BruCON 2021 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Conference Training

Conference training is taking place between 4 and 6 October 2021. Depending on the evolution of the current pandemic, this will be either virtually or in person.

Description: The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 ‘long’ day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 exploit development.

REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)

Instructor: Peter Van Eeckhoutte

Duration: 3-day

Type: In-person

Read More

Description: Ever wondered how to handle the deluge of security issues and reduce the cost of fixing before software goes to production? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In Practical DevSecOps training, you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code, etc.,

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learned as part of the course. We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools that fit your organization’s needs and culture. After the training, the students will be able to successfully hack and secure applications before hackers do.

This course will cover the following DevSecOps topics and techniques:

  • Overview of DevSecOps
  • Overview of the Tools of the trade
  • Secure SDLC and CI/CD pipeline
  • Security Requirements and Threat Modelling (TM)
  • Static Analysis(SAST) in CI/CD pipeline
  • Dynamic Analysis(DAST) in CI/CD pipeline
  • Runtime Analysis(RASP/IAST) in CI/CD pipeline
  • Infrastructure as Code(IaC) and Its Security
  • Secrets management on mutable and immutable infra
  • Vulnerability Management with custom tools

Instructor: Mohammed A. “secfigo” Imran and Marudhamaran Gunasekaran

Duration: 3-day

Type: In-person

Read More

Description: This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a PLC and non-expiring software to program it?!? This course teaches hands-on penetration testing techniques used to test PLCs, including their logic, field buses, network protocols, and proprietary maintenance interfaces. Skills you will learn in this course will apply directly to any current or past PLC in the industry. This course is structured around the formal penetration testing methodology created by ControlThings LLC and their opensource suite of tools found at ControlThings.io.

Instructor: Justin Searle

Duration: 3-day

Type: In-person

Read More

Description: More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now  use Azure AD as an Identity and Access Management platform using the hybrid cloud model.  This makes it imperative to understand the risks associated with Azure AD as not only the  Windows infrastructure and apps use it but also identities of users across an enterprise are  authenticated using it.

In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications  and infrastructure to Azure AD brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security  challenge. This hands-on training aims towards abusing Azure AD and a number of services offered by it.  We will cover multiple complex attack lifecycles against a lab containing multiple live Azure  tenants.

All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration,  Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also  discuss detecting and monitoring for the techniques we use.

The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses  more on methodology and techniques than tools.

If you are a security professional trying to improve your skills in Azure AD cloud security, Azure  Pentesting or Red teaming the Azure cloud this is the right class for you!

Instructor: Nikhil Mittal

Duration: 3-day

Type: Virtual

Read More

Description: This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics.

Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (crimeware, APT malware, fileless malwares, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span.

Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.

Instructor:Monnappa K A

Duration: 3-day

Type: Virtual

Read More

Description: When used properly, cyber threat intelligence allows an organization to leverage another’s breach or incident to their own benefit. Yet while many cyber threat intelligence courses and guides exist, these are primarily designed for developing long-range, in-depth intelligence products for strategic or similar overview with an overemphasis on theory and little experience in practice. Operational threat intelligence instead supports a different audience: day to day security work and network defense. While cyber threat intelligence must always meet standards for accuracy, relevancy, and timeliness, SOC watch-standers and IR personnel need enriched information now in order to execute their jobs.

This course fills a critical role that other training does not address: how to successfully embed cyber threat intelligence operations into the daily rhythm of security to support everyday tasks, and extraordinary incidents. Toward that end, while this course will briefly touch on theoretical concepts such as analysis of competing hypotheses, kill chain methodology, and other ideas, the real focus will be on what efforts make operational threat intelligence possible and sustainable:

  • Establishing roles, responsibilities, and service agreements in advance.
  • Determining priorities, intelligence requirements, and customer threat landscape.
  • Molding threat intelligence information to security tools to make enriched information useful and actionable.
  • How to analyze internal and external data sources to extract actionable threat intelligence for operational defenders.
  • An extensive walk-through of IOC analysis, pivoting, and information enrichment to demonstrate how to better equip defenders to respond to emerging threats.
  • Discussions on reporting, feedback, and closing the intelligence loop to definitively show how threat intelligence operations link to SOC, IR, and security policy entities.

The course then concludes with the nature of pivoting, data and observable enrichment, and quick analysis reporting to close out instruction.

Attendees will receive a certificate of completion following the course to record for training and CPE purposes.

Instructor: Joe Slowik

Duration: 2-day (Starting Tuesday)

Type: In-person

Read More

Description: New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. From SIEM configuration to monitoring, alerting and threat hunting, you’ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.

You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable). We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord
access for support.

Instructor: Owen Shearing and William Hunt

Duration: 2-day (Starting Tuesday)

Type: In-person

Read More

Description: HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

Watch 3 exclusive videos (~1 hour) and feel the taste of this live online training

After completing this live online training, you will have learned about …

  • REST API hacking
  • AngularJS-based application hacking
  • DOM-based exploitation
  • bypassing Content Security Policy
  • server-side request forgery
  • browser-dependent exploitation
  • DB truncation attack
  • NoSQL injection
  • type confusion vulnerability
  • exploiting race conditions
  • path-relative stylesheet import vulnerability
  • reflected file download vulnerability
  • subdomain takeover
  • XML attacks
  • deserialization attacks
  • HTTP parameter pollution
  • bypassing XSS protection
  • clickjacking attack
  • window.opener tabnabbing attack
  • RCE attacks
  • and more..

Instructor: Dawid Czagan

Duration: 2-day (Starting Tuesday)

Read More

Overview

Course
Duration
Type
Corelan Advanced – Peter Van Eeckhoutte 3-days In-person
Practical DevSecOps – Continious Security in the age of cloud – Mohammed A. “secfigo” Imran and Marudhamaran Gunasekaran 3-days In-person
Assessing and Exploiting PLCs – Justin Searle 3-days In-person
Azure AD Attacks for Red and Blue Teams – Basic Edition – Nikhil Mittal 3-days Virtual
A Complete Practical Approach to Malware Analysis and Memory Forensics – Monnappa K A 3-days Virtual
Operational Threat Intelligence – Joe Slowik 2-days (starting Tuesday) In-person
Defending Enterprises – NEW for 2021! – Owen Shearing and William Hunt 2-days (starting Tuesday) In-person
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan 2-days (starting Tuesday) Virtual

Additional info

Pricing

The price for 2-day courses is 1300 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1600 Euro early bird (+ VAT) per attendee.

As of the 1st of July this will become 1400 Euro (2-day) / 1700 Euro (3-day) (+ VAT) per attendee.

(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

(**) The Assessing and Exploiting PLCs training is a bit more expensive but each student will be provided with your own PLC to take home with you

Location and dates

In-person courses will be hosted at the Hotel Novotel Gent Centrum or NH Hotel Gent. The virtual courses will be handled through Zoom, and a class room will be foresoon in either of the pre-mentioned hotels for people wanting to together. See below for more information

The courses begin promptly at 09h00 and end at 17h00 (CET) (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated (or joined the Zoom conference) and ready to go by 08h45.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more) and you will receive a small gift

Same price for virtual and in-person training ?

At BruCON we try to keep training affordable whilst making it profitable for our trainers. We will have a hybrid situation, whereby we will have on-site and virtual courses and whereby you can opt to attend the latter in a classroom with fellow students. To allow for most flexibility, we decided to have the same price for both in-person and virtual courses and people who do not attend a virtual course in-person will be shipped a complementary gift from BruCON.

When I buy a training ticket, can I still buy a conference ticket ?

YES, when you purchase a training ticket, you will receive a code (after completing the registration) that allows you to purchase a conference ticket as well.

BruCON 0x0D Training – A combination of virtual and regular courses / COVID-19

Whilst we aimed this year to host the training courses in-person, we also already know by this time that some trainers will be travelling from areas or countries that are still suffering hard from this pandemic and/or the outlook on the vaccination is not clear yet. For this reason, we decided to offer both type of courses at BruCON0x0D, both in-person (regular) and virtually.

Each course will be given either virtually or in-person, however students that register for a virtual courses can opt to attend their course in a class room that we will prepare at the regular training location (Novotel Ghent Centrum or NH Ghent Belfort). This way, you can still socialize (and have a beer together) with your fellow students or you can book your travel for the entire week if you also plan to attend the conference. You can specify your preference during registration.

As we do not know the regulations yet that will apply for indoor gatherings, if you plan to attend an in-person training or a virtual training in one of the provided classrooms, please take into account the following rules :

  • You could be asked to show proof of vaccination and/or a recent negative COVID-19 test (perhaps we will organize quick tests at the entrance). At the European level, the EU is working on a digital certificate (COVID-19: Digital green certificates | European Commission (europa.eu)
  • You are willing to wear a mouth mask during the training (if we are required to demand that)