BruCON 2020 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Conference Training

Conference training is taking place between 28 and 30 September 2020 and will be virtual with the exception of Corelan Advanced. This one takes place in Ghent (either the Hotel Novotel Gent Centrum and NH Gent Belfort.)

REMARK : As of BruCON0x0B (2019), the two-day courses will start on Tuesday (instead of Monday) so you will not loose a day between training and conference.

Description: The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 ‘long’ day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.This is most certainly not an entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 exploit development.

REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)

Instructor: Peter Van Eeckhoutte

Duration: 3-day course

Read More

Description: Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.

This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.

Some of the topics covered in the class:

  • Offensive C#, PowerShell, Jscript/VBScript
  • Bypassing Application Whitelisting
  • Bypassing host countermeasure
  • Evading process tree based detection
  • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
  • In-memory assembly and shellcode execution
  • Offensive WMI COM hijacking
  • Advanced Client Side Attacks on restricted and secure environments
  • Local and domain privilege escalation

Attendees will get free one month access to a lab configured like an enterprise environment during and after the training.

Instructor: Nikhil Mittal

Duration: 3-day

Read More

Description: The primary goal of this training is to generate offensive attack events/symptoms within PurpleLABS infrastructure that later should be detected by Open Source SOC stack including Sigma – the open standard event description rule set and the rest of dedicated, open-source security solutions in use.

In this way, participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules and eventually bypassing them. We called this approach ‘Flip mode’, i.e. learn detection through the attack in an attractive, standardized form driven by the Open Source community. In addition, participants will use a whole range of open-source (and free commercial) solutions dedicated to SOC environments.

This training is based on PurpleLABS – a dedicated virtual infrastructure for conducting detection and analysis of attackers’ behaviour in terms of used techniques, tactics, procedures, and offensive tools. The environment has been set up to serve the constant improvement of competences in the field of threat hunting (threat hunting) and learning about current trends of offensive actions (red-teaming) vs detection phases (blue-teaming).

PurpleLABS provides analytical interfaces for all relevant data sources from individual systems and network services available in the virtual infrastructure (sysmon, windows events, fw, bro, suricata, fpc, osquery, auth, powershell, waf, proxy, audit, and more).

Saying that you will get a chance for doing *bonus* detection and hunting steps against all the offensive labs we have available during the training. The coolest thing is after the training you will get an additional 14-days of access to PurpleLabs! Just take a look: 

Instructor: Leszek Miś

Duration: 3-day

Read More

Description:This is not your traditional SCADA/ICS/IIoT security course! How many courses send you a $300 kit before the course start (international shipping !) including your own PLC and a set of RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.

Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT. This course is structured around the formal penetration testing methodology created by UtiliSec for the United States Department of Energy. Using this methodology and Control Things Pentest Platform (previously SamuraiSTFU), an open source Linux distribution for pentesting energy sector systems and other critical infrastructure, we will perform hands-on penetration testing tasks on user interfaces (on master servers and field device maintenance interfaces), control system protocols (modbus, DNP3, IEC 60870-5-104), and proprietary RF communications (433MHz, 869MHz, 915MHz). We will tie these techniques and exercises back to control system devices that can be tested using these techniques. The course exercises will be performed on a mixture of real world and simulated devices to give students the most realistic experience as possible in a portable classroom setting

Instructor: Tyler Robinson and Pablo Endres

Duration: 3-day

Read More

Description: Our Advanced Infrastructure Hacking course is designed for those who wish to push their knowledge. Whether you are Pen Testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical.

This course teaches the audience a wealth of advanced Pen Testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments. From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.

Attendees will be able to :

  • Enumerate, investigate, target and exploit weaknesses in an organisation’s network devices, online presence, and people.
  • Understand complex vulnerabilities and chained exploitation processes in order to gain access and perform restriction bypasses, privilege escalation, data exfiltration and gain long term persistence in: Web facing services, databases, Windows, Active Directory, *nix, container-based, VPN, VLAN, VoIP and Cloud environments.
  • Use compromised devices to pivot onto other private networks and/or access services protected by whitelisting or only accessible via the loopback interface.

Instructor: Anthony Webb

Duration: 3-day

Read More

Description: HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

Watch 3 exclusive videos (~1 hour) and feel the taste of this live online training.

After completing this live online training, you will have learned about…

  • REST API hacking
  • AngularJS-based application hacking
  • DOM-based exploitation
  • bypassing Content Security Policy
  • server-side request forgery
  • browser-dependent exploitation
  • DB truncation attack
  • NoSQL injection
  • type confusion vulnerability
  • exploiting race conditions
  • path-relative stylesheet import vulnerability
  • reflected file download vulnerability
  • subdomain takeover
  • and more…

Instructor: Dawid Czagan

Duration: 2-day (Starting Tuesday)

Read More

Additional info


The price for 2-day courses is 1300 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1600 Euro early bird (+ VAT) per attendee.

Spring training – As of the 1st of September 2020 this will become 1400 Euro (2-day) / 1700 Euro (3-day) (+ VAT) per attendee.

(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

(**) The Assessing and Exploiting Control Systems & IIoT is also a bit more expensive but comes with a kit that will be shipped beforehand to all students

Location and dates

With the exception of Corelan Bootcamp / Advanced (hosted at the Hotel Novotel Gent Centrum, Goudenleeuwplein 5 or NH Gent Belfort, Hoogpoort 63, B-9000 Ghent all courses will be held virtually using Zoom

The courses begin promptly at 09h00 and end at 17h00 (CET) (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more) and you will receive a small gift

Frequently Asked Question regarding the impact of the Coronavirus on BruCON Training

Courses will be held virtually, will I have to pay the same ?

We have decided to keep the same price for our courses, but to ensure the students get something in return. For Spring training we shipped a very special trainee gift (more details) to all students. We will do the same for regular training courses as a compensation for the students

What about Corelan, will it be held in-person ?

YES, Corelan will be held in person. Bootcamp will be held on the 2nd, 3rd and 4th of September and Advanced will be held on the 28th, 29th and 30th of September