BruCON 0x0C (Virtual) Training open for registration

After the success of our first ever virtual training track, we are excited to bring you the BruCON 0x0C training program. Next to Corelan Advanced (hosted in-person in Ghent), we bring you a fine selection of 5 virtual courses, being held between September 28 and 30.

All students will receive a special student gift package, including a BruCON Mouthmask and a bottle of our special BruCON Z3R0D4Y beer shipped to your place (worldwide shipping!). Early-bird pricing till the end of the month !

Without further ado, the line-up!:

  • (In-person) Corelan Advanced – Peter Van Eeckhoutte (3-days) –The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 ‘long’ day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 exploit development.


  • (Virtual) Advanced Windows Tradecraft – Nikhil Mittal (3-days) – Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you. This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.


  • (Virtual) In & Out – Detection as Code vs Adversary Simulations – Purple Edition – Leszek Miś (3-days) – The primary goal of this training is to generate offensive attack events/symptoms within PurpleLABS infrastructure that later should be detected by Open Source SOC stack including Sigma – the open standard event description rule set and the rest of dedicated, open-source security solutions in use. In this way, participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules and eventually bypassing them. We called this approach ‘Flip mode’, i.e. learn detection through the attack in an attractive, standardized form driven by the Open Source community. In addition, participants will use a whole range of open-source (and free commercial) solutions dedicated to SOC environments.  This training is based on PurpleLABS – a dedicated virtual infrastructure for conducting detection and analysis of attackers’ behaviour in terms of used techniques, tactics, procedures, and offensive tools. The environment has been set up to serve the constant improvement of competences in the field of threat hunting (threat hunting) and learning about current trends of offensive actions (red-teaming) vs detection phases (blue-teaming).


  • (Virtual) Assessing and Exploiting Control Systems and IIoT – Tyler Robinson and Pablo Endres (3-days) – This is not your traditional SCADA/ICS/IIoT security course! How many courses send you a $300 kit before the course start (international shipping !) including your own PLC and a set of RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT. This course is structured around the formal penetration testing methodology created by UtiliSec for the United States Department of Energy. Using this methodology and Control Things Pentest Platform (previously SamuraiSTFU), an open source Linux distribution for pentesting energy sector systems and other critical infrastructure, we will perform hands-on penetration testing tasks on user interfaces (on master servers and field device maintenance interfaces), control system protocols (modbus, DNP3, IEC 60870-5-104), and proprietary RF communications (433MHz, 869MHz, 915MHz). We will tie these techniques and exercises back to control system devices that can be tested using these techniques. The course exercises will be performed on a mixture of real world and simulated devices to give students the most realistic experience as possible in a portable classroom setting


  • (Virtual) Advanced Infrastructure Hacking – Fast Track – Anthony Webb (3-days) – Our Advanced Infrastructure Hacking course is designed for those who wish to push their knowledge. Whether you are Pen Testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course teaches the audience a wealth of advanced Pen Testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments. From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.

Attendees will be able to :

    • Enumerate, investigate, target and exploit weaknesses in an organisation’s network devices, online presence, and people.
    • Understand complex vulnerabilities and chained exploitation processes in order to gain access and perform restriction bypasses, privilege escalation, data exfiltration and gain long term persistence in: Web facing services, databases, Windows, Active Directory, *nix, container-based, VPN, VLAN, VoIP and Cloud environments.
    • Use compromised devices to pivot onto other private networks and/or access services protected by whitelisting or only accessible via the loopback interface.


  • (Virtual) Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan – (2-days – starting Tuesday) – HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters. Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

Watch 3 exclusive videos (~1 hour) and feel the taste of this live online training.

After completing this live online training, you will have learned about…

    • REST API hacking
    • AngularJS-based application hacking
    • DOM-based exploitation
    • bypassing Content Security Policy
    • server-side request forgery
    • browser-dependent exploitation
    • DB truncation attack
    • NoSQL injection
    • type confusion vulnerability
    • exploiting race conditions
    • path-relative stylesheet import vulnerability
    • reflected file download vulnerability
    • subdomain takeover
    • and more…

All training details and registration links can be found on the BruCON training pages (link)

your BruCON team.