We are very happy to share the BruCON0x0E training program (26-28 September 2022). All courses will take place in the Novotel Mechelen Centre or at the Lamot (Conference location). All courses will be in-person as we feel we have been spending too much time already in virtual meetings and courses. So you can prepare yourself for a training experience like it was before the pandemic, with time to socialize with your fellow students and have a beer together #HackingForBeer
Early-bird will last till the 15th of July, please fine the line-up here :
Corelan Advanced – Peter Van Eeckhoutte (3-days) – The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced heap exploit development techniques from an experienced exploit developer. During this 4-day class (sometimes just 3 “long” days at a conference), students will get the opportunity to learn how to write heap exploits for the Windows platform, using Windows 7, Windows 10 and Windows 11 as the example platform, but mostly focusing on learning & applying generic techniques that can be applied to other operating systems and heap implementations. We will discuss differences between Windows 7 and Windows 10/Windows 11 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10 & Windows 11. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 heap exploit development, and probably the only one that dives deep into the Windows heap manager on Windows 7 and Windows 10/11. More information here
Azure Cloud Attacks for Red and Blue Teams – Nikhil Mittal (3-days) – More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Azure AD as an Identity and Access Management platform using the hybrid cloud model. This makes it imperative to understand the risks associated with Azure as not only the Windows infrastructure and apps use it but also identities of users across an enterprise are authenticated using it. In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge. This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants. All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools. If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you! More information here
Linux Forensics Inspection and Incident Response at scale – Leszek Mis (3-days) – Attackers constantly find new ways to attack and infect Linux boxes using more and more sophisticated techniques and tools. As defenders, we need to stay up to date with adversaries, understand their TTPs and be able to respond quickly. The combination of low-level network and endpoint visibility is crucial to achieving that goal. For DFIR needs we could go even further with proactive forensics inspections. This training will guide you through different attack-detection-inspection-response use-cases and teach critical aspects of how to handle Linux incidents properly. Through the hands-on labs, you will gain a perfect understanding of important DFIR Linux/Network internals and investigation steps needed to get the full picture of post-exploitation activities and artifacts left behind. At scale. More information here
IoT Security Bootcamp – Pablo Endres (3-days) – This is a hands-on IoT hacking class. It covers all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities. The main focus is offensive security: attacking and testing the devices and platforms. We first cover the basics and lay out the ground with concepts before diving into the actual hacking. This provides the understanding of what and why the things can be hacked, with a good mix of knowledge and learning-by-doing or in this case learning-by-hacking. Students will receive a IoT Hacking Kit (hardware with a value of +300 Euros), which contains the tools and some vulnerable devices used in class, so that they can continue sharpening their skills or hack devices after the event. More information here
Advanced Whiteboard Hacking – aka Hands-on Threat Modeling – Sebastien Deleersnyder and Steven Wierckx (2-days starting Tuesday) – In this 6th edition, we improved our threat modeling training with the exclusive threat modeling war game with red and blue threat modeling teams. Engaged in capture the flag style threat modeling challenges your team will battle for control over an offshore wind turbine park. Also, in this edition we enhanced the section on privacy by design, compliance, and added a section on threat modeling medical devices. All participants get our Threat Modeling Playbook plus one-year access to our online threat modeling learning platform. As part of this training, you will be asked to create your own threat model, on which you will get individual feedback. One month after the training we organize an online review session with all the participants. As highly skilled professionals with years of experience under our belts, we’re intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. More information here
Red <3 Blue: Attack-Defense Purple Team Training – Dennis Van Elst and Thomas Eugène (2-days starting Tuesday) – Red and blue Teams often find themselves pitted against each other. This stems from the fact that their goals during an exercise are not always aligned. The red team aims to behave like a realistic threat actor and evade defenses to reach certain objectives in the targeted network. The blue team, often already swamped with ongoing activity, attempts to block, detect and react to all attacks on the organization. Red teamers are measured in stealth and how many objectives were achieved. Blue teams are measured in Mean Time to Detect (MTD) and Mean Time to Respond (MTR), how quickly they can contain and eliminate the threat. However, both parties individually spend significant time researching the same attacker techniques to improve their toolkits & skillsets instead of working together against the real adversary. Why not work together? Enter Purple Teaming. This hands-on training connects red and blue in a series of live attack-defense exercises and demos. The group of participants will be split in two teams. On day one, the first team will be guided to attack a simulated corporate active directory environment. The other team will have access to defensive tooling to detect and respond to the attacks. On the second day, the teams change roles, and the exercise is repeated for a different attack path. Along the way, there will be regular purple team meetings, where the blue team presents detections and actions taken and the red team explains the executed techniques. Both days culminate in a lessons-learned moment, where you will be able to network and interact with your counterparts on the other side. More information here