From BruCON 2015
Jump to: navigation, search
 
(116 intermediate revisions by 4 users not shown)
Line 1: Line 1:
These are the confirmed trainings for Brucon 2011
+
__NOTOC__
  
==FAIR - Factor Analysis of Information Risk by Jack Jones==
+
<div style="text-align: left;">
  
Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
+
Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).
  
This training will introduce the students to FAIR and teach them how to apply it to real-life scenarios. 
+
Offering world-class, deep-dive technical trainings given by '''the most recognized experts''' with huge industry experience in their domain!
  
At the end of training, students are eligible to take a certification exam at no additional cost.
+
The Line-Up:
 +
* [[Training 2015 - Practical Malware Analysis - Rapid Introduction|Practical Malware Analysis: Rapid Introduction by Andrew Honig]] (3 day training)
 +
* [[Training 2015 - Tactical Exploitation and Response|Tactical Exploitation and Response by Colin Ames]] (3 day training)
 +
* [[Training 2015 - Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more|Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan]] (2 day training)
 +
* [[Training 2015 - Wireshark WiFi and Lua-Packet Class|Wireshark WiFi and Lua-Packet Class by Didier Stevens *]] (2 day training)
 +
* <strike> Cyber Breach Management by Chris Nutt (3 day training) </strike> - Cancelled
 +
* [[Training 2015 - Offensive IoT Exploitation|Offensive IoT Exploitation by Aditya Gupta and Aseem Jakhar]] (3 day training)
 +
* [[Training 2015 - Assessing and Exploiting Control Systems|Assessing and Exploiting Control Systems by Justin Searle **]] (3 day training)
  
Everyone who attends training receives a free copy of the FAIRLite Excel-based application.
+
Best motivation for training: ''"The only thing worse than training your employees and having them leave, is not training them and having them stay!"''
FAIRLite is an Excel application designed to enable simple and effective quantitative analysis of
 
risk scenarios using the FAIR framework. Developed by a former CISO who understands the
 
need for efficient and practical tools, FAIRLite is simple to use and yet flexible enough to per-
 
form powerful analyses on complex scenarios.
 
  
Note that FAIRLite requires an Excel plugin from RiskAMP.com. A fully functional 30-day
+
==Registration details==
demo version of the RiskAMP plugin is provided to students. Students may purchase the plugin
+
The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
(Professional Edition required) directly from RiskAMP for $249.95.  
+
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee. <br>
 +
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.
  
Students are considered to have a basic understanding of risk and some experience in one or more disciplines related to risk (e.g., information security, disaster recovery, continuity management, operational risk, etc.).
+
The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
 +
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee. <br>
 +
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit
  
==Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte'''==
+
Registration for Trainings:
  
Based on the Corelan tutorials, this hands-on course will provide students with solid understanding of current Win32 stack based exploitation techniques :
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
-      Win32 memory management
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration.  Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
  
-       Using debuggers and debugger plugins such as pvefindaddr
+
==Location and dates==
 +
The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent<br>
  
-      Exploiting stack buffer overflows
+
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
  
-      Bypassing memory protections (Safeseh, sehop, stack cookies, aslr, dep)
+
Lunch is included in the training fee.
 
 
-      Dealing with character set conversions and transformations (Unicode, etc)
 
 
 
-      Using egghunters, omelet egg hunters
 
 
 
-      Writing and integrating modules for Metasploit
 
 
 
-      Writing shellcode
 
 
 
==There’s An App For That (Pentesting Mobile Apps) by Joe McCray==
 
 
 
This is a 2-day workshop focused on hands-on mobile application security testing. Each day this course starts you off with setting up your environment (emulator/sdk/hardware/etc), then quickly moves into using your device as an attack platform. From there the course goes into the basics of reverse engineering mobile applications, exploiting mobile applications on each respective platform, and finally on to attacking web services from each platform.
 
 
 
==Threat Modeling and Architecture review by Pravir Chandra==
 
Threat Modeling & Architecture Review are cornerstones of a preventative approach to Software Security
 
Assurance. By combining these topics into single comprehensive course attendees can get a complete
 
understanding of how to understand the risks an application faces and how the application will handle
 
those potential problems. This enables consistently accurate assessment of an application’s security
 
posture and recommendation of appropriate improvements or mitigating controls.
 

Latest revision as of 09:14, 17 September 2015


Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).

Offering world-class, deep-dive technical trainings given by the most recognized experts with huge industry experience in their domain!

The Line-Up:

Best motivation for training: "The only thing worse than training your employees and having them leave, is not training them and having them stay!"

Registration details

The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee.
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.

The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee.
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent

The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee.