From BruCON 2015
Jump to: navigation, search
m (Reverted edits by Seba (talk) to last revision by Cherssen)
Line 6: Line 6:
 
|}
 
|}
  
=General Information=
 
  
* '''Registrations start at 8h30!'''
+
=Line-Up=
* Registration for workshops will be possible '''at the venue, please be there in time!!'''
 
** we have a varied audience. Some of you are on twitter, some read the blog, some do neither. As each workshop has limited seats available, we want to give everybody the same chance to register for the workshop of their choice.
 
* Workshops run for 2 consecutive speaking slots (ca. 2 hours)
 
* Workshop rooms in the location '''Novotel Ghent (Orval, Chimay, La Trappe)''' are 10 minutes walking from the main venue
 
* This schedule is subject to change, check back regularly.
 
 
 
=Current list of speakers=
 
  
 
'''Keynotes'''
 
'''Keynotes'''
* Amelia Andersdotter - Member of the European Parliament on behalf of Piratpartiet
+
* Adam Shostack, Veteran startup CTO and author focused on bringing security and privacy to customers. Currently doing so at Microsoft.
* David Mortman - Back in Black
+
* Jennifer Minella, VP of Engineering & consulting CISO at Carolina Advanced Digital,  Mindfulness Evangelist
* Dan Guido - CEO of Trail of Bits
+
  
 
'''Talks'''
 
'''Talks'''
* Alex Hutton, David Mortman, Kris Buytaert, Patrick Debois - A panel on DevOPS and Security
+
* Hendrik Adrian - Let's help law enforcement more to drag malware actors into the law
* Aloria - .NET: The Framework, the Myth, the Legend
+
* Joe Grand - Using Superpowers for PCB Reverse Engineering
* David Perez, Jose Pico - Geolocation of GSM mobile devices, even if they do not want to be found.
+
* Daan Raman - A distributed approach to mobile malware scanning
* Erin Jacobs, Zack Fasel - Taking the BDSM out of PCI-DSS through open-source solutions
+
* Zoz - Hacking Driverless Vehicles
* Jake Valletta - CobraDroid
+
* Snare Snare - Thunderbolts and Lightning / Very, Very Frightening
* Robert Graham - Data-plane networking
+
* Krzysztof Kotowicz - Biting into the forbidden fruit. Lessons from trusting JavaScript crypto
* Russ Gideon - Paint by Numbers vs. Monet
+
* Ryan Kazanciyan and Matt Hastings - Investigating PowerShell Attacks
* Stephan Chenette - Building Custom Android Malware for Penetration Testing
+
* Matthew Halchyshak and Joseph Tartaro - Cyber Necromancy: Resurrecting the Dead (Game Servers)
* Tiago Balgan Henriques, Tiago Martins, João Gouveia - Realtime analysis and visualization of internet status : from malware to compromised machines.
+
* Aaron Lemasters - Windows Crash Dump Exploration
* Vaagn Toukharian - HTTP Time Bandit
+
* Arne Swinnen and Alaeddine Mesbahi - One packer to rule them all: Empirical identification, comparison and circumvention of current Antivirus detection techniques
 +
* Zoz and Joe Grand - The Projects Of Prototype This
 +
* Adam Schoeman - Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber
 +
* Markus Vervier - Stealing a Mobile Identity Using Wormholes
 +
* Noel Dunne and Paco Hope - Security Makes Strange Bedfellows: Using Legal and Procurement To Secure Software
  
 
'''Workshops'''
 
'''Workshops'''
* Carlos G. Prado - Automating RE with Python
+
* Philip Polstra - Autonomous Remote Hacking Drones
* Christopher Lytle - Crypto by example - A hands-on cryptography workshop
+
* Hal Pomeranz - Linux Forensics Workshop
* Didier Stevens - Advanced Excel Hacking
+
* Solomon Sonya - Splinter the RAT Attack: Create Your Own Botnet to Exploit the Network - UPDATED
* Ioannis Koniaris - Analyzing Internet Attacks with Honeypots
+
* Michael Sikorski - Counterfeiting the Pipes with FakeNet 2.0
* Matt Erasmus, Eireann Leverett - Foundational Packetry: Using the internet on God mode
+
* Chris Lytle and Leigh Lytle - Old School Crypto
* Sandro Melo - Kudo : Post Mortem Forensic Analysis with FLOSS tools 2.0
+
* Willi Ballenthin - “EID 1102 - The audit log was cleared” won’t stop me: Advanced Windows Event Log Forensics
* The Cuckoo Team - Cuckoo
+
* Wim Remes and Daniela Zapata - The dirty secrets of client-side exploitation and protection
* Willi Ballenthin/Michael Sikorski - Winter Cluster: Building a malware 'agglomerator'
+
* Jake Valletta - Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android
* DJ Jackalope, Keith Myers, Count Ninjula - DJ Workshop
+
* Vivek Ramachandran - Javascript for Pentesters with over 20 Challenges
 
+
* Machtelt Garrels  - Beer brewing workshop
 
+
* DJ Jackalope - DJ workshop
<!--
 
{| border="1px solid" style="text-align:center;"
 
|- bgcolor="#CCCCCC"
 
!|Time
 
!|Lounge
 
!|Westvleteren (main track)
 
!|Westmalle (workshops)
 
!|Orval (@Pand!)
 
!|Chimay (@Pand!)
 
!|La Trappe
 
|- bgcolor="#CCCCCC"
 
!|8:30
 
|Registration
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|9:00
 
|Breakfast
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|9:50
 
|
 
|Welcome (Seba & Wim)
 
|rowspan="2" | Streaming from Westvleteren
 
|
 
|
 
|The Hex Factor (continuously)
 
|-
 
!|10:00
 
|
 
|Keynote (Katie Moussouris)
 
|
 
|
 
|
 
|-
 
!|11:00
 
|
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Meredith_L._Patterson_and_Sergey_Bratus_-_LangSec Meredith L. Patterson and Sergey Bratus]
 
| rowspan="2" | Windows x64: The Essentials ([http://2012.brucon.org/index.php/Talks_and_workshops#Didier_Stevens_-_Windows_x64:_The_Essentials_.282h.29 Didier Stevens])
 
|
 
|
 
|
 
|-
 
!|12:00
 
|
 
|The Defense RESTs: Automation and APIs for Improving Security ([http://2012.brucon.org/index.php/Talks_and_workshops#David_Mortman_-_The_Defense_RESTs:_Automation_and_APIs_for_Improving_Security David Mortman])
 
|
 
|
 
|
 
|- bgcolor="#CCCCCC"
 
!|13:00
 
|Lunch
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|14:00
 
|
 
|Satellite Hacking ([http://2012.brucon.org/index.php/Talks_and_workshops#Paul_Marsh_-_Satellite_Hacking Paul Marsh])
 
| rowspan="2" |Clearing the Red Forest ([http://2012.brucon.org/index.php/Talks_and_workshops#Michael_Sikorski_.26_William_Ballenthin_-_Clearing_the_Red_Forest_.284h.29 Michael Sikorski & Willi Ballenthin])
 
| rowspan="2" |Introducing OWTF ([http://2012.brucon.org/index.php/Talks_and_workshops#Abraham_Aranguren_-_Introducing_OWTF_.284hr.29 Abraham Aranguren])
 
| rowspan="2" |Hacking with Python ([http://2012.brucon.org/index.php/Talks_and_workshops#Vivek_Ramachandran_-_Hacking_with_Python_.282hr.29 Vivek Ramachandran])
 
| rowspan="2" |Build your own arduino clone for controlling servo motors ([http://2012.brucon.org/index.php/Talks_and_workshops#fbz_-_Hardware_Hacking fbz])
 
|-
 
!|15:00
 
|
 
|Security of National eID (smartcard-based) Web Applications ([http://2012.brucon.org/index.php/Talks_and_workshops#Raul_Siles_-_Security_of_National_eID_.28smartcard-based.29_Web_Applications Raul Siles])
 
|- bgcolor="#CCCCCC"
 
!|16:00
 
|Coffee break
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|16:30
 
| rowspan="2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Beer_Hacking_workshop Beer Workshop]
 
| Moar Anti-Forensics for the Louise ([http://2012.brucon.org/index.php/Talks_and_workshops#int0x80_.28of_Dual_Core.29_-_Moar_Anti-Forensics_for_the_Louise int0x80])
 
| rowspan="2" |Clearing the Red Forest ([http://2012.brucon.org/index.php/Talks_and_workshops#Michael_Sikorski_.26_William_Ballenthin_-_Clearing_the_Red_Forest_.284h.29 Michael Sikorski & Willi Ballenthin])
 
| rowspan="2" |Introducing OWTF ([http://2012.brucon.org/index.php/Talks_and_workshops#Abraham_Aranguren_-_Introducing_OWTF_.284hr.29 Abraham Aranguren])
 
| rowspan = "2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Walter_Belgers_.28TOOOL.29_-_Lockpicking TOOOL (lockpicking)]
 
| rowspan = "2" |
 
|-
 
!|17:30
 
|pMap, the silent killer ([http://2012.brucon.org/index.php/Talks_and_workshops#Gregory_Pickett_-_pMap.2C_the_silent_killer Gregory Pickett])
 
|- bgcolor="#CCCCCC"
 
!|18:30
 
|Dinner
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|19:30
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Joernchen.2C_Astera_.26_Mumpi_-_DJ_Workshop_.282h.29 DJ Workshop]
 
|"Cyberwar" : Not What We Were Expecting ([http://2012.brucon.org/index.php/Talks_and_workshops#Josh_Corman_and_Jericho_-_.22Cyberwar.22_:_Not_What_We_Were_Expecting Josh Corman & Jericho])
 
|Streaming from Westvleteren
 
|
 
|
 
|
 
|-
 
!|20:30
 
|[http://2012.brucon.org/index.php/Talks_and_workshops#Joernchen.2C_Astera_.26_Mumpi_-_DJ_Workshop_.282h.29 DJ Workshop]
 
|Recent Advances in IPv6 Security ([http://2012.brucon.org/index.php/Talks_and_workshops#Fernando_Gont_-_Recent_Advances_in_IPv6_Security Fernando Gont])
 
|Streaming from Westvleteren
 
|
 
|
 
|
 
|-
 
!|21:30
 
|Close
 
|
 
|
 
|
 
|
 
|
 
|-
 
!|22:00
 
|Doors closed
 
|
 
|
 
|
 
|
 
|
 
|-
 
|}
 
 
 
==Day 2 : Friday September 27th==
 
{| border="1px solid" style="text-align:center;"
 
|- bgcolor="#CCCCCC"
 
!|Time
 
!|Lounge
 
!|Westvleteren (main track)
 
!|Westmalle (workshops)
 
!|Orval (@Pand)
 
!|La Trappe
 
|- bgcolor="#CCCCCC"
 
!|9:00
 
|Breakfast
 
|
 
|
 
|
 
|
 
|-
 
!|10:00
 
|
 
|We have you by the gadgets ([http://2012.brucon.org/index.php/Talks_and_workshops#Mickey_Shkatov_-_we_have_you_by_the_gadgets Mickey Shkatov])
 
|Streaming from Westvleteren
 
|
 
|
 
|-
 
!|11:00
 
|
 
|Introducing the Smartphone Penetration Testing Framework ([http://2012.brucon.org/index.php/Talks_and_workshops#Georgia_Weidman_-_Introducing_the_Smartphone_Penetration_Testing_Framework Georgia Weidman])
 
| rowspan="2" |Windows x64: The Essentials ([http://2012.brucon.org/index.php/Talks_and_workshops#Didier_Stevens_-_Windows_x64:_The_Essentials_.282h.29 Didier Stevens])
 
| rowspan="2" | [http://2012.brucon.org/index.php/Talks_and_workshops#Walter_Belgers_.28TOOOL.29_-_Lockpicking TOOOL (lockpicking)]
 
| rowspan="2" | The Hex Factor (continuously)
 
|-
 
!|12:00
 
|
 
|
 
|- bgcolor="#CCCCCC"
 
!|13:00
 
|Lunch
 
|
 
|
 
|
 
|
 
|-
 
!|14:00
 
|
 
|HTML5 - A Whole New Attack Vector ([http://2012.brucon.org/index.php/Talks_and_workshops#Robert_McArdle_-_HTML5_-_A_Whole_New_Attack_Vector Robert McArdle])
 
|[http://2012.brucon.org/index.php/Lightning_Talks Lightning talks]
 
| rowspan="2" |Hacking with Python ([http://2012.brucon.org/index.php/Talks_and_workshops#Vivek_Ramachandran_-_Hacking_with_Python_.282hr.29 Vivek Ramachandran])
 
| rowspan="2" |Build a quadrifilar helix antenna and use rtl-sdr to listen to NOAA weather satellites ([http://2012.brucon.org/index.php/Talks_and_workshops#fbz_-_Hardware_Hacking fbz])
 
|-
 
!|15:00
 
|
 
|A Million Mousetraps: Using Big Data and Little Loops to Build Better Defenses ([http://2012.brucon.org/index.php/Talks_and_workshops#Allison_Miller_-_A_Million_Mousetraps:_Using_Big_Data_and_Little_Loops_to_Build_Better_Defenses Allison Miller])
 
|Hiring! Looking for volunteer Cyber FireFighters and Innovative Cyber Security Measures ([http://2012.brucon.org/index.php/Talks_and_workshops#LSEC_-_Hiring.21_Looking_for_volunteer_Cyber_FireFighters_and_Innovative_Cyber_Security_Measures LSEC])
 
|- bgcolor="#CCCCCC"
 
!|16:00
 
|Coffee break
 
|
 
|
 
|
 
|
 
|-
 
!|16:30
 
|
 
|Uncovering SAP vulnerabilities: dissecting and breaking the Diag protocol ([http://2012.brucon.org/index.php/Talks_and_workshops#Martin_Gallo_-_Uncovering_SAP_vulnerabilities:_dissecting_and_breaking_the_Diag_protocol Martin Gallo])
 
| rowspan="2" |Advanced Chrome Extension Exploitation ([http://2012.brucon.org/index.php/Talks_and_workshops#Kyle_.27Kos.27_Osborn_.26_Krzysztof_Kotowicz_-_Advanced_Chrome_Extension_Exploitation_.282h.29 Kyle Osborn & K. Kotowicz])
 
| rowspan="2" |The PANIC Project ([http://2012.brucon.org/index.php/Talks_and_workshops#Biosshadow.2C_Matt_Erasmus.2C_Benson_-_The_PANIC_Project Biosshadow, Matt Erasmus & Benson])
 
|
 
|-
 
!|17:30
 
|
 
|Keynote ([http://2012.brucon.org/index.php/Talks_and_workshops#.28Keynote.29_Ed_Skoudis_-_Letting_Loose_the_Dogs_of_.28cyber.29_War Ed Skoudis])
 
|
 
|- bgcolor="#CCCCCC"
 
!|18:30
 
|Dinner
 
|
 
|
 
|
 
|
 
|-
 
!|19:30
 
|
 
|New flaws in WPA-TKIP ([http://2012.brucon.org/index.php/Talks_and_workshops#Mathy_Vanhoef_-_New_flaws_in_WPA-TKIP Mathy Vanhoef])
 
| rowspan="2" | Streaming from Westvleteren
 
|
 
|
 
|-
 
!|20:30
 
|
 
|How I met your pointer (Hijacking client software for fuzz and profit) ([http://2012.brucon.org/index.php/Talks_and_workshops#Carlos_Garcia_-_How_I_met_your_pointer_.28Hijacking_client_software_for_fuzz_and_profit.29 Carlos Garcia Prado])
 
|
 
|
 
|-
 
!|21:30
 
|Close
 
|
 
|
 
|
 
|
 
|-
 
!|22:00
 
|Doors closed
 
|
 
|
 
|
 
|
 
|-
 
|}
 
  
-->
+
'''Sounds'''
 +
* Ocean Lam (Hong Kong)
 +
* DJ Jackalope (Las Vegas)
 +
* keroSerene (Serene Han, pianist)

Revision as of 10:39, 8 May 2014


The completed schedule is available on http://sched.brucon.org/grid-full


Line-Up

Keynotes

  • Adam Shostack, Veteran startup CTO and author focused on bringing security and privacy to customers. Currently doing so at Microsoft.
  • Jennifer Minella, VP of Engineering & consulting CISO at Carolina Advanced Digital, Mindfulness Evangelist


Talks

  • Hendrik Adrian - Let's help law enforcement more to drag malware actors into the law
  • Joe Grand - Using Superpowers for PCB Reverse Engineering
  • Daan Raman - A distributed approach to mobile malware scanning
  • Zoz - Hacking Driverless Vehicles
  • Snare Snare - Thunderbolts and Lightning / Very, Very Frightening
  • Krzysztof Kotowicz - Biting into the forbidden fruit. Lessons from trusting JavaScript crypto
  • Ryan Kazanciyan and Matt Hastings - Investigating PowerShell Attacks
  • Matthew Halchyshak and Joseph Tartaro - Cyber Necromancy: Resurrecting the Dead (Game Servers)
  • Aaron Lemasters - Windows Crash Dump Exploration
  • Arne Swinnen and Alaeddine Mesbahi - One packer to rule them all: Empirical identification, comparison and circumvention of current Antivirus detection techniques
  • Zoz and Joe Grand - The Projects Of Prototype This
  • Adam Schoeman - Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber
  • Markus Vervier - Stealing a Mobile Identity Using Wormholes
  • Noel Dunne and Paco Hope - Security Makes Strange Bedfellows: Using Legal and Procurement To Secure Software

Workshops

  • Philip Polstra - Autonomous Remote Hacking Drones
  • Hal Pomeranz - Linux Forensics Workshop
  • Solomon Sonya - Splinter the RAT Attack: Create Your Own Botnet to Exploit the Network - UPDATED
  • Michael Sikorski - Counterfeiting the Pipes with FakeNet 2.0
  • Chris Lytle and Leigh Lytle - Old School Crypto
  • Willi Ballenthin - “EID 1102 - The audit log was cleared” won’t stop me: Advanced Windows Event Log Forensics
  • Wim Remes and Daniela Zapata - The dirty secrets of client-side exploitation and protection
  • Jake Valletta - Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android
  • Vivek Ramachandran - Javascript for Pentesters with over 20 Challenges
  • Machtelt Garrels - Beer brewing workshop
  • DJ Jackalope - DJ workshop

Sounds

  • Ocean Lam (Hong Kong)
  • DJ Jackalope (Las Vegas)
  • keroSerene (Serene Han, pianist)