From BruCON 2015
Jump to: navigation, search
(General Information)
(BruCON 0x07 Line-Up)
 
(74 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 
 
{| border="1" width="100%" style="text-align:center;"
 
{| border="1" width="100%" style="text-align:center;"
 
| The completed schedule is available on '''http://sched.brucon.org/grid-full'''
 
| The completed schedule is available on '''http://sched.brucon.org/grid-full'''
Line 9: Line 8:
  
 
* '''Registrations start at 8h30!'''
 
* '''Registrations start at 8h30!'''
* Workshop seats are limited to max 30 persons in rooms Orval, Chimay & La Trappe '''Seats will be on a first come first serve basis, please be there in time!!'''
+
* Typically workshops run for 2 consecutive speaking slots (ca. 2 hours), but some of them are even longer
* Workshops run for 2 consecutive speaking slots (ca. 2 hours)
 
 
* Workshop rooms in the location '''Novotel Ghent (Orval, Chimay, La Trappe)''' are 5 minutes walking from the main venue
 
* Workshop rooms in the location '''Novotel Ghent (Orval, Chimay, La Trappe)''' are 5 minutes walking from the main venue
 +
* Workshop seats are limited. '''Reserved seats get in until 5 min before the workshop. After that it is first come, first in.'''
 +
* Read our important instructions on [[how to use SCHED.org]]!
 
* This schedule is subject to change, check back regularly.
 
* This schedule is subject to change, check back regularly.
  
=Current list of speakers=
+
=BruCON 0x07 Line-Up=
  
 
'''Keynotes'''
 
'''Keynotes'''
* Amelia Andersdotter - Member of the European Parliament on behalf of Piratpartiet
+
* Dave Kennedy, Co-founder of TrustedSec and Binary Defense Systems. Co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery
* David Mortman - Back in Black
+
* Shyama Rose is an accomplished Information Security visionary strategist with a 15-year track record for assessing risks and building ground-up security initiatives for Fortune 100 companies.
* Dan Guido - CEO of Trail of Bits
+
 
  
 
'''Talks'''
 
'''Talks'''
* Alex Hutton, David Mortman, Kris Buytaert, Patrick Debois - A panel on DevOPS and Security
+
* Willi Ballenthin and Jon Tomczak - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
* Aloria - .NET: The Framework, the Myth, the Legend
+
* Alexandre Dulaunoy and Pieter-Jan Moreels - cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
* David Perez, Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found.
+
* L. Grecs - Creating REAL Threat Intelligence ... with Evernote
* Erin Jacobs, Zack Fasel - Taking the BDSM out of PCI-DSS through open-source solutions
+
* Alejandro Hernandez - Brain Waves Surfing - (In)Security in EEG (Electroencephalography) Technologies
* Jake Valletta - CobraDroid
+
* Mark Hillick - Levelling Up Security @ Riot Games
* Robert Graham - Data-plane networking
+
* Ryan Kazanciyan and Matt Hastings - Desired state: compromise
* Russ Gideon - Paint by Numbers vs. Monet
+
* Dhia Mahjoub and Thomas Mathew - Unified DNS View to Track Threats
* Stephan Chenette - Building Custom Android Malware for Penetration Testing
+
* David Mortman - SSO: It's the SAML SAML Situation (With Apologies to Mötley Crüe)
* Tiago Balgan Henriques, Tiago Martins, João Gouveia - Realtime analysis and visualization of internet status : from malware to compromised machines.
+
* Rushikesh Nandedkar and Amrita Iyer - The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */
* Vaagn Toukharian - HTTP Time Bandit
+
* Chris Nickerson - Nightmares of a Pentester
 +
* Kuba Sendor - OSXCollector: Automated forensic evidence collection & analysis for OS X
 +
* Richard Thieme - Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live
 +
* Mathy Vanhoef - Advanced WiFi Attacks using Commodity Hardware
 +
 
 +
 
 +
'''5by5'''
 +
 
 +
This edition, there will not be a 5by5, but we will revive the project next edition
 +
 
  
 
'''Workshops'''
 
'''Workshops'''
* Carlos G. Prado - Automating RE with Python
+
* Pieter Danhieux and Erik Van Buggenhout - Hands-on Incident Response Workshop
* Christopher Lytle - Crypto by example - A hands-on cryptography workshop
+
* Sergei Frankoff and Sean Wilson - Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
* Didier Stevens - Advanced Excel Hacking
+
* Prateek Gianchandani - iOS application pentesting
* Ioannis Koniaris - Analyzing Internet Attacks with Honeypots
+
* Chris Lytle - Hands-On Old School Cryptography
* Matt Erasmus, Eireann Leverett - Foundational Packetry: Using the internet on God mode
+
* Chris Lytle and Matt Jakubowski - BrewCon
* Sandro Melo - Kudo : Post Mortem Forensic Analysis with FLOSS tools 2.0
+
* Nathan Magniez - Wireless Assessment Bootcamp 101
* The Cuckoo Team - Cuckoo
+
* Vito Rallo - Kernel Tales: Security Testing of aarch64 Android Kernels
* Willi Ballenthin/Michael Sikorski - Winter Cluster: Building a malware 'agglomerator'
+
* Arnaud Soullie - Pentesting ICS 101 (@ICS Village)
* DJ Jackalope, Keith Myers, Count Ninjula - DJ Workshop
+
* Didier Stevens - A Hands On Introduction To Software Defined Radio
 +
* Javier Marcos and Ted Reed - Intrusion detection on Linux and OS X with osquery (https://osquery.io)
 +
* Ocean Lam, Count Ninjula and Keith Myers - DJ workshop
  
  
<!--
+
'''Villages'''
{| border="1px solid" style="text-align:center;"
+
* ICS Village
|- bgcolor="#CCCCCC"
+
* Hak4kidz - Hacking conference for children (Sunday 4-Oct)
!|Time
 
!|Lounge
 
!|Westvleteren (main track)
 
!|Westmalle (workshops)
 
!|Orval (@Pand!)
 
!|Chimay (@Pand!)
 
!|La Trappe
 
|- bgcolor="#CCCCCC"
 
!|8:30
 
|Registration
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|9:00
 
|Breakfast
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|9:50
 
|
 
|Welcome (Seba & Wim)
 
|rowspan="2" | Streaming from Westvleteren
 
|
 
|
 
|The Hex Factor (continuously)
 
|-
 
!|10:00
 
|
 
|Keynote (Katie Moussouris)
 
|
 
|
 
|
 
|-
 
!|11:00
 
|
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Meredith_L._Patterson_and_Sergey_Bratus_-_LangSec Meredith L. Patterson and Sergey Bratus]
 
| rowspan="2" | Windows x64: The Essentials ([http://2012.brucon.org/index.php/Talks_and_workshops#Didier_Stevens_-_Windows_x64:_The_Essentials_.282h.29 Didier Stevens])
 
|
 
|
 
|
 
|-
 
!|12:00
 
|
 
|The Defense RESTs: Automation and APIs for Improving Security ([http://2012.brucon.org/index.php/Talks_and_workshops#David_Mortman_-_The_Defense_RESTs:_Automation_and_APIs_for_Improving_Security David Mortman])
 
|
 
|
 
|
 
|- bgcolor="#CCCCCC"
 
!|13:00
 
|Lunch
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|14:00
 
|
 
|Satellite Hacking ([http://2012.brucon.org/index.php/Talks_and_workshops#Paul_Marsh_-_Satellite_Hacking Paul Marsh])
 
| rowspan="2" |Clearing the Red Forest ([http://2012.brucon.org/index.php/Talks_and_workshops#Michael_Sikorski_.26_William_Ballenthin_-_Clearing_the_Red_Forest_.284h.29 Michael Sikorski & Willi Ballenthin])
 
| rowspan="2" |Introducing OWTF ([http://2012.brucon.org/index.php/Talks_and_workshops#Abraham_Aranguren_-_Introducing_OWTF_.284hr.29 Abraham Aranguren])
 
| rowspan="2" |Hacking with Python ([http://2012.brucon.org/index.php/Talks_and_workshops#Vivek_Ramachandran_-_Hacking_with_Python_.282hr.29 Vivek Ramachandran])
 
| rowspan="2" |Build your own arduino clone for controlling servo motors ([http://2012.brucon.org/index.php/Talks_and_workshops#fbz_-_Hardware_Hacking fbz])
 
|-
 
!|15:00
 
|
 
|Security of National eID (smartcard-based) Web Applications ([http://2012.brucon.org/index.php/Talks_and_workshops#Raul_Siles_-_Security_of_National_eID_.28smartcard-based.29_Web_Applications Raul Siles])
 
|- bgcolor="#CCCCCC"
 
!|16:00
 
|Coffee break
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|16:30
 
| rowspan="2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Beer_Hacking_workshop Beer Workshop]
 
| Moar Anti-Forensics for the Louise ([http://2012.brucon.org/index.php/Talks_and_workshops#int0x80_.28of_Dual_Core.29_-_Moar_Anti-Forensics_for_the_Louise int0x80])
 
| rowspan="2" |Clearing the Red Forest ([http://2012.brucon.org/index.php/Talks_and_workshops#Michael_Sikorski_.26_William_Ballenthin_-_Clearing_the_Red_Forest_.284h.29 Michael Sikorski & Willi Ballenthin])
 
| rowspan="2" |Introducing OWTF ([http://2012.brucon.org/index.php/Talks_and_workshops#Abraham_Aranguren_-_Introducing_OWTF_.284hr.29 Abraham Aranguren])
 
| rowspan = "2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Walter_Belgers_.28TOOOL.29_-_Lockpicking TOOOL (lockpicking)]
 
| rowspan = "2" |
 
|-
 
!|17:30
 
|pMap, the silent killer ([http://2012.brucon.org/index.php/Talks_and_workshops#Gregory_Pickett_-_pMap.2C_the_silent_killer Gregory Pickett])
 
|- bgcolor="#CCCCCC"
 
!|18:30
 
|Dinner
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|19:30
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Joernchen.2C_Astera_.26_Mumpi_-_DJ_Workshop_.282h.29 DJ Workshop]
 
|"Cyberwar" : Not What We Were Expecting ([http://2012.brucon.org/index.php/Talks_and_workshops#Josh_Corman_and_Jericho_-_.22Cyberwar.22_:_Not_What_We_Were_Expecting Josh Corman & Jericho])
 
|Streaming from Westvleteren
 
|
 
|
 
|
 
|-
 
!|20:30
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Joernchen.2C_Astera_.26_Mumpi_-_DJ_Workshop_.282h.29 DJ Workshop]
 
|Recent Advances in IPv6 Security ([http://2012.brucon.org/index.php/Talks_and_workshops#Fernando_Gont_-_Recent_Advances_in_IPv6_Security Fernando Gont])
 
|Streaming from Westvleteren
 
|
 
|
 
|
 
|-
 
!|21:30
 
|Close
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|22:00
 
|Doors closed
 
|
 
|
 
|
 
|
 
|
 
|-
 
|}
 
  
==Day 2 : Friday September 27th==
 
{| border="1px solid" style="text-align:center;"
 
|- bgcolor="#CCCCCC"
 
!|Time
 
!|Lounge
 
!|Westvleteren (main track)
 
!|Westmalle (workshops)
 
!|Orval (@Pand)
 
!|La Trappe
 
|- bgcolor="#CCCCCC"
 
!|9:00
 
|Breakfast
 
|
 
|
 
|
 
|
 
|-
 
!|10:00
 
|
 
|We have you by the gadgets ([http://2012.brucon.org/index.php/Talks_and_workshops#Mickey_Shkatov_-_we_have_you_by_the_gadgets Mickey Shkatov])
 
|Streaming from Westvleteren
 
|
 
|
 
|-
 
!|11:00
 
|
 
|Introducing the Smartphone Penetration Testing Framework ([http://2012.brucon.org/index.php/Talks_and_workshops#Georgia_Weidman_-_Introducing_the_Smartphone_Penetration_Testing_Framework Georgia Weidman])
 
| rowspan="2" |Windows x64: The Essentials ([http://2012.brucon.org/index.php/Talks_and_workshops#Didier_Stevens_-_Windows_x64:_The_Essentials_.282h.29 Didier Stevens])
 
| rowspan="2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Walter_Belgers_.28TOOOL.29_-_Lockpicking TOOOL (lockpicking)]
 
| rowspan="2" | The Hex Factor (continuously)
 
|-
 
!|12:00
 
|
 
|
 
|- bgcolor="#CCCCCC"
 
!|13:00
 
|Lunch
 
|
 
|
 
|
 
|
 
|-
 
!|14:00
 
|
 
|HTML5 - A Whole New Attack Vector ([http://2012.brucon.org/index.php/Talks_and_workshops#Robert_McArdle_-_HTML5_-_A_Whole_New_Attack_Vector Robert McArdle])
 
|[http://2012.brucon.org/index.php/Lightning_Talks Lightning talks]
 
| rowspan="2" |Hacking with Python ([http://2012.brucon.org/index.php/Talks_and_workshops#Vivek_Ramachandran_-_Hacking_with_Python_.282hr.29 Vivek Ramachandran])
 
| rowspan="2" |Build a quadrifilar helix antenna and use rtl-sdr to listen to NOAA weather satellites ([http://2012.brucon.org/index.php/Talks_and_workshops#fbz_-_Hardware_Hacking fbz])
 
|-
 
!|15:00
 
|
 
|A Million Mousetraps: Using Big Data and Little Loops to Build Better Defenses ([http://2012.brucon.org/index.php/Talks_and_workshops#Allison_Miller_-_A_Million_Mousetraps:_Using_Big_Data_and_Little_Loops_to_Build_Better_Defenses Allison Miller])
 
|Hiring! Looking for volunteer Cyber FireFighters and Innovative Cyber Security Measures ([http://2012.brucon.org/index.php/Talks_and_workshops#LSEC_-_Hiring.21_Looking_for_volunteer_Cyber_FireFighters_and_Innovative_Cyber_Security_Measures LSEC])
 
|- bgcolor="#CCCCCC"
 
!|16:00
 
|Coffee break
 
|
 
|
 
|
 
|
 
|-
 
!|16:30
 
|
 
|Uncovering SAP vulnerabilities: dissecting and breaking the Diag protocol ([http://2012.brucon.org/index.php/Talks_and_workshops#Martin_Gallo_-_Uncovering_SAP_vulnerabilities:_dissecting_and_breaking_the_Diag_protocol Martin Gallo])
 
| rowspan="2" |Advanced Chrome Extension Exploitation ([http://2012.brucon.org/index.php/Talks_and_workshops#Kyle_.27Kos.27_Osborn_.26_Krzysztof_Kotowicz_-_Advanced_Chrome_Extension_Exploitation_.282h.29 Kyle Osborn & K. Kotowicz])
 
| rowspan="2" |The PANIC Project ([http://2012.brucon.org/index.php/Talks_and_workshops#Biosshadow.2C_Matt_Erasmus.2C_Benson_-_The_PANIC_Project Biosshadow, Matt Erasmus & Benson])
 
|
 
|-
 
!|17:30
 
|
 
|Keynote ([http://2012.brucon.org/index.php/Talks_and_workshops#.28Keynote.29_Ed_Skoudis_-_Letting_Loose_the_Dogs_of_.28cyber.29_War Ed Skoudis])
 
|
 
|- bgcolor="#CCCCCC"
 
!|18:30
 
|Dinner
 
|
 
|
 
|
 
|
 
|-
 
!|19:30
 
|
 
|New flaws in WPA-TKIP ([http://2012.brucon.org/index.php/Talks_and_workshops#Mathy_Vanhoef_-_New_flaws_in_WPA-TKIP Mathy Vanhoef])
 
| rowspan="2" | Streaming from Westvleteren
 
|
 
|
 
|-
 
!|20:30
 
|
 
|How I met your pointer (Hijacking client software for fuzz and profit) ([http://2012.brucon.org/index.php/Talks_and_workshops#Carlos_Garcia_-_How_I_met_your_pointer_.28Hijacking_client_software_for_fuzz_and_profit.29 Carlos Garcia Prado])
 
|
 
|
 
|-
 
!|21:30
 
|Close
 
|
 
|
 
|
 
|
 
|-
 
!|22:00
 
|Doors closed
 
|
 
|
 
|
 
|
 
|-
 
|}
 
  
-->
+
'''Sounds'''
 +
* Ocean Lam (Hong Kong)
 +
* Count Ninjula (Los Angeles)
 +
* Keith Myers (Los Angeles)
 +
* keroSerene (Serene Han, pianist)

Latest revision as of 07:38, 3 October 2015

The completed schedule is available on http://sched.brucon.org/grid-full

General Information

  • Registrations start at 8h30!
  • Typically workshops run for 2 consecutive speaking slots (ca. 2 hours), but some of them are even longer
  • Workshop rooms in the location Novotel Ghent (Orval, Chimay, La Trappe) are 5 minutes walking from the main venue
  • Workshop seats are limited. Reserved seats get in until 5 min before the workshop. After that it is first come, first in.
  • Read our important instructions on how to use SCHED.org!
  • This schedule is subject to change, check back regularly.

BruCON 0x07 Line-Up

Keynotes

  • Dave Kennedy, Co-founder of TrustedSec and Binary Defense Systems. Co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery
  • Shyama Rose is an accomplished Information Security visionary strategist with a 15-year track record for assessing risks and building ground-up security initiatives for Fortune 100 companies.


Talks

  • Willi Ballenthin and Jon Tomczak - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
  • Alexandre Dulaunoy and Pieter-Jan Moreels - cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
  • L. Grecs - Creating REAL Threat Intelligence ... with Evernote
  • Alejandro Hernandez - Brain Waves Surfing - (In)Security in EEG (Electroencephalography) Technologies
  • Mark Hillick - Levelling Up Security @ Riot Games
  • Ryan Kazanciyan and Matt Hastings - Desired state: compromise
  • Dhia Mahjoub and Thomas Mathew - Unified DNS View to Track Threats
  • David Mortman - SSO: It's the SAML SAML Situation (With Apologies to Mötley Crüe)
  • Rushikesh Nandedkar and Amrita Iyer - The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */
  • Chris Nickerson - Nightmares of a Pentester
  • Kuba Sendor - OSXCollector: Automated forensic evidence collection & analysis for OS X
  • Richard Thieme - Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live
  • Mathy Vanhoef - Advanced WiFi Attacks using Commodity Hardware


5by5

This edition, there will not be a 5by5, but we will revive the project next edition


Workshops

  • Pieter Danhieux and Erik Van Buggenhout - Hands-on Incident Response Workshop
  • Sergei Frankoff and Sean Wilson - Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
  • Prateek Gianchandani - iOS application pentesting
  • Chris Lytle - Hands-On Old School Cryptography
  • Chris Lytle and Matt Jakubowski - BrewCon
  • Nathan Magniez - Wireless Assessment Bootcamp 101
  • Vito Rallo - Kernel Tales: Security Testing of aarch64 Android Kernels
  • Arnaud Soullie - Pentesting ICS 101 (@ICS Village)
  • Didier Stevens - A Hands On Introduction To Software Defined Radio
  • Javier Marcos and Ted Reed - Intrusion detection on Linux and OS X with osquery (https://osquery.io)
  • Ocean Lam, Count Ninjula and Keith Myers - DJ workshop


Villages

  • ICS Village
  • Hak4kidz - Hacking conference for children (Sunday 4-Oct)


Sounds

  • Ocean Lam (Hong Kong)
  • Count Ninjula (Los Angeles)
  • Keith Myers (Los Angeles)
  • keroSerene (Serene Han, pianist)