Scroll Top

BruCON 2022 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Conference Training

Conference training is taking place between 26 and 28 September 2022.

As conference tickets are selling out fast, please be aware that if you purchase any training ticket, you will always be able to purchase (not included by default) a Bussiness conference ticket. You will receive a special code in your training confirmation email that allows you to unlock these tickets in EventBrite.

Description: The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced heap exploit development techniques from an experienced exploit developer. During this 4-day class (sometimes just 3 “long” days at a conference), students will get the opportunity to learn how to write heap exploits for the Windows platform, using Windows 7, Windows 10 and Windows 11 as the example platform, but mostly focusing on learning & applying generic techniques that can be applied to other operating systems and heap implementations. We will discuss differences between Windows 7 and Windows 10/Windows 11 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10 & Windows 11. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 heap exploit development, and probably the only one that dives deep into the Windows heap manager on Windows 7 and Windows 10/11.

REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)

Instructor: Peter Van Eeckhoutte

Duration: 3-day

Read More

Description: More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Azure AD as an Identity and Access Management platform using the hybrid cloud model. This makes it imperative to understand the risks associated with Azure as not only the Windows infrastructure and apps use it but also identities of users across an enterprise are authenticated using it. In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.

This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants. All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss
detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools.
If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!

Instructor: Nikhil Mittal

Duration: 3-day

Read More

Description: Attackers constantly find new ways to attack and infect Linux boxes using more and more sophisticated techniques and tools. As defenders, we need to stay up to date with adversaries, understand their TTPs and be able to respond quickly. The combination of low-level network and endpoint visibility is crucial to achieving that goal. For DFIR needs we could go even further with proactive forensics inspections. This training will guide you through different attack-detection-inspection-response use-cases and teach critical aspects of how to handle Linux incidents properly.

Through the hands-on labs, you will gain a perfect understanding of important DFIR Linux/Network internals and investigation steps needed to get the full picture of post-exploitation activities and artifacts left behind. At scale.

Instructor: Leszek Miś

Duration: 3-day

Read More

Description: This is a hands-on IoT hacking class. It covers all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities. The main focus is offensive security: attacking and testing the devices and platforms. We first cover the basics and lay out the ground with concepts before diving into the actual hacking. This provides the understanding of what and why the things can be hacked, with a good mix of knowledge and learning-by-doing or in this case learning-by-hacking.

Students will receive a IoT Hacking Kit (hardware with a value of +300 Euros), which contains the tools and some vulnerable devices used in class, so that they can continue sharpening their skills or hack devices after the event.

Instructor: Pablo Endres

Duration: 3-day

Read More

Description: Red and blue Teams often find themselves pitted against each other. This stems from the fact that their goals during an exercise are not always aligned. The red team aims to behave like a realistic threat actor and evade defenses to reach certain objectives in the targeted network. The blue team, often already swamped with ongoing activity, attempts to block, detect and react to all attacks on the organization.

Red teamers are measured in stealth and how many objectives were achieved. Blue teams are measured in Mean Time to Detect (MTD) and Mean Time to Respond (MTR), how quickly they can contain and eliminate the threat. However, both parties individually spend significant time researching the same attacker techniques to improve their toolkits & skillsets instead of working together against the real adversary. Why not work together? Enter Purple Teaming.

This hands-on training connects red and blue in a series of live attack-defense exercises and demos. The group of participants will be split in two teams. On day one, the first team will be guided to attack a simulated corporate active directory environment. The other team will have access to defensive tooling to detect and respond to the attacks. On the second day, the teams change roles, and the exercise is repeated for a different attack path.

Along the way, there will be regular purple team meetings, where the blue team presents detections and actions taken and the red team explains the executed techniques. Both days culminate in a lessons-learned moment, where you will be able to network and interact with your counterparts on the other side.

Instructors: Dennis Van Elst and Thomas Eugène

Duration: 2-day (Starting Tuesday 27th)

Read More

Description: In this 6th edition of our course, we improved our threat modeling training with the exclusive threat modeling war game with red and blue threat modeling teams. Engaged in capture the flag style threat modeling challenges your team will battle for control over an offshore wind turbine park.

Also, in this edition we enhanced the section on privacy by design, compliance, and added a section on threat modeling medical devices. All participants get our Threat Modeling Playbook plus one-year access to our online threat modeling learning platform. As part of this training, you will be asked to create your own threat model, on which you will get individual feedback. One month after the training we organize an online review session with all the participants.

As highly skilled professionals with years of experience under our belts, we’re intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model.
Using this methodology for the hands-on workshops we provide our students with a challenging training experience and the templates to incorporate threat modeling best practices in their daily work. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following:

  • Diagramming web and mobile applications, sharing the same REST backend
  • Threat modeling an IoT gateway with a cloud-based update service
  • Get into the defender’s head – modeling points of attack against a nuclear facility
  • Threat mitigations of OAuth scenarios for an HR application
  • Privacy analysis of a new face recognition system in an airport
  • Battle for control over “Zwarte Wind”, an offshore wind turbine park

Instructors:Sebastien Deleersnyder and Steven Wierckx

Duration: 2-day (Starting Tuesday 27th)

Read More


Corelan Advanced by Peter Van Eeckhoutte  3-days In-person
IoT Security Bootcamp by Pablo Endres 3-days In-person
Azure Cloud Attacks for Red and Blue Teams by Nikhil Mittal 3-days In-person
Linux Forensics Inspection and Incident Response at scale by Leszek Mis 3-days In-person
Advanced Whiteboard Hacking – aka Hands-on Threat Modeling by Sebastien Deleersnyder and Steven Wierckx (Starting Tuesday 27th) 2-days In-person
Red <3 Blue: Attack-Defense Purple Team Training by Dennis Van Elst and Thomas Eugène (Starting Tuesday 27th) 2-days In-person

Additional info


The price for 2-day courses is 1300 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1600 Euro early bird (+ VAT) per attendee.

As of the 15th of February this will become 1400 Euro (2-day) / 1700 Euro (3-day) (+ VAT) per attendee.

(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

(**) The IoT Security Bootcamp  is a bit more expensive but each student will be provided with your own IoT Security Hacking Kit to take home with you

Location and dates

In-person courses will be hosted at the Novotel Mechelen Centre (here) or at the conference location Lamot Mechelen. The virtual courses will be handled through Zoom, and a class room will be foresoon in either of the pre-mentioned hotels for people wanting to together. See below for more information

The courses begin promptly at 09h00 and end at 17h00 (CET) (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated (or joined the Zoom conference) and ready to go by 08h45.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more).

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.