We are very happy to share the BruCON0x10 Spring training program (17-19 April 2024). All courses will take place in the Novotel Mechelen Centre or virtually via Zoom. Early-bird will last till the 1st of February, please fine the line-up here :
(In-person) Corelan “stack” based exploitation for Windows (a.k.a. “Bootcamp”) – Peter Van Eeckhoutte (3-days) – The Corelan “BOOTCAMP” is a truly unique opportunity to learn both basic & advanced techniques from an experienced exploit developer. During this 3-day course, students will be able to learn all ins and outs about writing reliable stack based exploits for the Windows (x86) platform. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits. We believe it is important to start the course by explaining the basics of stack buffer overflows and exploit writing, but this is most certainly not “your average” entry level course. In fact, this is a true bootcamp and one of the finest and most advanced courses you will find on Win32 stack based exploit development. More information here
(Virtual) Active Directory Attacks for Red and Blue Teams – Advanced Edition – Nikhil Mittal (3-days) –
More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.This training is aimed towards attacking modern AD Environment using built-in tools and trusted OS resources. The training is based on real world penetration tests and Red Team engagements for highly secured environments. More information here
(In-Person) Advanced Incident Response in the Microsoft Cloud – Korstiaan Stam (3-days) –
In this three-days hands-on training, you’ll learn everything you need to know about forensics and incident response in the Microsoft cloud. This training covers both Microsoft 365 and Microsoft Azure, you’ll get hands-on experience with investigating attacks, acquition of forensic artefacts from the cloud and digging through the relevant artefacts. Everything you learn is related to real life threats observed against the Microsoft cloud. The trainer has real life experience with incident response and forensic investigations in the cloud, knowledge will be shared that’s not available on any public resource. Once you’ve completed this training you will feel comfortable inves,ga,ng any threat in the Microsoft cloud. The training is very hands-on and concluded with two full attack scenarios in both Azure & M365 and you’re tasked in the CTF to solve as many pieces of the puzzle as you can. More information here
(Virtual) Mastering Kubernetes: Deep Dive into Attacks, Defense & Mitigations – Divyanshu Shukla and Ravi Mishra (3-days) –
This 3 day course is meticulously crafted for those seeking a deep, technical, hands-on immersion into the world of Kubernetes security. We begin by laying the groundwork with Kubernetes basics, understanding its architecture, and delving into its potential security pitfalls. Participants will be initiated into the intricate details of Kubernetes attack surfaces, with hands-on labs focusing on real-world vulnerabilities and their corresponding exploits.Using advanced exploitation techniques, our session will unravel sophisticated Kubernetes attack methodologies, from manipulating Role-Based Access Controls to advanced container breakout strategies. But, it’s not just about offense; we also cover the art of defense. Learn how to seal your secrets, enforce stringent network policies with Cilium, and employ advanced detection mechanisms using tools like Falco and EFK.The workshop consists of a Capture The Flag (CTF) challenge, designed to test the mettle of participants, pitting their newly acquired offensive and defensive skills against real-world Kubernetes scenarios.By the end of our intensive three-day journey, attendees will not only have an expanded skill set but also the confidence to identify, exploit, and protect Kubernetes clusters in real-world environments. More information here
(In-Person) Defending Enterprises – 2024 Edition – Owen Shearing / Will Hunt (2-days starting Thursday 18th) – Updated for 2024, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. You’ll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA’s and IOC’s from a live enterprise breach executed by the trainers in real time. Whether you’re new to Kusto Query Language (KQL) or a seasoned pro, there’s plenty for you in the 2-days! Yes, we’re using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform. More information here
(In-Person) Agile Whiteboard Hacking – aka Hands-on Threat Modeling – Sebastien Deleersnyder (2-days starting Thursday 18th) – You will be challenged with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park. The level of this training is Beginner/Intermediate. Participants who are new to threat modeling are advised to follow our self-paced Threat Modeling Introduction training (which is about 2 hours and is included in this training). As highly skilled professionals with years of experience under our belts, we’re intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. More information here
All training details and registration links can be found on the BruCON training pages (link)
your BruCON team.