec
Ogone 
L-SEC
HackingMachines
Getronics
Exclusive Networks
Mac Telecom
ISC2
OWASP

Jul 22, 2013

Announcing the Facebook Capture The Flag

Since the inception of BruCON we have always hosted the "The Hex Factor" Capture The Flag events which were always met with great enthusiasm and received excellent feedback.

This year, unfortunately and due to various circumstances, THF will not be able to continue and while we're grateful for the stellar work the team put into the event, we were challenged to come up with something equally great and worthy to step in the footsteps of a BruCON household name.

We believe we have found it!


It is with a lot of excitement that we announce the Facebook Capture The Flag event @ BruCON.

Here are the details :
Location : Sint Autbertus Church @ Monasterium Poortackere (aka The Conference Hotel)
Time and Date : All day, September 25th
Register : Here
Fee : 0 euros (yes, it's free!)
Teams : Maximum 4 people / team (if you don't have a team, please send an email to crew@brucon.org with the title CTF solo player. We'll match you up with a team of your own!).
Limit : Logistically, we can allow a maximum of 10 teams! Be quick!
Prizes : there will be monetary prizes for #1, #2 and #3 (yes, they're substantial. no, we're not sharing those details yet :-))

So, on September 25th we gather in the Church @ the conference hotel for a full day of hacking. Expect both your offensive and defensive skillsets to be tested to their limits. The good part is that there'll be fun and learning to be had for everybody. Do not feel like you shouldn't partake if you don't feel 1337 enough or even if you don't have a team ready. Just register and come have a great day of fun. Additionally, there's a very small chance you'll be breaking into servers while seated in a real church, right? RIGHT!

Facebook will be your host and you'll know it. Breakfast, Lunch and Dinner as well as refreshments will be provided to all players and there's a very big chance we'll roll from the event straight into a pre-conference party.

How many more reasons does one need to REGISTER NOW!

Note 1: This event is hosted seperately from BruCON. Being registered for BruCON or BruCON training does not mean auto-enrollment for the CTF.
Note 2 : Similarly, if you're not registered for BruCON or BruCON training, you can still register for this event free of charge.


Jul 17, 2013

Register for BruCON 0x05 and get an OHM2013 ticket for free (limited offer)

UPDATE - OHM2013 Tickets are sold out.

OHM2013. Observe, Hack, Make. A five day outdoor international camping festival for hackers and makers, and those with an inquisitive mind (31-July to 4-Aug in at the Geestmerambacht festival grounds, 30km north of Amsterdam).

The target audience includes free-thinkers, philosophers, activists, geeks, scientists, artists, creative minds and a whole bunch of people interested in lots of interesting stuff.

Exactly the kind of people we enjoy coming to BruCON, therefor we are proud to be a Silver Sponsor of OHM2013!

If you buy your BruCON ticket online before 24-July, we give away 5 OHM2013 tickets for the first 5 people who register on https://registration.brucon.org . Do not forget to check the option "I would love to get a free ticket for OHM2013 (limited to 5 tickets)"

Looking forward to see you at OHM2013 and BruCON!

Kind regards

BruCON team


Jun 18, 2013

Help spread the word about BruCON training, support a great cause, and win a spot at the BruCON speakers' dinner!

It's so easy! Just print out this poster, hang it in a visible spot at your workplace, and send us a halfway-decent photo as documentary evidence to training@brucon.org. We'll randomly select five winners from qualifying submissions.


First prize will be a pass to the speakers' dinner and an exclusive 0x05 limited-edition commemorative t-shirt.


Four runners-up will receive an exclusive 0x05 limited-edition commemorative t-shirt.


Winners will be announced during BruCON 0x05.

May 28, 2013

BruCON training in the spotlight !

The training line-up for BruCON 0x05 has been finalized.
For the quick low-down you can go here :  http://2013.brucon.org/index.php/Training
or continue reading on ...

In past years some trainers have told us that the two-day format is a bit
constraining so this year we're featuring a couple of extended
three-day courses:

  • Russ Gideon's class on Offensive Techniques 
  • Justin Searle's class on pentesting Smart Grid and SCADA with SamuraiSTFU. 
Filling out the line-up we're excited to have several
excellent two-day classes too:

  • Didier Stevens on Hacking PDF, 
  • Zach Lanier on Mobile Penetration Testing
  • Sumit Siddharth on The Art of Exploiting Injection Flaws
  • Michael Sikorski and Willi Ballenthin on Practical Malware Analysis. 


BruCON strives to offer a training program that is simultaneously
cutting-edge, local, and affordable. Last year's training attendance
broke the preceding years' records and we'd like to extend that
trendline. Whether you're a professional CPE-hunter or just
naturally-curious we feel there's something for everyone in this
year's line-up.

We've decided to extend the early-bird registration period through 15
June. So, if you were hesitant to ask your boss, you have a bit of a
reprieve. But now is *definitely* the time! After 15 June the prices
will go up by EUR 100.

Beyond just the early-bird discount, if you persuade (two or more)
colleagues to attend BruCON training with you (doesn't have to be the
same class) we'll comp you a conference ticket *and* make sure you get
one of our exclusive, limited-edition 0x05 commemorative t-shirts! So
point your browser to http://2013.brucon.org/index.php/Training and
register while there are still spaces available!

May 27, 2013

The Rookie Track : coming to BruCON


BruCON are pleased to announce that this year they’ll be running a
Rookie Track to help assist new speakers give their first security talk
at this year’s conference.

The "Rookie Track" concept was born at BSides London this year and it
brought interesting concept by new speakers to the audience. It created a
venue where new speakers could step on the stage and present. We thought
it was awesome and we think the concept would be great fit for BruCON.

The Rookie Track format will be a 15 minute talk of a Rookie’s choosing,
on any subject they would like to talk about.  Spaces are limited so get
in touch with us now and have a chat with us.

The idea is a simple one, we pair a Rookie with a Mentor.  Our mentors
have had the experience of giving conference talks before and will be
there to help you bounce ideas of, give their opinion of your slides,
and most importantly be there on the day to give you a little moral
support.  The one thing they won’t do is write your talk for you.  This
is a fantastic opportunity to talk about something your interested in,
share your thoughts, and get your first conference talk under your belt.

For more information drop an email to finux@finux.co.uk

Currently we’re looking for Mentors too!

If you have given a number of talks before in the past and think you
could help someone who has never spoken before some advice, support, and
encouragement then drop us a line and let us know.  Your assistance is
greatly appreciated.

Announcing the BruCON 2013 Schedule

You can't hide your secrets forever and as we grow excited about the BruCON 2013 content, we can share with pride the current selection for our 5th annual conference. 

Once again we offer you a mix of technical and less technical information security topics covered by speakers that live and breathe information security every day. 

We and the volunteer team are working hard to make this event a worthwhile celebration of our 5th anniversary and have therefor extended the early bird conditions to June 15th. 

Keynotes
Justine Aitel - (TBD)
Dan Guido - (TBD)

Speakers
Aloria - .NET: The Framework, the Myth, the Legend
Tiago Balgan Henriques - Realtime analysis and visualization of internet status : from malware to compromised machines.
Robert Graham - Data-plane networking
Jake Valletta - CobraDroid
David Perez/Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found.
Russ Gideon - Paint by Numbers vs. Monet
Arron Finnon - NIDS/NIPS : What is the OSNIF project?
Erin Jacobs - Taking the BDSM out of PCI-DSS through open-source solutions
Gene Kim, Alex Hutton, David Mortman, Kris Buytaert, Patrick Debois - A panel on DevOPS and Security
Stephane Chenette - Firedrill : offensive defense to better protect your network.
Vaagu Toukharian - HTTP Time Bandit

Workshops
Ioannis Koniaris - Analyzing Internet Attacks with Honeypots
Christopher Lytle - Crypto by example - A hands-on cryptography workshop
Carlos G. Prado - Automating RE with Python
Sandor Pereiro de Melo - Kudo : Post Mortem Forensic Analysis with FLOSS tools 2.0
Willi Ballenthin/Michael Sikorski - Winter Cluster: Builiding a malware 'agglomerator'
Didier Stevens - Advanced Excel Hacking

(more workshops to be confirmed !!)

Apr 18, 2013

Small conference, real impact

At BruCON we're pretty idealistic. We truly believe that, as a community we can achieve great things. For many of our speakers, workshop organizers and trainers, BruCON was the first venue they presented/trained at.

Last year, Mathy Vanhoef was one of those 'new kids on the block' as he presented his research on new flaws in WPA-TKIP. We were aware of Mathy and his technical chops for a while so we were excited when he submitted to BruCON. More so when he got selected to speak at our event.

Today we were informed that Mathy has worked further on the research he performed for his presentation and together with Frank Piessens he wrote an paper on the subject. This paper, called 'Practical Verification of WPA-TKIP vulnerabilities', which has now been officially been accepted as an academic research paper.

All credit for this obviously goes to Mathy and Frank for their research and their commitment, but as an organisation that is focused on stimulating the community, research and cooperation this is a sign that we're moving in the right direction. We couldn't be happier with this news.

Let's all congratulate Mathy (@vanhoefm on twitter ;-)) and Frank but more importantly, let's do more of this!

Apr 12, 2013

Registration is open!

this post could alternatively be titled "how you can't keep a cat in a bag in front of a bunch of hackers"

* no cats were harmed during the opening of the BruCON registrations

We know it has taken a while but as we ran some tests this morning to validate our registration and payment systems, it didn't take long for people to find out that registration had opened and we received a live test by what we can probably best describe as "our fans" =)

As of yesterday you can start registering right here:



If you want to come out and celebrate our 5th anniversary with us, our speakers and trainers and - most obviously - our fantastic audience, don't waste time. We are looking forward to be your hosts!




Mar 1, 2013

BruCON CONstruct

FOR IMMEDIATE RELEASE

Traditionally BruCON has been an held in a 4-day format, 2 days of trainings (which will be announced soon) and 2 days of conference (talks, workshops).  However, as FX and the PH Neutral crew aptly describe here, we too have observed a demand for a conference format that moves away from the traditional one-to-many format to a many-to-many format that allows for the exchange of knowledge and accelerated output of prototypes and solutions.

This year BruCON will host its first CONstruct day on September 25th. The event will loosely adopt to the PXE RFC linked to above and will invite 50 individuals that submit a topic of research, keeping in mind the following items of interest (from the PXE RFC) :

  • Code and tools that facilitate computer security research and hacking, both offensive and defensive in nature
  • Concepts, algorithms, procedures that aid research
  • Reports on research experiences, preferably including a time line of steps and their success or lack thereof
  • Of special interest are reports on FAILED RESEARCH, meaning that the intended goal was not reached
Every individual shall come prepared to explain their topic in a 10 minute presentation, work together with other participants and present results at the end of the event.
CONstruct will take place on September 25th, will be hosted by BruCON and the location will be disclosed to the selected participants. Purchase of a BruCON ticket is not required and the event is free for the invited participants.
You are urged to submit your topic of research by email to construct@brucon.org.
Credit for the PXE format goes to FX and the PH-Neutral crew. Kudos for pushing the envelope for more than a decade.

Feb 26, 2013

the 5by5 race is on

At BruCON 2012 we announced that we launched our 5by5 project where we were looking forward to see submissions coming in from individuals or groups that we could support to drive or speed up development.  With a budget of €25000 we coud support 5 projects with up to €5000 and here we are today, ready to support the following projects:

1. OWASP OWTF (Abraham Aranguren)

More details on the Offensive Web Testing Framework can be found here : https://www.owasp.org/index.php/OWASP_OWTF

2. The Cloudbug Project (Carlos Garcia Prado)


The Windows OS integrates a mechanism to report technical information when a program crashes. This information is pretty useless to a normal user and the crash is going to happen anyway so why don’t do something useful with it?

By installing a small, nonintrusive program (it will only kick in if another program crashes) the users will be reporting anonymous information about the state of the application at the time of the crash. This information is invaluable to security researchers in order to find software flaws that could indicate critical security issues.

Data mining and reverse engineering will be performed on the submissions pool. The vulnerabilities found will be reported to the corresponding vendors for fixing. 


3. A tool a month (Robin Wood)


Over the last few years I've created and publicly released over 30 free open source tools. Almost all of these have been done in my spare time without any kind of monetary backing. I'm happy doing this as I enjoy creating new tools but doing it this way means that paid work comes first and so good ideas often get delayed or forgotten about.

If I were selected for the project I would use the money to take time off client paid work and build a selection of tools for the community. BruCON is at the end of September which gives about 10 months from selection date to conference so I propose to write/publish a tool a month each month leading up to the event. The tools would not be huge Metasploit sized projects, more along the lines of CeWL [1] or Pipal [2].

I have a bunch of ideas but would like to see what the community needs so I think I'd like to have 5 tools that I've thought up then open the other 5 up to community submissions. I'm sure there are plenty of people out there who would like to automate a task or have an idea they don't have the skills to program themselves.


4. Eccentric Authentication (Guido Witmond)

Eccentric Authentication (Ecca) is a protocol to replace password authentication with client certificates. By doing so we can:
  • make it easier to login and log out of web sites;
  • make it anonymous; you can sign up to site without providing any details that would tie the account to your person;
  • make communication more secure; with certificates, people can send encrypted and signed messages securely without revealing their identities. Ideal for a dating site;
  • make it possible to bootstrap other communication protocols securely.
If applied correcty, Ecca would take us out of the cryptographic bronze age into the silver age. From there we might lift ourselves into the golden age.

Feb 25, 2013

It's official: our keynote speakers

Every year we get loads of suggestions on "this would be an awesome keynote speaker" or "I would really like to see this person present at BruCON". Every year we are on the lookout for remarkable individuals that are defining, influencing and shaping the information security community and industry to present their unique perspective to you, our BruCON audience.

There are always the usual suspects: big names you'll eventually see at one of the bigger venues in the course of a year. Then comes the realization of what a keynote means to somebody. Is it a figurehead that you "rent" to sell your conference? We don't think so and we don't need to...

For us a keynote is one of those persons that you'd gladly start talking to early in the evening over some tasty cocktails, a person that listens and shares knowledge over a good meal and that thinks -just like you- it's too early to leave when the waiter kicks you out of the bar at 3am in the morning.

We believe that for our 5th anniversary we once again lucked out with both of our keynote speakers agreeing to come out to BruCON. The team can not wait to have them and you over for another epic edition of BruCON !!

Without further ado:

Justine Aitel


Justine Aitel has worked in Information Technology and Security for fifteen years, serving private and public sectors in technical, analyst and management roles. Her career started at New Zealand’s Government Communications Security Bureau, where she entered the world of security research and computer/network offense. She was later employed by ISS (now IBM) X-Force as a security researcher and consultant. During that time she relocated to New York City. In 2002 Justine joined Bloomberg L.P as a software security expert, taking on increasing responsibilities over time, leading to head of global risk management. Justine later joined her husband to growing the specialized security firm Immunity Inc, which remains a leader in the security offense space. In 2013 Justine took on the position of Head of Digital Infrastructure and Security at Dow Jones.

Dan Guido

Dan Guido leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in these massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries. Previously, Dan has worked for the Federal Reserve System where he proposed and developed a centralized function for threat intelligence; a team that used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. In addition to his professional work, Dan is a Hacker in Residence at NYU-Poly where he oversees student research and teaches classes in Application Security and Vulnerability Analysis.




Are you as excited as we are? That's what we thought ;-)

Jan 21, 2013

The BruCON CFP (presentations and workshops) is open ...

So as we have now properly closed down 2012, we're looking forward to make 2013 count double.

It is our 5th edition and we've been reinventing the way we've handled our CFP over the past few years. This year will be no different :-) Firstly, we are making our CFP fully anonymous. This means we don't request biographies but only abstracts. We have learned that anonymizing submissions is virtually impossible after they've been received. This year the only thing that will identify you is the email address you use to communicate with us so to convince the CFP panel, the content will need to speak for itself. Another new initiative is the "recommended talk". Here we're intentionally not looking for new content but for content that has been presented before and that you deem interesting for our audience.

We are looking for 2 kinds of submissions for talks :

===================
1. Your own thang

You have been researching something incredibly cool and you believe (like we do) that BruCON is the ideal venue to present your research and share your knowledge. Sounds like a match! We expect you to submit a detailed abstract to cfp -at brucon -dot- org. You do not include a bio.  Nope, we're not interested in what you have previously done and we will not select on who you are or which entity you represent. The selection will purely be on the content of your abstract. You may be contacted if anything is not clear.

2. Something you recommend

You have seen someone present something completely and utterly awesome and you believe this specific talk or workshop will be of value for the BruCON audience.  Please send us an email at cfp -at- brucon -dot- org and provide us the following details :

  • who was the presenter
  • the topic the person presented on
  • the venue the person talked at
  • any public documentation on the talk/workshop
  • possible contact details for the person you recommend
For this category we will apply our own special super-secret algorithm to select talks and obviously we're relying on the willingness of the recommended person to present at BruCON. We admit that this is an unorthodox way to invite CFP responses but we are aware that not all speakers are aware of our event. Counting on the recommendations of the BruCON audience is a natural step to find quality content.

===================
Possibly formats are :

  • 1hr talk
  • 2hr workshop (preferably hands on)
  • 4hr workshop (preferably hands on)



Our speaker treatment hasn't changed since the first year. You're our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accomodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we're talking about so ... submit now!

This CFP closes on March 31st 2013 at midnight CET -- CFP feedback will be sent before April 30th 2013. All talks will be published before May 15th 2013.