BruCON 2019 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Conference Training

Conference training is taking place between 7 and 9 October 2019 and takes place in both the Hotel Novotel Gent Centrum and NH Gent Belfort. For our 11th edition, we are bringing you 11 courses to choice from ! We are looking forward to seeing you again at BruCON Training!

Unfortunately, all conference tickets are now sold out, so even when buying a training ticket, you will not be able to buy a conference ticket!

REMARK : As of this year, the two-day courses will start on Tuesday (instead of Monday) so you will not loose a day between training and conference.

Description: The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 ‘long’ day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.This is most certainly not an entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 exploit development.

REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)

Instructor: Peter Van Eeckhoutte

Duration: 3-day course

Read More

Description: Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need advanced Tradecraft. Such Tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.

Instructor: Nikhil Mittal

Duration: 3-day course

Read More

Description: Malicious Office documents have been on the radar for several years now. Together with malicious PDF documents. But do you know how to create and tailor them efficiently to achieve successful read team engagements? This training will first teach you how to analyse MS Office files (both “old” OLE and “new” XML formats) and PDF files, to better understand how to create them and evade detection. PDF files that execute code via exploits. MS Office documents that execute code via macros or exploits. Didier Stevens will teach you how to use his Python tools to analyse MS Office documents and PDF documents. Then we will move on to the creation of malicious documents.

Instructor: Didier Stevens

Duration: 3-day course

Read More

Description:  This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malware by combining two powerful techniques malware analysis and memory forensics. This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics.

Instructor: Monnappa K A

Duration: 3-day course

Read More

Description: “The great power of Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.

“Practical Internet of Things (IoT) Hacking” is a unique course which offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit or fix vulnerabilities in IoT, not just on emulators but on real  smart devices as well.

The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation etc. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. It also covers hardware attack vectors and approaches to identify respective vulnerabilities . In addition to the protocols and hardware it also focuses on reverse engineering mobile apps and native code to find weaknesses.

Instructor: Aseem Jakhar and Arun Magesh

Duration: 3-day course

Read More

Description: This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $300 kit including your own PLC and a set of RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.

Instructor: Justin Searle

Duration: 3-day course

Read More

Description: Unfortunately, this training has been cancelled due to low participant numbers The main goal of this training is to achieve better detection of post-exploitation activities and more effective incident handling, thus allowing to reduce the number of false positives in the SOC environment. Individual detection lab cases will be launched and analyzed together in details by finding new and using existing DFIR artifacts. A modular lab-oriented form of the training allows for a later use and combination within your own SOC infrastructure, expanding and delivering complex tactics, techniques and procedures (TTP). Individual artifacts of “RED” actions will be linked, properly characterized, tagged and grouped taking into account the level of criticality, mapping to the MITRE ATT&CK Framework and chain-linking events/pieces of evidence that make up a given security incident.

Instructor: Leszek Miś

Duration: 3-day course

Read More

Description: Unfortunately, this training has been cancelled due to low participant numbers. The live forensic training will teach how to acquire and analyse data of a running machine (Windows, Linux and macOS) that would be lost upon shutdown. The training mainly focuses on memory (RAM), but also considers other data sources that have to be safeguarded carefully, such as active browser sessions and temporarily unlocked encryption. The training will teach you how to find evidence of malicious user activity as well as advanced malware in memory. The theory of the training will be put into practise by analysing memory images of a Windows, Linux and Mac computer that were involved in a scenario that was specifically created for this training. The scenario involves a hacking, criminal user activity, anti-forensic techniques and more. By analysing the artefacts and correlating the findings, you will unravel the complete story. All detailed course material (theory and step-by-step exercise solutions) will be yours to keep after the training. This will serve as excellent reference material during your investigations.

Instructor: Dominique Pauwels and Cédric Remande

Duration: 3-day course

Read More

Description: Brand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

Instructor: Anthony Webb

Duration: 2-day course

Read More

Description: With this training we will teach you how to use threat modeling as an offensive weapon. Traditional threat modeling looks at the attacker, the asset and the system. With offensive threat modeling we look at the defender to understand his tactics and expose weaknesses. You will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of offensive threat modeling on applications, IOT devices and a nuclear facility.

Instructor: Steven Wierckx

Duration: 2-day course

Read More

Description: HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full-stack exploitation master.

Instructor: Dawid Czagan

Duration: 2-day course

Read More

Additional info

Pricing

The price for 2-day courses is 1300 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1600 Euro early bird (+ VAT) per attendee.

As of the 1st of July 2019 this will become 1400 Euro (2-day) / 1700 Euro (3-day) (+ VAT) per attendee.
(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

(**) The Assessing and Exploiting Control Systems & IIoT training by Justin Searle is bit more expensive but comes with a full kit including your own PLC and RF hacking

Location and dates

Courses are held at the Hotel Novotel Gent Centrum, Goudenleeuwplein 5 (Conference and Spring Training) and NH Gent Belfort, Hoogpoort 63, B-9000 Ghent. (Conference training) (Both hotels are within walking distance of each other (<1 minute).

The courses begin promptly at 09h00 and end at 17h00 (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee. During the registration you can specify a regular, vegetarian or vegan meal. We will do our best to accommodate according to your requirements.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more) and you will receive a small gift

How to register a conference ticket after purchasing a training ticket ?

After you have purchased a training ticket, you will receive a confirmation email from EventBrite. In this email, towards the bottom there will be an “Additional Information” section that looks as follows

With this code, you can go to the conference registration page (https://brucon-0x0b.eventbrite.co.uk), click on Tickets and click on the link on the top right “Enter Promotional Code“. Once you have entered the code you have found in your confirmation email, you will be able to purchase a conference ticket.

Remark : This code is only valid for 10 days after completing your course registration ! Registrations that were not completed on time, will be removed.

Spring Training

BruCON #0X0B Spring Training is over. Thank you to everybody who attended this great edition!