Much anticipated (and mostly because we are a bit late, apologies !), we are finally able to bring you the BruCON 0x0B Training program open for registration. Early-bird till the end of the month, so you still have time to catch a ticket at a lower rate.
Also, because the conference is selling out at a very quick pace (Yes, don’t wait !), people who register for a training course will have receive a special code which can be used to buy a conference ticket. You will have up to 10 days after the purchase of the training ticket !
Without further ado, the line-up!:
- Corelan Advanced – Peter Van Eeckhoutte (3-days) – The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 ‘long’ day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 exploit development.
- Advanced Windows Tradecraft – Nikhil Mittal (3-days) – Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.
- Malicious Documents for Red Teams – Didier Stevens (3-days) – Malicious Office documents have been on the radar for several years now. Together with malicious PDF documents. But do you know how to create and tailor them efficiently to achieve successful read team engagements? This training will first teach you how to analyse MS Office files (both “old” OLE and “new” XML formats) and PDF files, to better understand how to create them and evade detection. PDF files that execute code via exploits. MS Office documents that execute code via macros or exploits. Didier Stevens will teach you how to use his Python tools to analyse MS Office documents and PDF documents. Then we will move on to the creation of malicious documents.
- A Practical Approach to Malware Analysis and Memory Forensics – Monnappa K A (3-days) – This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics. This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics.
- Practical IoT hacking – Aseem Jakhar and Arun Magesh (3-days) – “Practical Internet of Things (IoT) Hacking” is a unique course which offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit or fix vulnerabilities in IoT, not just on emulators but on real smart devices as well. The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. It also covers hardware attack vectors and approaches to identify respective vulnerabilities . In addition to the protocols and hardware it also focuses on reverse engineering mobile apps and native code to find weaknesses.
- Assessing and Exploiting Control Systems & IioT – Justin Searle (3-days) – This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $300 kit including your own PLC and a set of RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.
- Detection of In & Out – Network Exfiltration and Post-Exploitation Techniques – BLUE EDITION – Leszek Miś (3-days) – The main goal of the training is to achieve better detection of post-exploitation activities and more effective incident handling, thus allowing to reduce the number of false positives in the SOC environment. Individual detection lab cases will be launched and analyzed together in details by finding new and using existing DFIR artifacts. A modular lab-oriented form of the training allows for a later use and combination within your own SOC infrastructure, expanding and delivering complex tactics, techniques and procedures (TTP). Individual artifacts of “RED” actions will be linked, properly characterized, tagged and grouped taking into account the level of criticality, mapping to the MITRE ATT&CK Framework and chain-linking events/pieces of evidence that make up a given security incident.
- Live Forensic Training – Dominique Pauwels and Cédric Remande (3-days) – The live forensic training will teach how to acquire and analyse data of a running machine (Windows, Linux and macOS) that would be lost upon shutdown. The training mainly focuses on memory (RAM), but also considers other data sources that have to be safeguarded carefully, such as active browser sessions and temporarily unlocked encryption. The training will teach you how to find evidence of malicious user activity as well as advanced malware in memory. The theory of the training will be put into practise by analysing memory images of a Windows, Linux and Mac computer that were involved in a scenario that was specifically created for this training. The scenario involves a hacking, criminal user activity, anti-forensic techniques and more. By analysing the artefacts and correlating the findings, you will unravel the complete story. All detailed course material (theory and step-by-step exercise solutions) will be yours to keep after the training. This will serve as excellent reference material during your investigations.
- Hacking and Securing Cloud Infrastructure – Anthony Webb (2-days) – Brand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.
- Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan (2-days) –
HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters. Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.
- Offensive Whiteboard Hacking for Penetration Testers – Sebastien Deleersnyder and Steven Wierckx (2-days) – With this training we will teach you how to use threat modeling as an offensive weapon. Traditional threat modeling looks at the attacker, the asset and the system. With offensive threat modeling we look at the defender to understand his tactics and expose weaknesses. You will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of offensive threat modeling on applications, IOT devices and a nuclear facility.
The training location will be Novotel Ghent Centrum and NH Gent Belfort. Location and accommodation information here
All training details and registration links can be found on the BruCON training pages (link)
your BruCON team.
PS : As of this year, 2-day courses will start on Tuesday (instead of Monday).