May 28, 2013

BruCON training in the spotlight !

The training line-up for BruCON 0x05 has been finalized.
For the quick low-down you can go here :
or continue reading on ...

In past years some trainers have told us that the two-day format is a bit
constraining so this year we're featuring a couple of extended
three-day courses:

  • Russ Gideon's class on Offensive Techniques 
  • Justin Searle's class on pentesting Smart Grid and SCADA with SamuraiSTFU. 
Filling out the line-up we're excited to have several
excellent two-day classes too:

  • Didier Stevens on Hacking PDF, 
  • Zach Lanier on Mobile Penetration Testing
  • Sumit Siddharth on The Art of Exploiting Injection Flaws
  • Michael Sikorski and Willi Ballenthin on Practical Malware Analysis. 

BruCON strives to offer a training program that is simultaneously
cutting-edge, local, and affordable. Last year's training attendance
broke the preceding years' records and we'd like to extend that
trendline. Whether you're a professional CPE-hunter or just
naturally-curious we feel there's something for everyone in this
year's line-up.

We've decided to extend the early-bird registration period through 15
June. So, if you were hesitant to ask your boss, you have a bit of a
reprieve. But now is *definitely* the time! After 15 June the prices
will go up by EUR 100.

Beyond just the early-bird discount, if you persuade (two or more)
colleagues to attend BruCON training with you (doesn't have to be the
same class) we'll comp you a conference ticket *and* make sure you get
one of our exclusive, limited-edition 0x05 commemorative t-shirts! So
point your browser to and
register while there are still spaces available!

May 27, 2013

The Rookie Track : coming to BruCON

BruCON are pleased to announce that this year they’ll be running a
Rookie Track to help assist new speakers give their first security talk
at this year’s conference.

The "Rookie Track" concept was born at BSides London this year and it
brought interesting concept by new speakers to the audience. It created a
venue where new speakers could step on the stage and present. We thought
it was awesome and we think the concept would be great fit for BruCON.

The Rookie Track format will be a 15 minute talk of a Rookie’s choosing,
on any subject they would like to talk about.  Spaces are limited so get
in touch with us now and have a chat with us.

The idea is a simple one, we pair a Rookie with a Mentor.  Our mentors
have had the experience of giving conference talks before and will be
there to help you bounce ideas of, give their opinion of your slides,
and most importantly be there on the day to give you a little moral
support.  The one thing they won’t do is write your talk for you.  This
is a fantastic opportunity to talk about something your interested in,
share your thoughts, and get your first conference talk under your belt.

For more information drop an email to

Currently we’re looking for Mentors too!

If you have given a number of talks before in the past and think you
could help someone who has never spoken before some advice, support, and
encouragement then drop us a line and let us know.  Your assistance is
greatly appreciated.

Announcing the BruCON 2013 Schedule

You can't hide your secrets forever and as we grow excited about the BruCON 2013 content, we can share with pride the current selection for our 5th annual conference. 

Once again we offer you a mix of technical and less technical information security topics covered by speakers that live and breathe information security every day. 

We and the volunteer team are working hard to make this event a worthwhile celebration of our 5th anniversary and have therefor extended the early bird conditions to June 15th. 

Justine Aitel - (TBD)
Dan Guido - (TBD)

Aloria - .NET: The Framework, the Myth, the Legend
Tiago Balgan Henriques - Realtime analysis and visualization of internet status : from malware to compromised machines.
Robert Graham - Data-plane networking
Jake Valletta - CobraDroid
David Perez/Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found.
Russ Gideon - Paint by Numbers vs. Monet
Arron Finnon - NIDS/NIPS : What is the OSNIF project?
Erin Jacobs - Taking the BDSM out of PCI-DSS through open-source solutions
Gene Kim, Alex Hutton, David Mortman, Kris Buytaert, Patrick Debois - A panel on DevOPS and Security
Stephane Chenette - Firedrill : offensive defense to better protect your network.
Vaagu Toukharian - HTTP Time Bandit

Ioannis Koniaris - Analyzing Internet Attacks with Honeypots
Christopher Lytle - Crypto by example - A hands-on cryptography workshop
Carlos G. Prado - Automating RE with Python
Sandor Pereiro de Melo - Kudo : Post Mortem Forensic Analysis with FLOSS tools 2.0
Willi Ballenthin/Michael Sikorski - Winter Cluster: Builiding a malware 'agglomerator'
Didier Stevens - Advanced Excel Hacking

(more workshops to be confirmed !!)