Scroll Top

BruCON 2023 Training

Immerse yourself into the world of security by attending the BruCON Training ! BruCON offers world-class, deep-technical training given by the most recognised experts with huge industry experience in their domain. We want to offer courses for anybody interesting in security, ranging from novice to advanced and for red and blue teams !

Conference Training

Conference training is taking place between 25 and 27 September 2023. (2-day courses starting on Tuesday the 26th)

As conference tickets are selling out fast, please be aware that if you purchase any training ticket, you will always be able to purchase (not included by default) a Business conference ticket. You will receive a special code in your training confirmation email that allows you to unlock these tickets in EventBrite.

Description: The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced heap manipulation and exploit development techniques from an experienced exploit developer. During this 4 or 5-day class (sometimes just 3 “long” days at a conference), students will get the opportunity to learn how to write heap exploits for the Windows platform, using Windows 7, Windows 10 and Windows 11 as the example platform, but mostly focusing on learning & applying generic techniques that can be applied to other operating systems and heap implementations. We will discuss differences between Windows 7 and Windows 10/Windows 11 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10 & Windows 11.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.

This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on heap exploit development for Windows, and probably the only one that dives deep into the Windows heap manager on Windows 7 and Windows 10/11 and demystifies how the heap really works.

REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)

Instructor: Peter Van Eeckhoutte

Duration: 3-day

Read More

Description: More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use  Azure AD as an Identity and Access Management platform using the hybrid cloud model. This  makes it imperative to understand the risks associated with Azure as not only the Windows  infrastructure and apps use it but also identities of users across an enterprise are authenticated  using it.

In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications  and infrastructure to Azure brings some very interesting opportunities and risks too. Often  complex to understand, this setup of components, infrastructure and identity is a security  challenge. This hands-on training aims towards abusing Azure and a number of services offered by it. We  will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.

All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege  Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss  detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more  on methodology and techniques than tools.

If you are a security professional trying to improve your skills in Azure cloud security, Azure  Pentesting or Red teaming the Azure cloud this is the right class for you!

Instructor: Nikhil Mittal

Duration: 3-day

Read More

Description: There are a lot of courses that you can take, virtual, in-person, etc that show you all of the tools and techniques under the sun. What sets this course apart is that we explain the “WHY”. After a combined 35 years of experience in red teaming and offensive security, egypt and mubix distill their TTPs in everything from building binaries, avoiding antivirus (EDR,XDR,BS-DR), to building your own company to take over another. In this 3 day course we have labs where we aren’t trying to teach you any particular OS, tool, or technique, but how to think about those same OSs, tools and techniques, when to use them, and how to assess new ones as the field of infosec changes.

Want to learn the newest, coolest, techniques? Go to a different class. Want to learn how to make any tool do what you want it to? This is the place to be.

Instructor: Rob Fuller and egypt “James” Lee

Duration: 3-day

Read More

Description: This is a hands-on IoT hacking class. It covers all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities. The main focus is offensive security: attacking and testing the devices and platforms.

We first cover the basics and lay out the ground with concepts before diving into the actual hacking. This provides the understanding of what and why the things can be hacked, with a good mix of knowledge and learning-by-doing or in this case learning-by-hacking.

Students will receive a IoT Hacking Kit (hardware with a value of +350 Euros), which contains the tools and some vulnerable devices used in class, so that they can continue sharpening their skills or hack devices after the event.

Instructor: Pablo Endres

Duration: 3-day

Read More

Description: This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis.

This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (crimeware, APT malware, fileless malwares, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system.

The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.

Instructors: Monnappa K A and Sajan Shetty

Duration: 3-day

Read More

Description: Updated for 2023, our Hacking Enterprises training is the natural counterpart to our popular Defending Enterprises course. In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this  immersive hands-on course that covers a multitude of TTP’s. Targeting modern operating systems including Windows 11, you’ll use modern techniques and focus on exploiting configuration  weaknesses rather than throwing traditional exploits. Logical thinking and creativity will definitely be  put to the test!

You will work to get initial access in a fictional organisation where multiple networks exist, some easily  accessible, others not so. You’ll implant and establish C2, but manual techniques will always be  emphasised so you’re equipped with the knowledge to work without reliance on frameworks.

Course content has been designed to reflect real-world challenges and you’ll perform numerous  hands-on exercises including executing exploitative phishing campaigns against our simulated users  for initial access, finding new networks that in turn bringing new challenges including IPv6  exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, AD CS  abuse, userland and privileged persistence via OOB channels and much more!

We realise that training courses are limited for time and therefore students are also provided with the following:

  • 14-day extended LAB access after the course finishes
  • 14-day access to a CTF platform with subnets/hosts not seen during training!
  • Discord support channel access where our security consultants are available

Instructors: Will Hunt and Owen Shearing

Duration: 3-day

Read More

Description: This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts and desktop apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server. What is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client.

Modern Web and Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web and desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other web or desktop app platform. Ideal for Penetration Testers, Web and Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

Instructors: Abraham Aranguren

Duration: 3-day

Read More

Description: This hands-on CTF-style training focuses on elevating your security knowledge into the cloud. Learn to defend your AWS & Azure cloud infrastructure by building automated detection, alerting and response pipelines for your  workloads by using native cloud services. This training focuses on building  security knowledge on the cloud and for the cloud.

This training takes both  investigator and builder approach towards security. It teaches you the fundamentals of cloud infrastructure security and focuses on building highly scalable threat detection, monitoring, and response tools by  using cloud-native services like serverless, containers, object stores, IAM/AD,  logic apps, SQL/KQL queries and much more.

By the end of this training, we will be able to(applies to both AWS & Azure):

  • Use cloud technologies to detect & build automated responses against IAM & AD attacks.
  • Understand and mitigate advanced identity based attacks like pivoting and privilege escalation and build defense techniques against them.
  • Use serverless functions to perform on-demand threat scans.
  • Deploy containers to build threat detection services at scale.
  • Build notification services to create detection alerts.
  • Analyze malware-infected virtual machines to perform automated forensic investigations.
  • Define step functions & logic apps to implement automated forensic artifacts collection for cloud resources.
  • Build cloud security response playbooks for defense evasion, persistence and lateral movements.
  • Perform advanced security investigations through architecting and deploying security data-lake for real-time threat intelligence and monitoring.
  • Enforce multi-cloud security strategy through assessments, compliance checks and benchmarking automation.

Instructors: Abhinav Singh

Duration: 2-day (starting 26th of September)

Read More

Description: The mobile galaxy is dominated by two solar systems: Android and iOS. Grab your towel and embark on a journey through the intricacies of mobile operating systems. Uncover the secrets and vulnerabilities of mobile app planets through static analysis. Ignite the infinite improbability drive and delve deeper with dynamic analysis to gain the skills and knowledge to outwit the Vogons. Establish a Man-in-the-Middle to glide through the network traffic of mobile applications and see them phone home.

In this training, not only the Ultimate Question of Life, the Universe, and Everything will be answered but also most of your questions regarding mobile security. Join us on this galactic adventure of becoming a mobile security expert!

Instructors: Jeroen Beckers and Claudia Ully

Duration: 2-day (starting 26th of September)

Read More


Corelan “ADVANCED” by Peter Van Eeckhoutte  3-days In-person
Azure Cloud Attacks for Red and Blue Teams by Nikhil Mittal 3-days In-person
Abilities Driven Red Teaming by Rob Fuller 3-days In-person
IoT Security Bootcamp by Pablo Endres 3-days In-person
A Complete Practical Approach to Malware Analysis and Memory Forensics by Monnappa K A and Sajan Shetty 3-days In-person
Hacking Enterprises – 2023 Edition by Owen Shearing and William Hunt 3-days In-person
Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors by Abraham Aranguren 3-days In-person
Cloud Security Masterclass: Defender’s Guide to Securing AWS & Azure Infrastructure by Abhinav Singh 2-days In-person
The Hitchhacker’s Guide to the Mobile Galaxy by Jeroen Beckers and Claudia Ully 2-days In-person

Additional info


The price for 2-day courses is 1500 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1800 Euro early bird (+ VAT) per attendee.

As of the 16th of July this will become 1600 Euro (2-day) / 1900 Euro (3-day) (+ VAT) per attendee.

(*) The Corelan trainings are a bit more expensive but consist of 3 long days (+ 10 hours) including dinner. No early-bird pricing for Corelan courses

(**) The IoT Security Bootcamp is a more expensive but includes an IoT hacking kit (Value of +350 €)

Location and dates

In-person courses will be hosted at the Novotel Mechelen Centre (here) or at the conference location Lamot Mechelen. The virtual courses will be handled through Zoom, and a class room will be foresoon in either of the pre-mentioned hotels for people wanting to together. See below for more information

The courses begin promptly at 09h00 and end at 17h00 (CET) (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated (or joined the Zoom conference) and ready to go by 08h45.

Why attend a BruCON Training ?

At BruCON, we try to keep our prices affordable, both for the conference and training. We focus on the having smaller classes with enough time to get to learn and exchange experience. We will host a social gathering for students, trainers and crew to meetup over a beer (or more).

How to register a conference ticket after purchasing a training ticket ?

After you have purchased a training ticket, you will receive a confirmation email from EventBrite. In this email, towards the bottom there will be an “Additional Information” section that looks as follows

With this code, you can go to the conference registration page (, click on Tickets and click on the link on the top right “Enter Promotional Code“. Once you have entered the code you have found in your confirmation email, you will be able to purchase a conference ticket.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.