BruCON 2020 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Spring Training

Due to the impact of the Corona virus, we have decided to move BruCON 0x0C Spring training to the 29th, 30th of June and the 1st of July. More information can be found here. Also check out our FAQ on the bottom of this page

Description: The Corelan  Exploit Dev Bootcamp for Windows 10 is a truly unique opportunity to learn both basic & advanced techniques from an experienced exploit developer, at a conference. During this (typically 3 ‘long’ day) course, students will be able to learn all ins and outs about writing reliable exploits for the Windows platform.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. REMARK : We will be running the advanced training again in October

Instructor: Peter Van Eeckhoutte

Duration: 3-day course

Read More

Description: Hacking Enterprises from in.security is an immersive hands-on course aimed at a technical audience. The training covers a multitude of security topics, is based around modern operating systems and using modern techniques, with an emphasis on exploiting configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test. All students will receive a free Hak5 LAN Turtle, a copy of the RTFM, access to our Slack channel and 14 days extended lab access along with a CTF containing subnets/hosts not seen during training!

Instructor: Will Hunt / Owen Shearing

Duration: 3-day course

Read More

Description: This 3-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G- Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Instructor: Scott Isaac

Duration: 3-day course

Read More

Description: Ever wondered how to handle the deluge of security issues and reduce the cost of fixing before software goes to production? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale?  In Practical DevSecOps training, you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code, etc.,

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learned as part of the course. We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools that fit your organization’s needs and culture.

Instructor: Mohammed A. Imran

Duration: 3-day course

Read More

Description: Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.
This training is aimed towards attacking modern AD Environment using built-in tools like PowerShell and other trusted OS resources. The training is based on real world penetration tests and Red Team engagements for highly secured environments.

Instructor: Nikhil Mittal

Duration: 3-day course

Read More

Description: Reconnaissance the very first phase of any Risk Assessment Exercise, is often underestimated by many security professionals. Every security analyst’s arsenal should include Open Source Intelligence and active reconnaissance for an effective assessment and to measure the security posture against real world adversaries. This training not only talks about extracting data but also focuses on the significance of this data and how it could be directly enriched and used offensively for attacking and compromising Modern Day Infrastructures. The training program covers a wide range of tools, techniques and methodologies for performing real-world reconnaissance in order to launch targeted attacks against modern organizations and infrastructures.

Instructor: Sudhanshu Chauhan and Shubham Mittal (RedHunt Labs)

Duration: 2-day course (Starting on Thursday 23rd of April)

Read More

Description: Kubernetes and containers are a very hot topic nowadays and are very easy to use. On the other hand, the underlying components that make up Kubernetes is a very complex system that few people really understand. To make things more complex, in a world where automation, registries, CI/CD and vaults rules … how to implement and automate security? Interested in learning about K8S and the pitfalls?

Instructor: Philippe Bogaerts

Duration: 3-day course

Read More

Conference Training

Conference training is taking place between 28 and 30 September 2020 and takes place in both the Hotel Novotel Gent Centrum and NH Gent Belfort.

REMARK : As of BruCON0x0B (2019), the two-day courses will start on Tuesday (instead of Monday) so you will not loose a day between training and conference.

Additional info

Pricing

The price for 2-day courses is 1300 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1600 Euro early bird (+ VAT) per attendee.

Spring training – As of the 1st of February 2020 this will become 1400 Euro (2-day) / 1700 Euro (3-day) (+ VAT) per attendee.

(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

Location and dates

Courses are held at the Hotel Novotel Gent Centrum, Goudenleeuwplein 5 (Conference and Spring Training) and NH Gent Belfort, Hoogpoort 63, B-9000 Ghent. (Conference training) (Both hotels are within walking distance of each other (<1 minute).

The courses begin promptly at 09h00 and end at 17h00 (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee. During the registration you can specify a regular, vegetarian or vegan meal. We will do our best to accommodate according to your requirements.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more) and you will receive a small gift

Frequently Asked Question regarding the impact of the Coronavirus on BruCON Spring Training

What does this mean for students already registered ?

All your tickets are automatically transferred to our session in June. If you cannot attend at that time, you can request a refund via training@brucon.org. You can still wait and see how the situation evolves from your side as you have plenty of time to decide.

In case my course is held virtually, will I have to pay the same ?

In case we have to decide to host it virtually (or a combination of both), we will make sure the people who attend virtually get something extra special. This could be in the form of a small refund (or full refund if you no longer want to attend), an extra gift, discount on future BruCON courses or something else. You will be able to decide.

Will you take extra measures in case Spring training is held in-person ?

Of course, while we do not know what the instructions from the government will be in June, we will make sure that we follow them exactly and do not take any risk for our students, trainers and staff.