Xavier (@xme) came up with the idea of doing retro talks. Essentially we let everybody select which talks of the last 9 editions they liked most and we re-invite the top 7 for a “retro-day” on Wednesday. The responses were awesome and we managed to select a great set of speakers for the first day of our 3-day BruCON edition (check out the schedule here).

Next we wanted to make sure the “BruCON founding fathers” were present. In 2009, five guys all working in the infosec business came together and started the first Belgium security conference for hackers. It was great to have them back and let them experience what the current crew has done in all these years with their creation. We talked about how it all started, why it moved from Brussels to Ghent and shared some memorable anecdotes (check out the full video here). Besides the retro-talks and having our founding fathers there, two more great ideas came out of our brainstorming sessions. Electronic badges and beer… yes we have always had beer at BruCON in the past (#HackingForBeer) but we never had our own.

After several tasting (I mean quality assurance) sessions, the one and only BruCON Beer “Z3R0D4Y” was born. This whiskey infused beer has 0x0A % of alcohol and was very well received by our visitors. We managed to sell out all of the gift packages which include a 75cl bottle and two unique BruCON glasses.

Since this wasn’t crazy (and stress) enough, we also wanted a electronic badge! We were warned by other conference organisers that this takes a lot of time and planning and yet, we cut it extremely close. Massive kudos to Jean-George (@NoNonyme) for designing the entire badge and writing all the code!

We had to engage volunteers (solder soldiers) to help us with attaching the batteries and screen to the badge. This lasted through the night, while our designer kept on working on the final firmware. The result is something we are extremely proud of. Each badge has a updated schedule (gets updated upon reboot), a map of the venue and most important locations and comes with a alcohol sensor. All badge designs are released on Github, this includes the badge designs and firmware.

On Wednesday, suddenly Matt (core crew member) decided he wanted to offer his epic beard for a fundraiser for CyberSKool (our Security conference for kids between 7 and 15, www.cyberskool.org) and we raised a massive 5000 EUR!

Next year, we will go back to two days but will stick with to our proven formula! A single-track conference and tracking track that is affordable, with many workshops, a village, social gatherings, great talks and beer. BruCON 0x0B will take place in the week of the 7th of October 2019. (7-9 October training, 10-11 October Conference)

Special thanks to our entire crew, volunteers, speakers and visitors!

Hope to see you next time!

Philippe Bogaerts, Koen Burms, Stephen Corbiaux, Matt Erasmus, Tom Gilis, Xavier Mertens, Jochen Raymaekers, Pieter Van Goethem, Larry Vandenaweele, Stephanie Vanroelen, Bertrand Varlet and Marijke Vinck

Our schedule is live! Check it out on: https://brucon0x0a.sched.com/

Workshop registrations will open on the 4th of September 2018. (2018-09-04) at 13:00 UTC+2 (Europe/Brussels time). Before this time, all workshops will appear “Full”. (so don’t panic)

Please note:

– The registrations are a first come first serve
– You will not be able to register to multiple workshops taking place at the same time!
– You will not be able to register before the opening date (2018-09-04)
— Any registration made before the opening date (2018-09-04), will be removed
– To register, follow this link: https://brucon0x0a.sched.com/
– You might see that all the workshops appear as full. This is normal, the registration will open on the 4th of September (2018-09-04)
– To preview how to register to the workshop, follow this link: https://www.brucon.org/2018/workshop-howto/

Looking forward to seeing you there!

BruCON

On the off chance you don’t know BruCON (where have you been?). This year we host a 3-day Security and Hacking Conference full of interesting presentations, workshops and security challenges for about 600 attendees. BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to build bridges between the various actors active in the computer security world including (but not limited to) hackers, security professionals, security communities, non-profit organisations, CERTs, students, law enforcement agencies, and many more.

The conference will be held in Ghent on 3, 4 and 5th of October 2018.

[Submission formats]

• A description of your 3 day CTF challenge with type of challenges included. (For example: IoT, Reverse Engineering, Crypto, etc.)

[CTF]

Please take into account the following guidelines :

• BruCON hosts predominantly offensive technical security talks, workshops and trainings covering all security topics. Please submit a CTF that is well rounded.
• If you have additional hardware that need to be taken into account, please specify including the additional costs.
• If you need to ship some material, also let us know.
• We are looking for a CTF that answers to all levels but optionally also includes an INSANE level of difficulty.
• We allow a maximum team of 3 people to come over for the CTF.
• The CTF runs during the three conference days
• People can join the CTF individually

If you submit, please include, at minimum, the following information :

• Description
• CTF content (type of challenges)
• Hosted before? If so, where and when

[SUBMISSION GUIDELINES]

Submissions will contain as much detail as possible and will be written in English.

You will submit your proposal by mail: ctf@brucon.org 

Your submission will contain at least the following details:

• Your name (CTF team name)
• Where do you live (country)
• How to reach you
• The title of your CTF,
• A description of the CTF with the type of challenges
• Whether you submitted and/or presented this proposal at other conferences, and which

Our speaker treatment hasn’t changed since the first year. You’re our guest and we will do anything to make your stay and experience as enjoyable as possible. This includes helping you with travel and accommodation and providing ample opportunities to sample the best of whatever Belgium has to offer. You know what we’re talking about so … submit now!

This Call for CTF closes on July 20th 2018 at midnight CET — Feedback will be sent before August 1th 2018.

A lot has changed in these 10 years.. it used to be called InfoSec, now it’s called “Cyber”. AI is replacing signature based detection and blockchain got introduced as a solution (for which problem? ALL of them!). SQL injection used to be a big problem and… well it still is. It became even more clear that our personal data has great value #GDPR

These retro talks, that you selected, will help us reflect, realise and some conclusions about the evolution in our sector and all of that whilst enjoying a great beer (or two)

For this, you decided last year which BruCON talks you wanted to see again and here they are:

Advanced WiFi Attacks using Commodity Hardware by Mathy Vanhoef
Hacking driverless vehicles by ZoZ
(Re)Investigating Powershell attacks by Matt Hastings and Ryan Kazanciyan
Levelling Up Security @ Riot Games by Mark Hillick
Nightmares of a Pentester by Chris Nickerson
Social engineering for penetration testers by Sharon Conheady
The 99c heart surgeon dilemma by Stefan Friedli

IWe are looking forward to welcome these speakers again at BruCON and to hear their original talks again, plus what they experienced changed in that field!

Keynotes

Our first keynotes will be presented by Haroon Meer.
The second one will be announced soon.

Talks

$SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase – Daniel Bohannon & Matthew Dunwoody
All Your Cloud Are Belong To Us – Hunting Compromise in Azure – Nate Warfield
Disrupting the Kill Chain – Vineet Bhatia
Dissecting Of Non-Malicious Artifacts: One IP At A Time – Dani Goland & Ido Naor
Exploits in Wetware – Robert Sell
Finding 0days in embedded systems with code coverage guided fuzzing – Lau Kai Jern & Quynh Nguyen Anh
Forging Trusts for Deception in Active Directory – Nikhil Mittal
Hunting Android Malware: A novel runtime technique for identifying malicious applications – Christopher Le Roy
IoT RCE, a Study With Disney – Lilith Wyatt
Mirror on the wall: using blue team techniques in red team ops – Marc Smeets & Mark Bergman
Outside the Box: Breakouts and Privilege Escalation in Container Environments – Craig Ingram & Etienne Stalmans
Process Control through Counterfeit Comms: using and abusing built-in functionality to own a PLC – Jared Rittle

Workshops

Developing Resilient Detections (with Obfuscation & Evasion in Mind) – Daniel Bohannon
Finding security vulnerabilities with modern fuzzing techniques – Rene Freingruber
Introduction to Bro Network Security Monitor – David Szili & Eva Szilagyi
Jedi tricks to convince your boss (Episode 2): Weapons training – Emmanuel Nicaise
Malware Triage: Analyzing Malscripts – Return of The Exploits! – Sean Wilson & Sergei Frankoff
Mimikatz workshop – Benjamin Delpi
Python Toolsmithing 101 – Didier Stevens
Simplifying the art of instrumentation – Krishnakant B. Patil & Rushikesh D. Nandedkar
The hunt is on: Engineering the NextGen Cyber Threat Detection System. Attackers, it’s not so easy to hide anymore! – Solomon Sonya
The story of greendale – Thomas Chopitea
A goldmine within an ocean of data – basics of network forensics – Andy Deweirt

Like these talks? Don’t forget to buy your tickets on our ticketpage!

To celebrate this we are releasing our new website at the same time! Have a look around!

3-Day conference

As you probably have noticed in our banner, this edition will have one additional day of conference! Our 0x0A edition will start on Wednesday the 3rd of October with a full day of “retro-talks”. Everybody was able to cast in their vote to select which speaker they would like to see return to BruCON (blog post).

10 Training courses

10 years = 10 training courses ! Like previous years we are bringing you a mix of various different courses for security people. Check out the training page for all the details. Students attending a 3-day training cannot attend the conference on Wednesday due to an overlap but can buy a conference ticket at a reduced price for the regular conference on Thursday and Friday. If you are worried about missing out on the retro talks, as always, we will be streaming, recording and publishing every talk presented at BruCON on the same day!

#HackingForBeer

What would BruCON be without beer? In the past editions, we have always brought you the best beer Belgium has to offer. In this edition, we will go one step further.. We will keep this one a surprise for a bit longer, but we can already mention that it will become a collectors item Obviously our standard formula is still in place, a single-track conference with workshops, a village, party, retro-gaming and much more and this all in a great atmosphere while enjoying a great Belgian beer (or more).

Ticket sale will start on Monday 11th of June at 10 AM (CET)

• Corelan Bootcamp by Peter Van Eeckhoutte (3-day training) – Once again we bring you Corelan ! One of the best exploit development courses available, now in our spring training track. Prepare yourself for 3 long days (+10 hours/day) of intensive exploit development ! Lunch and dinner are included and, as always enough coffee to keep you going!
• Active Directory attacks for Red and Blue Teams by Nikhil Mittal (3-day training) – This training is aimed towards attacking modern AD Environment using built-in tools like PowerShell and other trusted OS resources. The training is based on real world penetration tests and Red Team engagements for highly secured environments.
• Assessing and Exploiting Control Systems and IIoT by Justin Searle (3-day training) – This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $500 kit including your own PLC and a set of hardware/RF hacking tools?!?
• Open Source Defensive Security Training by Leszek Miś (3-day training) – Open Source Defensive Security Training is an Open Source IT Security laboratory dedicated for professionals who need close the gaps in Linux & Open Source Security knowledge.
• Wireshark and Lua programming by Didier Stevens (2-day training) – Our regular trainer Didier Stevens will host again this class to master to teach you to Wireshark and Lua programming !
• Xtreme MobileApp Exploitation by Anto Joseph (3-day training) – Xtreme MobileApp Exploitation training is a 3 days fast paced training in which attendees will get to work on real world vulnerable applications with no – source code and learn to finding high severity bugs .

The training location will be Novotel Ghent Centrum.

All training details and registration links can be found on the BruCON training pages (link)

your BruCON team.