From BruCON 2015
Jump to: navigation, search
(Location and dates)
 
(103 intermediate revisions by 4 users not shown)
Line 1: Line 1:
These are the confirmed trainings for Brucon 2011
+
__NOTOC__
  
==Registration details==
+
<div style="text-align: left;">
The price for the 2 day courses is <del>895 Euro early bird (+ VAT) per attendee. After 15th of July this will become</del> 995 Euro (+ VAT) per attendee.
 
  
Registration for Trainings:
+
Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).
  
[[File:Register.jpg||link=https://ssl.brucon.org/register-training]]
+
Offering world-class, deep-dive technical trainings given by '''the most recognized experts''' with huge industry experience in their domain!
  
==Location and dates==
+
The Line-Up:
The courses will be given on 21 & 22 September at the Vrije Universiteit Brussel, Pleinlaan 2, 1050 Elsene
+
* [[Training 2015 - Practical Malware Analysis - Rapid Introduction|Practical Malware Analysis: Rapid Introduction by Andrew Honig]] (3 day training)
 +
* [[Training 2015 - Tactical Exploitation and Response|Tactical Exploitation and Response by Colin Ames]] (3 day training)
 +
* [[Training 2015 - Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more|Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan]] (2 day training)
 +
* [[Training 2015 - Wireshark WiFi and Lua-Packet Class|Wireshark WiFi and Lua-Packet Class by Didier Stevens *]] (2 day training)
 +
* <strike> Cyber Breach Management by Chris Nutt (3 day training) </strike> - Cancelled
 +
* [[Training 2015 - Offensive IoT Exploitation|Offensive IoT Exploitation by Aditya Gupta and Aseem Jakhar]] (3 day training)
 +
* [[Training 2015 - Assessing and Exploiting Control Systems|Assessing and Exploiting Control Systems by Justin Searle **]] (3 day training)
  
The classes are being held in Building D which is directly behind the main BruCON building (Q).
+
Best motivation for training: ''"The only thing worse than training your employees and having them leave, is not training them and having them stay!"''
  
[[File:Brucon training map.png]]
+
==Registration details==
 +
The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
 +
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee. <br>
 +
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.
  
The courses start at 9h00 and end at 17h00.
+
The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
 +
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee. <br>
 +
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit
  
Lunch is included in the training fee.
+
Registration for Trainings:
  
==Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte'''==
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
Based on the Corelan tutorials, this hands-on course will provide students with solid understanding of current Win32 stack based exploitation techniques :
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration.  Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
  
-       Win32 memory management
+
==Location and dates==
 +
The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent<br>
  
-      Using debuggers and debugger plugins such as pvefindaddr
+
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
  
-      Exploiting stack buffer overflows
+
Lunch is included in the training fee.
 
 
-      Bypassing memory protections (Safeseh, sehop, stack cookies, aslr, dep)
 
 
 
-      Dealing with character set conversions and transformations (Unicode, etc)
 
 
 
-      Using egghunters, omelet egg hunters
 
 
 
-      Writing and integrating modules for Metasploit
 
 
 
-      Writing shellcode
 
 
 
more info can be found at  : http://www.corelan-training.com/
 
 
 
==There’s An App For That (Pentesting Mobile Apps) by Joe McCray==
 
 
 
This is a 2-day workshop focused on hands-on mobile application security
 
testing. Each day this course starts you off with setting up your
 
environment (emulator/sdk/hardware/etc), then quickly moves into using your
 
device as an attack platform. From there the course goes into the basics of
 
reverse engineering mobile applications, exploiting mobile applications on
 
each respective platform, and finally on to attacking web services from each
 
platform.
 
 
 
'''Important Note:'''<br>
 
Students are strongly encouraged to bring a Mac laptop running OS 10.6 Snow
 
Leopard, and XCode 3.2.6
 
 
 
Running Windows or Linux is acceptable for the first day of class (Android),
 
but for the second day of class (iDevices) it is strongly recommended that
 
each student have Mac laptop running OS 10.6 Snow Leopard, and XCode 3.2.6
 
 
 
==A crash course in pentesting and securing VOIP networks by Sandro Gauci and Joffrey Czarny (Sn0rkY)==
 
As VoIP networks become more and more part of the way organizations
 
communicate, security professionals need to understand their strengths
 
and weaknesses. This knowledge will help them make sound decisions on
 
the security (or lack of) of their VoIP system and network.
 
 
 
Attendees who follow the VoIP security training will gain valuable
 
hands-on experience in testing VoIP equipment and networks. During the
 
training they will make use of existent security tools as well as
 
custom built tools to help them get the job done.
 
 
 
These are some of the hands-on topics that are covered:
 
 
 
* Scanning and fingerprinting various VoIP network protocols including SIP, SCCP (Skinny), MGCP, H.323 and IAX2
 
* Toll fraud or making phone calls for free (at the expense of the victim)
 
* Attacks on PBX systems, including those specific to web applications
 
* Wiretapping of phone calls, both on physical network and remote wiretapping
 
* Denial of service attacks affecting both phones and PBX systems
 
* Attacks specific to Cisco and Asterisk VoIP solutions
 
* Common IP Phone vulnerabilities
 
 
 
==Dissecting Wireless Network Security by Vivek Ramachandran==
 
This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-
 
to guide on publicly available tools.
 
 
 
We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-
 
Middle attacks and taking on the live Wi-Fi CTF!
 
 
 
Topics that will be addressed in the training :
 
* Understanding WLAN protocol basics using Wireshark
 
* Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
 
* Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise
 
* Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM attacks
 
* Advanced Enterprise Attacks – attacking 802.1x, Radius server, Cisco LEAP, SSL MITM over Wireless, IPSec over WLAN attacks
 
* Attacking Wireless Intrusion Detection and Prevention Systems
 
* Attacking the Wireless Client – Honeypots, Hotspot attacks, Caffe-Latte, Hirte Attack, Ad-Hoc networks and Viral SSIDs, WiFishing
 
* Compromising the Client using Metasploit and SET post wireless network hijacking
 
* Wireshark as a wireless forensics tool
 
* Extending Aircrack-NG for fun and profit
 
* Programming Wireless Sniffers and Packet Injectors using raw sockets and 3rd party libraries
 
* Over 25 hands-on lab sessions on different attacks
 
* 5 pure Wi-Fi CTF challenges of varying difficulty played at various stages in the training
 
 
 
==<del>FAIR - Factor Analysis of Information Risk by Jack Jones</del>==
 
 
 
Unfortunately Jack Jones' training has been cancelled. If you already registered for this training program please email training@brucon.org to either join another class or to request a refund.
 
 
 
==<del>Threat Modeling and Architecture review by Pravir Chandra</del>==
 
Unfortunately Pravir Chandra's training has been cancelled. If you already registered for this training program please email training@brucon.org to either join another class or to request a refund.
 

Latest revision as of 09:14, 17 September 2015


Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).

Offering world-class, deep-dive technical trainings given by the most recognized experts with huge industry experience in their domain!

The Line-Up:

Best motivation for training: "The only thing worse than training your employees and having them leave, is not training them and having them stay!"

Registration details

The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee.
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.

The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee.
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent

The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee.