For the BruCON 0x09 edition, we are bringing you no less than 8(!) courses to choice from ! Early-bird registration till the 30th of June 2017 !
The line-up! :
- Corelan Advanced by Peter Van Eeckhoutte (3-day training) – The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. Only limited seats available so get them while you can.
- Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich (3-day training) – Probably one of the best courses when it comes to exploiting websites and application returns to BruCON once more. Mario of Cure53 will host this 3-day course and will guide you through the latest and greatest in offensive website security for you to adsorb and put to concrete use!
- SensePost OSINT: Stalk like a boss by Daniel Cuthbert and Jonathan Hargreaves (2-day training) – A course which needs no introduction (and yet we bothered to write one). This course, by SensePost COO Daniel Cuthbert and Jonathan Hargreaves teaches you how to harness information online to build up a solid dossier of intel and gives you the confidence, as an investigator, to research individuals, companies, organisations and internet traffic.
- Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) – After the great success last year (+30 students), we are bringing this back to you ! In this course, you’ll learn how to attack Windows network using PowerShell, based on real world Red team assessments. The course runs on a lab network with multiple active directory forests to which attendees will have free access for one month after the raining. The class consists of hands-on, challenges and demonstrations.
- Pentesting the Modern Application Stack by Bharadwaj Machiraju and Francis Alexander (2-day training) – Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.
- Modern Red Team Immersion Bootcamp by Josh Schwartz (aka FuzzyNop) (2-day training) – The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
- Windows Kernel Exploitation by Ashfaq Ansari (3-day training) – This is the most requested training according to our previous students, so we had to bring him back ! The devil is in details, and for Windows, it’s Kernel remains the most devilish part and the most important target from the point of view of exploitation these days. This course of Windows Kernel Exploitation, is unique course by Ashfaq which is fast winning over the world. Ashfaq has delivered this course on all the 3 major continents in short span of a year along with disclosing many CVEs on regular basis.
- Smashing the SSL/TLS protocol with practical crypto attacks by Marco Ortisi (3-day training) – Smashing the SSL/TLS protocol with practical crypto attacks is a 3-days long course dedicated for professionals and students eager to keep pace with latest crypto attacks affecting SSL/TLS services and learn the relative defensive countermeasures. This is a completely hands-on course, because there is no better way to understand crypto theory than put into practice attacks and techniques to defeat crypto algorithms. The course is also one of a kind. The practical part is based on a new framework called cryptosploit (code will be released for free as part of class materials).
All information, details and registration instructions can be found on our training page!
This year, next to the regular Novotel Gent Centrum, we will also host two courses as the nearby (<1 minute walking distance) NH Gent Belfort hotel. The Novotel is still recommended for accommodation and will be used to host the social event for students on Tuesday evening. Check out our website for more information about travel and accommodation
We hope to welcome you soon at BruCON 0x09!
The BruCON Crew