From BruCON 2015
Jump to: navigation, search
(White Hat Shellcode: Not for Exploits)
(SUBJ1)
 
(127 intermediate revisions by 61 users not shown)
Line 1: Line 1:
'''To prevent chaos for our workshops, we kindly ask you to register on this page (actual name or nickname)'''
 
  
Most workshops will be given on both days so you have 2 options. <br>Arrive early (5 minutes before start). <br>Even if you don't have a spot, drop by to see if anybody didn't show up.
 
 
'''Lists will be closed at midnight the day before'''.
 
<br>If you didn't get a chance to register in time but the list isn't full yet, come and try your luck.
 
 
== DJ Workshop ==
 
by '''''Joernchen & Mumpi of Phenoelit'''''
 
 
The workshop will run for 2,5 hours. Two sessions catering for 8 attendees will be run. When registering, indicate (1) or (2) !!!
 
{| border='1px'
 
!  !!  '''Monday'''
 
|-
 
| #1
 
| Ryan Dewhurst (1)
 
|-
 
| #2
 
| Wim Remes (1)
 
|-
 
| #3
 
|Dieter (@dietervds) (1)
 
|-
 
| #4
 
|Aasia96 (1)
 
|-
 
| #5
 
|laurensv (1)
 
|-
 
| #6
 
|KeithMyers! (1)
 
|-
 
| #7
 
|Juliana Nicolau (1)
 
|-
 
| #8
 
|astera (1)
 
|-
 
| #9
 
|NetRunner(1ifnot2)
 
|-
 
| #10
 
| mrtn (2)
 
|-
 
| #11
 
|
 
|-
 
| #12
 
|
 
|-
 
| #13
 
|
 
|-
 
| #14
 
|
 
|-
 
| #15
 
|
 
|-
 
| #16
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==  Collective Malicious PDF Analysis ==
 
by '''''(Brandon Dixon - x0ner)'''''
 
 
What you need : Users should bring their laptop if they want to participate in the analysis.
 
You should also have the ability to run a VMware Virtual machine. This could mean having Fusion, Player or Workstation installed. 
 
 
There is no maximum audience amount.
 
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
! '''Tuesday'''
 
|-
 
| #1
 
| Ryan Dewhurst
 
| Bkay "@security4all"
 
|-
 
| #2
 
|@davehardy20
 
| Jochen - hammer
 
|-
 
| #3
 
|Juliana Nicolau
 
|Charlie Brown
 
|-
 
| #4
 
| @vanhoefm
 
|Etienne Stalmans
 
|-
 
| #5
 
|allabert
 
|@Guillermo
 
|-
 
| #6
 
|Detlev Matthies
 
|David Durvaux
 
|-
 
| #7
 
|Bart P (@bartblaze)
 
|Christophe Vandeplas
 
|-
 
| #8
 
|
 
|David André
 
|-
 
| #9
 
|
 
| smtx (@5M7X)
 
|-
 
| #10
 
|
 
|
 
|-
 
| #11
 
|
 
|Stephen Mills
 
|-
 
| #12
 
|
 
|
 
|-
 
| #13
 
|
 
| Sébastien D (@ekse0x)
 
|-
 
| #14
 
|
 
|Plumet Yorick
 
|-
 
| #15
 
|
 
|
 
|-
 
| #16
 
|
 
|
 
|-
 
| #17
 
|
 
|
 
|-
 
| #18
 
|
 
|
 
|-
 
| #19
 
|
 
|
 
|-
 
| #20
 
|
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Script Kiddie Hacking Techniques==
 
by '''Ellen Moar & Colin McLean'''
 
 
{| border='1px'
 
!  !!  '''Tuesday'''
 
|-
 
| #1
 
| Mike - ydoow
 
|-
 
| #2
 
|Benoit
 
|-
 
| #3
 
| Gavin Watson
 
|-
 
| #4
 
|Bryn Bellis
 
|-
 
| #5
 
|Xavier "@xme"
 
|-
 
| #6
 
|Dieter (@dietervds)
 
|-
 
| #7
 
| smtx (@5M7X)
 
|-
 
| #8
 
| BaconZombie  { @BaconZombie }
 
|-
 
| #9
 
|Charlie Brown
 
|-
 
| #10
 
|Dieter Van Den Bosch
 
|-
 
| #11
 
|Koen VB
 
|-
 
| #12
 
|Aasia96
 
|-
 
| #13
 
|@Dave_von_S
 
|-
 
| #14
 
|@steevebarbeau
 
|-
 
| #15
 
|GeCo
 
|-
 
| #16
 
|Koen Machilsen
 
|-
 
| #17
 
|corelanc0d3r
 
|-
 
| #18
 
|jps
 
|-
 
| #19
 
|padzer0
 
|-
 
| #20
 
|@davehardy20
 
|-
 
| ***           
 
|  *******************
 
|-
 
|
 
| '''WAITING LIST'''
 
|-
 
| #1
 
| Fancy
 
|-
 
| #2
 
|Ruben - b33f
 
|-
 
| #3
 
| Vincent Hutsebaut
 
|-
 
| #4
 
|Eugene N
 
|-
 
| #5
 
|astera
 
|-
 
| #6
 
|PhilFr
 
|-
 
| #7
 
| David André
 
|-
 
| #8
 
| Juliana Nicolau
 
|-
 
| #9
 
| Hammer
 
|-
 
| #10
 
| jap
 
|-
 
| #11
 
| koensa
 
|-
 
| #12
 
| Joshua Wöhle
 
|-
 
| #13
 
| David D.
 
|-
 
| #14
 
| Tino Brants
 
|-
 
| #15
 
| Bart P (@bartblaze)
 
|-
 
|}
 
 
==The Web Application Hacking Toolchain==
 
by '''Jason Haddix - jhaddix'''
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
! '''Tuesday'''
 
|-
 
| #1
 
| Robin - digininja
 
| Ryan Dewhurst
 
|-
 
| #2
 
| Benoit
 
| Mike - ydoow
 
|-
 
| #3
 
|@Dave_von_S
 
|Matt Erasmus
 
|-
 
| #4
 
| Gavin Watson
 
| Michael - mfs
 
|-
 
| #5
 
| Marc - wicky
 
| Jochen - hammer
 
|-
 
| #6
 
| Bart Van der Aovrt
 
|Dieter (@dietervds)
 
|-
 
| #7
 
| smtx (@5M7X)
 
| Dieter Van Den Bosch
 
|-
 
| #8
 
|GeCo
 
|Charlie Brown
 
|-
 
| #9
 
|padzer0
 
|Koen VB
 
|-
 
| #10
 
|J.Boutet
 
|@chrisjohnriley
 
|-
 
| #11
 
|Tino Brants
 
|@davehardy20
 
|-
 
| #12
 
|Vincent Spriet
 
|Ruben - b33f
 
|-
 
| #13
 
|System33
 
|@alcyonsecurity
 
|-
 
| #14
 
|David Rook @securityninja
 
|@vanhoefm
 
|-
 
| #15
 
|Eugene N
 
|Erik VB
 
|-
 
| #16
 
|David André
 
|Kurt Beheydt
 
|-
 
| #17
 
|PhilFr
 
|Fancy
 
|-
 
| #18
 
|koensa
 
|Giuseppe Trotta @Giutro
 
|-
 
| #19
 
|RFE
 
|Bert V.
 
|-
 
| #20
 
|Egeltje
 
|Francesco Stillavato
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==White Hat Shellcode: Not for Exploits==
 
by '''Didier Stevens'''
 
 
The goal of this workshop is to plant a seed: that shellcode has a place in your defense toolbox. The goal is not to learn to write shellcode, neither is it to present a complete anthology of white hat shellcode. I want to show a few examples to help you be more creative, so that when you are facing a problem in your IT sec job, you will also consider shellcode as a potential solution.
 
 
Shellcode is almost always used in attack scenarios, but it can also be used to defend. Shellcode is just a tool, and it can be a solution to your problem.
 
 
In this workshop we will work together on 5 cases:
 
 
1. loading/unloading a DLL
 
 
2. enforcing DEP
 
 
3. testing your security setup
 
 
4. patching an application
 
 
5. preventing heapsprays with shellcode
 
 
What you need to bring: your laptop with Windows XP SP3 (32-bit, preferably in a virtual machine).
 
 
You also need to download the two files: http://workshop.DidierStevens.com
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
! '''Tuesday'''
 
|-
 
| #1
 
| @vanhoefm
 
| Bart Van der Avort
 
|-
 
| #2
 
| @jfte
 
| smtx (@5M7X)
 
|-
 
| #3
 
| Vincent Hutsebaut :)
 
|Etienne Stalmans
 
|-
 
| #4
 
| Bert V.
 
| @nfoonf
 
|-
 
| #5
 
| Bart P (@bartblaze)
 
| David Durvaux
 
|-
 
| #6
 
|Plumet Yorick
 
|David Rook @securityninja
 
|-
 
| #7
 
|Wolfric
 
|Bennett Tomlinson - @pbtomlinson
 
|-
 
| #8
 
|
 
|Detlev Matthies
 
|-
 
| #9
 
|
 
|geert bex
 
|-
 
| #10
 
|
 
|
 
|-
 
| #11
 
|
 
|
 
|-
 
| #12
 
|
 
|
 
|-
 
| #13
 
|
 
|
 
|-
 
| #14
 
|
 
|
 
|-
 
| #15
 
|
 
|
 
|-
 
| #16
 
|
 
|
 
|-
 
| #17
 
|
 
|
 
|-
 
| #18
 
|
 
|
 
|-
 
| #19
 
|
 
|
 
|-
 
| #20
 
|
 
|
 
|-
 
| #21
 
|
 
|
 
|-
 
| #22
 
|
 
|
 
|-
 
| #23
 
|
 
|
 
|-
 
| #24
 
|
 
|
 
|-
 
| #25
 
|
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==WiFi malware for Fun and Profit==
 
by '''Vivek Ramachandran'''
 
 
Attendees must get their own laptop with Windows 7 and a working internal Wi-Fi card or external Adapter. Also, please get along Backtrack 5 installed in the Windows 7 laptop using Virtualbox along with a USB based Wi-Fi card which supports packet sniffing / injection (like the Alfa Network AWUS036H card). However, if you do not have the external card, you should still be able to follow the workshop, though not be able to participate in all labs.
 
 
Maximum 25 participants
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
! '''Tuesday'''
 
|-
 
| #1
 
| Thibault B
 
| Bkay "@security4all"
 
|-
 
| #2
 
|
 
| Charlie Brown
 
|-
 
| #3
 
| Dale Pearson
 
| Dieter Van Den Bosch
 
|-
 
| #4
 
| BaconZombie { @BaconZombie }
 
|@steevebarbeau
 
|-
 
| #5
 
|Benoit
 
|Dieter (@dietervds)
 
|-
 
| #6
 
| Marc - wicky
 
|SenseiZeon
 
|-
 
| #7
 
|Joshua Wöhle
 
|Tino Brants
 
|-
 
| #8
 
| smtx (@5M7X)
 
|Vincent Spriet
 
|-
 
| #9
 
|Ruben - b33f
 
|Kurt Beheydt
 
|-
 
| #10
 
|@alcyonsecurity
 
|Tim Beyens
 
|-
 
| #11
 
|Bruno DiLo
 
|Eugene N
 
|-
 
| #12
 
| mrtn
 
|David André
 
|-
 
| #13
 
|@Guillermo
 
| Jochen - hammer
 
|-
 
| #14
 
|Benjamin Carlier
 
| jap
 
|-
 
| #15
 
|@jfte
 
|koensa
 
|-
 
| #16
 
|J.Boutet
 
|@cketti
 
|-
 
| #17
 
| David Durvaux
 
|Zurgutt
 
|-
 
| #18
 
| Giuseppe Trotta - @giutro
 
|azerton
 
|-
 
| #19
 
| @vanhoefm
 
|Bart P (@bartblaze)
 
|-
 
| #20
 
|RFE
 
|Bruno DiLo
 
|-
 
| #21
 
|Bennett Tomlinson - @pbtomlinson
 
|PhilFr
 
|-
 
| #22
 
|DaveCh
 
|Plumet Yorick
 
|-
 
| #23
 
|wolfric
 
|Robin - digininja
 
|-
 
| #24
 
|Arvid Van Essche
 
|JMN
 
|-
 
| #25
 
|Filipe Spencer Lopes dos Santos
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Cisco VoIP insecurity workshop==
 
by '''Sandro Gauci and Joffrey Czarny aka Sn0rkY'''
 
 
What you need : Users should bring their laptop and a long ethernet network cable!
 
 
There is a maximum number of Cisco IP phone available.
 
 
 
{| border='1px'
 
!  !!  '''Tuesday'''
 
|-
 
| #1
 
| Robin - digininja
 
|-
 
| #2
 
|Bryn Bellis
 
|-
 
| #3
 
| Gavin Watson
 
|-
 
| #4
 
| Hilko Bouwman
 
|-
 
| #5
 
| smtx (@5M7X)
 
|-
 
| #6
 
| BaconZombie
 
|-
 
| #7
 
|@steevebarbeau
 
|-
 
| #8
 
|Koen Machilsen
 
|-
 
| #9
 
|jps
 
|-
 
| #10
 
|J.Boutet
 
|-
 
| #11
 
|Tino Brants
 
|-
 
| #12
 
|Vincent Spriet
 
|-
 
| #13
 
|Tim Beyens
 
|-
 
| #14
 
|Stephen Mills
 
|-
 
| #15
 
|Luc
 
|-
 
| #16
 
|System33
 
|-
 
| #17
 
|Plumet Yorick
 
|-
 
| #18
 
|DaveCh
 
|-
 
| #19
 
|Tbone
 
|-
 
| #20
 
|Dive_monkey
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Beer brewing workshop==
 
by '''Machtelt Garrels'''
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
|-
 
| #1
 
| BaconZombie
 
|-
 
| #2
 
| Niall Kearney
 
|-
 
| #3
 
|Charlie Brown
 
|-
 
| #4
 
|Etienne Stalmans
 
|-
 
| #5
 
|@steevebarbeau
 
|-
 
| #6
 
|BrunoDiLo
 
|-
 
| #7
 
|Frederik Geerts
 
|-
 
| #8
 
|Bram Van der Steen
 
|-
 
| #9
 
|JorisVH
 
|-
 
| #10
 
|Kurt Beheydt
 
|-
 
| #11
 
|Stephen Mills
 
|-
 
| #12
 
|Zurgutt
 
|-
 
| #13
 
|Barry irwin
 
|-
 
| #14
 
|geert bex
 
|-
 
| #15
 
|
 
|-
 
| #16
 
|
 
|-
 
| #17
 
|
 
|-
 
| #18
 
|
 
|-
 
| #19
 
|
 
|-
 
| #20
 
|
 
|-
 
| #21
 
|
 
|-
 
| #22
 
|
 
|-
 
| #23
 
|
 
|-
 
| #24
 
|
 
|-
 
| #25
 
|
 
|-
 
| #26
 
|
 
|-
 
| #27
 
|
 
|-
 
| #28
 
|
 
|-
 
| #29
 
|
 
|-
 
| #30
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Lock Picking 101==
 
by '''Walter Belgers (TOOOL)'''
 
 
What you need : You don't need to bring any particular tools. Everything will be lended to participant during the workshop. If you have, you can bring your own lockpicking toolset.
 
 
There is a maximum circular capacity of 20 people.
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
|-
 
| #1
 
| Mike - ydoow
 
|-
 
| #2
 
|Matt Erasmus
 
|-
 
| #3
 
|Benoit
 
|-
 
| #4
 
|Niall Kearney
 
|-
 
| #5
 
| smtx (@5M7X)
 
|-
 
| #6
 
| BaconZombie { @BaconZombie }
 
|-
 
| #7
 
|Dieter Van Den Bosch
 
|-
 
| #8
 
|Charlie Brown
 
|-
 
| #9
 
|Dieter (@dietervds)
 
|-
 
| #10
 
|JorisVH
 
|-
 
| #11
 
|corelanc0d3r
 
|-
 
| #12
 
|jps
 
|-
 
| #13
 
|laurensv
 
|-
 
| #14
 
|SenseiZeon
 
|-
 
| #15
 
|Ruben - b33f
 
|-
 
| #16
 
|Bruno DiLo
 
|-
 
| #17
 
|Benjamin Carlier
 
|-
 
| #18
 
|Frederik Geerts
 
|-
 
| #19
 
|Bram Van der Steen
 
|-
 
| #20
 
|Tino Brants
 
|-
 
| #21
 
|pp
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Hacking your conference badge==
 
by '''OpenAMD Crew'''
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
! '''Tuesday'''
 
|-
 
| #1
 
| Mike - ydoow
 
| SenseiZeon
 
|-
 
| #2
 
|
 
| azerton
 
|-
 
| #3
 
| Bkay "@security4all"
 
| @jfte
 
|-
 
| #4
 
| Xavier "@xme"
 
| @vanhoefm
 
|-
 
| #5
 
|Charlie Brown
 
|Etienne Stalmans
 
|-
 
| #6
 
| Dieter Van Den Bosch
 
|Joshua Wöhle
 
|-
 
| #7
 
|Egeltje
 
|Luc
 
|-
 
| #8
 
|@steevebarbeau
 
|Steven O.
 
|-
 
| #9
 
|jps
 
|Zurgutt
 
|-
 
| #10
 
|padzer0
 
|mrtn
 
|-
 
| #11
 
|
 
|geert bex
 
|-
 
| #12
 
|Tino Brants
 
|Bennett Tomlinson - @pbtomlinson
 
|-
 
| #13
 
|Vincent Spriet
 
|Frederik Geerts
 
|-
 
| #14
 
|Didier Stevens
 
|Matt Erasmus
 
|-
 
| #15
 
|Kurt Beheydt
 
|Pavel Demin
 
|-
 
| #16
 
|Juliana Nicolau
 
|php
 
|-
 
| #17
 
|David Rook @securityninja
 
|
 
|-
 
| #18
 
|Christophe Schleypen
 
|
 
|-
 
| #19
 
|Stephen Mills
 
|
 
|-
 
| #20
 
|
 
|
 
|-
 
| #21
 
|
 
|
 
|-
 
| #22
 
|
 
|
 
|-
 
| #23
 
|
 
|
 
|-
 
| #24
 
|
 
|
 
|-
 
| #25
 
|
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Agnitio: the security code review Swiss army knife==
 
by '''David Rook aka Securityninja'''
 
 
What you need:  Users needs to bring a laptop configured as per the information in the link below.
 
 
The following things are required for the Agnitio hands on demos:
 
•A 32bit Windows Operating System (XP or 7 preferably – VM will be fine)
 
•.NET framework 3.5 installed
 
•Agnitio v2.0 installed
 
•Download the Pandemobium Android and iOS source code
 
•Download the selected vulnerable open source application
 
 
http://www.securityninja.co.uk/application-security/brucon-agnitio-workshop/
 
 
There is no maximum audience amount.
 
 
{| border='1px'
 
!  !!  '''Monday'''
 
|-
 
| #1
 
| Ryan Dewhurst
 
|-
 
| #2
 
| Mike - ydoow
 
|-
 
| #3
 
|Dieter (@dietervds)
 
|-
 
| #4
 
|@steevebarbeau
 
|-
 
| #5
 
|padzer0
 
|-
 
| #6
 
|azerton
 
|-
 
| #7
 
|Kurt Beheydt
 
|-
 
| #8
 
|@cketti
 
|-
 
| #9
 
|Charlie Brown
 
|-
 
| #10
 
|
 
|-
 
| #11
 
|
 
|-
 
| #12
 
|
 
|-
 
| #13
 
|
 
|-
 
| #14
 
|
 
|-
 
| #15
 
|
 
|-
 
| #16
 
|
 
|-
 
| #17
 
|
 
|-
 
| #18
 
|
 
|-
 
| #19
 
|
 
|-
 
| #20
 
|
 
|-
 
| #21
 
|
 
|-
 
| #22
 
|
 
|-
 
| #23
 
|
 
|-
 
| #24
 
|
 
|-
 
| #25
 
|
 
|-
 
| #26
 
|
 
|-
 
| #27
 
|
 
|-
 
| #28
 
|
 
|-
 
| #29
 
|
 
|-
 
| #30
 
|
 
|-
 
| ###
 
| '''COMPLETE'''<br>No more people, thanks!
 
|-
 
|}
 
 
==Podcasters meetup==
 
'''This is a walk-in event'''
 
 
==Infosec Mentors==
 
'''This is a walk-in event'''
 

Latest revision as of 17:48, 26 December 2011