Loading…
BruCON 0x07 has ended
This schedule is subject to change, check back regularly. 
Registrations start at 8h30! 
Workshop rooms in the location Novotel are 5 minutes walking from the main venue. 
IMPORTANT notice on the use of SCHED.org!
back to BruCON web site
TIP: to see as grid: click on the "Schedule button"  

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, October 8
 

8:30am CEST

Registration & Breakfast
Thursday October 8, 2015 8:30am - 10:00am CEST
00. Lounge University

9:45am CEST

BruCON Opening
Thursday October 8, 2015 9:45am - 10:00am CEST
01. Westvleteren University

10:00am CEST

Nightmares of a Pentester
Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the mistakes that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground.

Speakers
CN

Chris Nickerson

Chris Nickerson,CEO of LARES, is just another “Security guy” with a whole bunch of certs whose main area of expertise is focused on Real world Attack Modeling, Red Team Testing and InfoSec Testing. At Lares, Chris leads a team of security professional who conduct Risk Assessments... Read More →


Thursday October 8, 2015 10:00am - 11:00am CEST
01. Westvleteren University

10:00am CEST

ICS Village

Ever wondered what industrial control systems look from the inside?
Ever wanted to know how to get logic into a programmable logic controller?
Ever wanted to use your security tools against industrial devices without breaking into the power plant nearby?

 All of the above?!  Then welcome to the industrial control systems (ICS) village!

 For the first time in BruCON history, a small group of SCADA Ninjas has decided to bring an ICS village to BruCON. Unless you are already operating a secret nuclear enrichtment facility in your basement or an ACME factory production line, then this is your best chance to get a kick-start into the world of ICS. We are bringing a number of real-world industrial devices from different vendors for you to look, feel and mess around with. The ICS village contains PLCs and RTUs that are commonly used throughout different industrial sectors. You may try to assess ICS devices with common security scanners, sniff the industrial network traffic, try to play along the Stuxnet storybook or play Tetris ported to a PLC. After the success of the ICS village at DEFCON we would like to pursue our overall goal in bringing the topic of ICS security to a broader audience now also to BruCON attendees. So see you around at BruCON's first ICS village!


Thursday October 8, 2015 10:00am - 8:30pm CEST
02. Westmalle University

10:30am CEST

Welcome to the ICS Village
Speakers
avatar for Larry Vandenaweele

Larry Vandenaweele

Security Consultant
Larry works for a consulting firm in Belgium. He’s been active in the security industry for over five years. Until two years ago, he mainly performed penetration tests on IT environments, but has now made the shift toward OT environments. Before beginning his professional career... Read More →


Thursday October 8, 2015 10:30am - 11:00am CEST
02. Westmalle University

11:00am CEST

Advanced WiFi Attacks using Commodity Hardware

This talk explains how advanced low-layer attacks against WiFi can be implemented by modifying the firmware of off-the-shelf WiFi dongles. This allows us to use cheap 15$ WiFi dongles to carry out attacks which previously required expensive USRP setups of more than 3500$.

Several types of attacks are implemented and tested. First, we show how to give ourselves a higher throughput than normally allowed. While there are some systems that attempt to detect such selfish behavior, we show that these can easily be bypassed. We then continue by creating a continuous jammer. Such a jammer makes the channel completely unusable for all devices. Based on this we also show how to implement a selective jammer, allowing one to jam only packets of specific clients. This is achieved by decoding the MAC header of a packet while it is still being transmitted, and jamming the remaining content of this packet if it is send towards (or from) a client we are targeting. It’s surprising all this is possible using cheap hardware, in particular the selective jammer, since it must adhere to very strict timing constraints in order to timely jam the remaining content of the packet. We also turn our jamming attacks around and explain how they can be utilized to protected networks and devices. All combined this clearly shows jamming techniques can no longer be ignored.

Finally we demonstrate how our low-layer attacks facilitate attacks against higher-layer protocols. In particular we use our modified firmware to implement a channel-based man-in-the-middle attack. This allows reliable manipulation of encrypted traffic, and can be utilized to break WPA-TKIP when used to protect broadcast packets. Interestingly we found that, though TKIP is nowadays rarely used to protect unicast traffic, it is still widely used to protect broadcast traffic.

Speakers
MV

Mathy Vanhoef

Mathy Vanhoef is a doctoral researcher at KU Leuven specializing in wireless security. In this area he has uncovered several issues in both protocol designs, and implementations by vendors. He also has experience in information flow research, stream cipher analysis (RC4), and low... Read More →


Thursday October 8, 2015 11:00am - 12:00pm CEST
01. Westvleteren University

11:00am CEST

A Hands On Introduction To Software Defined Radio
Limited Capacity seats available

Software Defined Radio is a fascinating playfield for hackers. But the learning curve is steep, and the SDR devices are expensive.

This 2 hour hands on workshop introduces SDR via a gentle learning curve, and with cheap devices, so that everyone can participate.

Operating SDRs via the open source software GNU Radio offers a wealth of possibilities, but it is hard for beginners to start with GNU Radio. You need a good grasp of the radio concepts to find your way through the software. SDR is quite different from analogue radio, and for most attendees, even analogue radio is quite mysterious. As an electronics engineer and former CB radio operator, I have a good background in RF technology. With GNU Radio and GNU Radio Companion, I will guide the attendees through a set of exercises (specially designed for this workshop) intended to familiarize them with radio technology, SDR, GNU Radio and GNU Radio Companion.

Each attendee brings his own laptop. Didier brings 20 cheap SDR devices (USB digital TV receivers RTL2832U) and a couple of more performant devices, like the HackRF One, a WiSpy, a handheld digital spectrum analyzer, …


Attendees connect the RTL2832U to their laptop, we boot from a Live CD and we start doing simple exercises to understand SDR.

Because of the limited number of devices (20 devices), the workshop is limited to 20 attendees. But attendees can bring their own RTL2832U.

Speakers
DS

Didier Stevens

Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at... Read More →


Thursday October 8, 2015 11:00am - 1:00pm CEST
04. Orval Novotel

11:00am CEST

I am the Cavalry
Limited Capacity seats available

Escalating Privilege Through Better Communication

Learn why and how to communicate outside the echo chamber, as a dependency for your professional life and creating change in the world. Policymakers, executives, lawyers, journalists, and others can become allies and advocates...but only if you can first reach them in their own language and at their own level. Exercises cultivate empathy, understanding, and self-reflection to empower you to build teammates and make a difference.

  • Mapping the stakeholder landscape
  • Empathy, understanding, and building trust
  • Harmonizing language, tone, and level


Thursday October 8, 2015 11:00am - 1:00pm CEST
03. Chimay Novotel

11:00am CEST

Intrusion detection on Linux and OS X with osquery (https://osquery.io)
Limited Capacity seats available

Osquery is an instrumentation framework for OS X and Linux. It exposes low-level operating system information as virtual SQL “tables” and queries can be grouped in “packs”. In this workshop participants will learn on how Facebook uses osquery for incident response and intrusion detection by analyzing a compromised Linux VM.


Thursday October 8, 2015 11:00am - 1:00pm CEST
05. La Trappe Novotel

11:00am CEST

Pentesting ICS 101
Limited Capacity seats available

There is a lot of talking about ICS, SCADA and such nowadays, but only few people have the opportunity to get their hands dirty and understand how it works. The goal of this workshop is to give the knowledge required to start attacking Scada networks and PLCs, and give hands-on experience on real devices. In this workshop, you will learn the specifics of performing a penetration test on industrial control systems, and especially on Programmable Logic Controllers (PLCs). We will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will discover how they work, how they communicate with the SCADA systems, to learn the methods and tools you can use to p*wn them. Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train ! The setup will be completely different from the one I used at BlackHat, featuring more and newer PLCs, and real-life processes (train, robot arm).

Speakers
AS

Arnaud Soullié

Arnaud Soullié (@arnaudsoullie) is a senior security auditor working at Solucom, a French Management & IT consulting company. In five years, he performed 100+ penetration tests and security audits. His topics of interest include Industrial Control Systems and Windows Active Directory... Read More →


Thursday October 8, 2015 11:00am - 1:00pm CEST
02. Westmalle University

12:00pm CEST

OSXCollector: Automated forensic evidence collection & analysis for OS X

We use Macs a lot at Yelp, which means that we see our fair share of Mac-specific security alerts. Host based detectors will tell us about known malware infestations or weird new startup items. Network based detectors see potential C2 callouts or DNS requests to resolve suspicious domains. Sometimes our awesome employees just let us know, “I think I have like Stuxnet or conficker or something on my laptop.”

When alerts fire, our incident response team’s first goal is to “stop the bleeding” – to contain and then eradicate the threat. Next, we move to “root cause the alert” – figuring out exactly what happened and how we’ll prevent it in the future. One of our primary tools for root causing OS X alerts is OSXCollector.

OSXCollector (https://github.com/Yelp/OSXCollector) is an open source forensic evidence collection and analysis toolkit for OS X. It was developed in-house at Yelp to automate the digital forensics and incident response (DFIR) our crack team of responders had been doing manually.


Speakers
avatar for Kuba Sendor

Kuba Sendor

Engineering Manager, Yelp
Kuba Sendor (@jsendor) is working at Yelp security team where he automates malware incident response and together with his teammates makes sure that Yelp's infrastructure stays secure. Previously he worked at SAP in the Security and Trust research group where he participated in the... Read More →



Thursday October 8, 2015 12:00pm - 1:00pm CEST
01. Westvleteren University

1:00pm CEST

Lunch
Thursday October 8, 2015 1:00pm - 2:00pm CEST
00. Lounge University

1:00pm CEST

Lightning Talks
Thursday October 8, 2015 1:00pm - 2:00pm CEST
01. Westvleteren University

1:00pm CEST

DJ Workshop
Our conference DJs will teach the finer points of DJing, from the different histories and backgrounds of the different genres, techniques for using different types of hardware. They will share DJ adventure stories of what to do and what not to do, and will make you familiar with the science behind it all.  This casual hands-on workshop will leave your brain entranced and your eardrums buzzing, so bring a drink, your curiosity, and let's have some fun. 

Speakers
OL

Ocean Lam

Our conference DJs will teach the finer points of DJing, from the different histories and backgrounds of the different genres, techniques for using different types of hardware. They will share DJ adventure stories of what to do and what not to do, and will make you familiar with the... Read More →
KM

Keith Myers

During the last ten years Keith Myers has focused much of his blood, sweat, and beers into rocking the hardest, most bad ass, kick you in the balls house music you will ever hear. With roots stretched out in the San Francisco rave scene and cyber-trance culture, Keith progressed... Read More →
N

Ninjula

Ninjula is a DJ. Sometimes he likes to rock the party. By "sometimes" I mean all the time. Also, he makes music. A quick search in your favorite search engine will show you all kinds of things about Ninjula. Maybe you'd like to follow him on twitter, maybe you'd like to buy his songs... Read More →


Thursday October 8, 2015 1:00pm - 2:00pm CEST
00. Lounge University

2:00pm CEST

KEYNOTE
Speakers
SR

Shyama Rose

Shyama Rose is an accomplished Information Security visionary strategist with a 15-year track record for assessing risks and building ground-up security initiatives for Fortune 100 companies. She is known within the industry as a business security leader with a unique blend of technical... Read More →


Thursday October 8, 2015 2:00pm - 3:00pm CEST
01. Westvleteren University

2:00pm CEST

Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
Limited Capacity seats available

Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don't have an incident response program? What if you are just setting one up? What if you don't have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need.  

In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you are a strong developer and understand web technologies such as Javascript and Flash you should have no problem completing the workshop. 

Speakers
SF

Sergei Frankoff

Sergei Frankoff is a malware researcher and the Director of Threat Intelligence at Sentrant. His current focus is ad-fraud malware and the ecosystems that support modern ad-fraud. Prior to joining Ara Labs Sergei worked as an incident responder and a security analyst. Sergei is a... Read More →
SW

Sean Wilson

Sean is an incident responder and malware researcher currently focused on tracking botnet and other crimeware based malware. He is also an active contributor to open source security tools focused on incident response. Previously Sean has worked in a number of application security... Read More →


Thursday October 8, 2015 2:00pm - 4:00pm CEST
03. Chimay Novotel

2:00pm CEST

I am the Cavalry
Limited Capacity seats available

Escalating Privilege Through Better Communication

Learn why and how to communicate outside the echo chamber, as a dependency for your professional life and creating change in the world. Policymakers, executives, lawyers, journalists, and others can become allies and advocates...but only if you can first reach them in their own language and at their own level. Exercises cultivate empathy, understanding, and self-reflection to empower you to build teammates and make a difference.

  • Mapping the stakeholder landscape
  • Empathy, understanding, and building trust
  • Harmonizing language, tone, and level

Thursday October 8, 2015 2:00pm - 4:00pm CEST
02. Westmalle University

2:00pm CEST

Kernel Tales: Security Testing of aarch64 Android Kernels
Limited Capacity seats available

Kernel Tales explores a possible approach to security assessment of Android embedded systems, or mobile devices, with a specific focus on vulnerability research and fuzzing of aarch64 Kernels.

Inspired by a real assessment experience, we analyze two different approaches to fuzzing. During the workshop, we introduce and use one of the most popular and valid fuzzer, tune and customize our toolset and finally test directly on the ARM64 emulator and a real development board (ODROID).

Another important topic, briefly introduced, is kernel hacking; we load the kernel into Eclipse IDE and Understand to facilitate code reading and navigation. Then, we learn how cross compile for ARM and deploy the kernel to the emulator or by flashing it to the board.

Speakers
VR

Vito Rallo

Vito works as Senior Manager (Security Consulting) for PwC. He spent the last 8 years in the security field as a Senior Managing Consultant and Leader for IBM in the Cyber Security Assessment and Response global team with focus on: infrastructure, Web and Mobile Security Assessment... Read More →


Thursday October 8, 2015 2:00pm - 4:00pm CEST
06. Rochefort Novotel

2:00pm CEST

Old School Crypto (4h)
Limited Capacity seats available

Cryptography is awesome, but modern cryptography has a seriously high barrier to entry that prevents a lot of people from getting into its technical side. Fortunately, many important lessons, attacks, and concepts can be demonstrated using classic pre-digital ciphers. Over the course of this four-hour workshop attendees will:

 

  • Learn the technical basics of cryptography.
  • Implement classic ciphers by hand.
  • Learn about weaknesses in these ciphers and how to leverage these weaknesses to crack said ciphers.
  • Get examples (in Python) from my Open Source framework to automate standard cryptographic functions, including attacks and analysis.
  • Learn the history and stories surrounding my chosen ciphers.
  • Learn a methodology so that when given an unknown ciphertext, they will be able to diagnose the cipher used and implement an attack.

 

Ultimately we're aiming to have the workshop be 50% technical instruction, 40% hands-on work with guidance, and 10% historical narratives.

Speakers
CL

Chris Lytle

Chris is a Senior Security Consultant at Spider Labs. This one time, he hacked a computer. His likes include tacos, bad cryptography, weird hardware, and long walks on the beach.


Thursday October 8, 2015 2:00pm - 6:30pm CEST
04. Orval Novotel

2:00pm CEST

Wireless Assessment Bootcamp 101 (4h)
Limited Capacity seats available

Understand the basics on how to conduct 802.11 survey, collection, encryption cracking, and conduct a wireless penetration test.

The hands on and lecture portions expose students to survey, collection, and attack methods used to gain a foothold into a network during a penetration test.

Target audience:

Security beginners or sys admins that would like exposure to basic wireless assessment techniques

Recommended Equipment and Pre-Reqs

Alpha Wireless Cards (SOME may be available from instructor to lend out)

Laptop with Kali Linux virtual machine

Students should be familiar with manipulating networking interfaces from the command line as well as other command line functionality.

Speakers

Thursday October 8, 2015 2:00pm - 6:30pm CEST
05. La Trappe Novotel

3:00pm CEST

The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */

The concept of invisibility has always been there on the mind of human being. Be that for a good or evil, we hold it for some reason for sure. And so is the reason same thing we try incarnate in the world created by us, the world of technology, the world of binaries.

Having this said, to give our bit of contribution towards achieving invisibility on air (IEEE 802.11), we tried understand certain questions. And the answers resolved to the set of approaches we are sharing in this talk. They are as under:

1. Elt Euphoria ( some approach to smuggle data in legit frames ) and its other variant

2. Patch Peloton (the absolute invisibility)

Speakers
AI

Amrita Iyer

Amrita, A mind with a deep greed to dive deeper into technology. With a desire to learn how things work, she enjoys making things unwork in her day to day life, for more than seven years now and they call her test analyst for that.Being an integral disciple of telecommunication studies... Read More →
RN

Rushikesh Nandedkar

Rushikesh is a lifelong student of the art and science called information security. Having more than six years experience under his belt, his passion lies in spending hours and maybe days drilling a box to bring up shell (which seldom happens though). His core area of interest is... Read More →


Thursday October 8, 2015 3:00pm - 4:00pm CEST
01. Westvleteren University

4:00pm CEST

Coffee Break
Thursday October 8, 2015 4:00pm - 4:30pm CEST
00. Lounge University

4:30pm CEST

SSO: It’s the SAML SAML Situation (With Apologies to Mötley Crüe)
It's 2015 and single sign on systems have been around for over 15 years now. Despite the years of opportunity SSO is still really hard to do with any level of effectiveness. The advent of federation systems has, if anything, made things even harder. Sure there are standards like SAML which are supposed to help, but SAML options are like Tannenbaum's line about standards. There are so many to choose from. Basically no two SAML implementations ever work out of the box and often require significant engineering efforts to address. On the other hand, OAuth does better on that front, but it's not actually an SSO system and versions of 2.0 and 3.0 are actually less secure than the first version. I'll talk about the assorted ways that SSO works and doesn't work and how fundamental features like Single Log Out are generally not available. I'll close out with some thoughts on future direction on how we might be able to make things better.

Speakers
DM

David Mortman

David Mortman has been doing Information Security for over 20 years. He is currently Chief Security Architect and Distinguished Engineer at Dell Software, as well as a Contributing Analyst at Securosis. Most recently, he was the Director of Security and Operations at C3. Previously... Read More →


Thursday October 8, 2015 4:30pm - 5:30pm CEST
01. Westvleteren University

4:30pm CEST

A Hands On Introduction To Software Defined Radio
Limited Capacity seats available

Software Defined Radio is a fascinating playfield for hackers. But the learning curve is steep, and the SDR devices are expensive.

This 2 hour hands on workshop introduces SDR via a gentle learning curve, and with cheap devices, so that everyone can participate.

Operating SDRs via the open source software GNU Radio offers a wealth of possibilities, but it is hard for beginners to start with GNU Radio. You need a good grasp of the radio concepts to find your way through the software. SDR is quite different from analogue radio, and for most attendees, even analogue radio is quite mysterious. As an electronics engineer and former CB radio operator, I have a good background in RF technology. With GNU Radio and GNU Radio Companion, I will guide the attendees through a set of exercises (specially designed for this workshop) intended to familiarize them with radio technology, SDR, GNU Radio and GNU Radio Companion.

Each attendee brings his own laptop. Didier brings 20 cheap SDR devices (USB digital TV receivers RTL2832U) and a couple of more performant devices, like the HackRF One, a WiSpy, a handheld digital spectrum analyzer, …


Attendees connect the RTL2832U to their laptop, we boot from a Live CD and we start doing simple exercises to understand SDR.

Because of the limited number of devices (20 devices), the workshop is limited to 20 attendees. But attendees can bring their own RTL2832U.

Speakers
DS

Didier Stevens

Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at... Read More →


Thursday October 8, 2015 4:30pm - 6:30pm CEST
06. Rochefort Novotel

4:30pm CEST

iOS application pentesting
Limited Capacity seats available

This will be a hands on introduction to exploiting iOS applications. This workshop will be based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make people understand the different kinds of vulnerabilities in an iOS application. This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure iOS applications.

Speakers
PG

Prateek Gianchandani

Prateek is currently working as an Information Security Engineer at Emirates airlines in Dubai. He has interests in network security, mobile and web application security, mobile development, reverse engineering, vulnerability assessment, Mobile application penetration testing is one... Read More →


Thursday October 8, 2015 4:30pm - 6:30pm CEST
02. Westmalle University

4:30pm CEST

Kernel Tales: Security Testing of aarch64 Android Kernels
Limited Capacity seats available

Kernel Tales explores a possible approach to security assessment of Android embedded systems, or mobile devices, with a specific focus on vulnerability research and fuzzing of aarch64 Kernels.

Inspired by a real assessment experience, we analyze two different approaches to fuzzing. During the workshop, we introduce and use one of the most popular and valid fuzzer, tune and customize our toolset and finally test directly on the ARM64 emulator and a real development board (ODROID).

Another important topic, briefly introduced, is kernel hacking; we load the kernel into Eclipse IDE and Understand to facilitate code reading and navigation. Then, we learn how cross compile for ARM and deploy the kernel to the emulator or by flashing it to the board.

Speakers
VR

Vito Rallo

Vito works as Senior Manager (Security Consulting) for PwC. He spent the last 8 years in the security field as a Senior Managing Consultant and Leader for IBM in the Cyber Security Assessment and Response global team with focus on: infrastructure, Web and Mobile Security Assessment... Read More →


Thursday October 8, 2015 4:30pm - 6:30pm CEST
03. Chimay Novotel

5:30pm CEST

Levelling Up Security @ Riot Games

In his talk, Mark will be discussing his 2+ years at Riot Games. He will explain:

  • How the program was assessed
  • What gaps were identified
  • How the team has closed those gaps
  • What the team has learned (including successes as well as failures)
  • Where the Riot InfoSec team is headed

Warning: There will be no 0days in this talk :)

Speakers
MH

Mark Hillick

Mark is the Product Owner for Player Security at Riot Games and leads Riot’s InfoSec team in Europe. He’s currently focused on building a team, engineering cool solutions, levelling up the security program, finding the cloud, and dealing with DDoS attacks.Additionally, Mark is... Read More →


Thursday October 8, 2015 5:30pm - 6:30pm CEST
01. Westvleteren University

6:30pm CEST

Dinner
Thursday October 8, 2015 6:30pm - 7:30pm CEST
00. Lounge University

7:30pm CEST

Brain Waves Surfing - (In)Security in EEG (Electroencephalography) Technologies

“Electroencephalography (EEG) is a non-invasive method for the recording and the study of electrical activity of the brain taken from the scalp. The source of these brain signals is mostly the synapic activity between brain cells (neurons). EEG activity is represented by different waveforms per second (frequencies) that can be used to diagnose or monitor different health conditions such as epilepsy, sleeping disorders, seizures, Alzheimer disease, among other clinical uses. On the other hand, brain signals are used for many other research and entertainment purposes, such as neurofeedback, arts and neurogaming. Nowadays, this technology is being adopted more and more in different industries.


A brief introduction of BCIs (Brain-Computer Interfaces) and EEG will be given in order to understand the risks involved in our brain signals processing, storage and transmission.


Live demos include the sniffing of brain signals over TCP/IP, MITM attacks to change data on the fly, DoS attacks to shutdown EEG servers as well as flaws in well-known EEG applications when dealing with corrupted EDF (file format) samples. These demos are a first approach to demonstrate that many EEG technologies are prone to common network and application attacks.


Finally, best practices and regulatory compliance on digital EEG will be discussed.”

Speakers
AH

Alejandro Hernandez

“Consultant with passion for different topics in security such as penetration testing, OSINT and fuzzing. Currently working for the security firm IOActive, where he had had the chance to work for different Fortune 500 companies in different countries such as Mexico, USA, UK, South... Read More →


Thursday October 8, 2015 7:30pm - 8:30pm CEST
01. Westvleteren University

9:30pm CEST

BruCON Party
Join the BruCON Party in the Cirq Central (Hoogpoort 32, 9000 Ghent)! Enjoy some good sets by our conference DJ's Ocean Lam, Ninjula and Keith Myers

Thursday October 8, 2015 9:30pm - Friday October 9, 2015 12:00am CEST
00. Lounge University
 
Friday, October 9
 

7:30am CEST

Hacker Run (10K)
What better way is there to start the second conference day than running 10km with a bunch of hackers? Put on your running shoes and join us at the entrance of the Novotel (workshop venue) on Friday at 7:30. We’ll be back in time to freshen up and attend the first presentation of the day. Word is that it’s also a good way to get rid of a hangover! See also http://2015.brucon.org/index.php/HackerRun

Friday October 9, 2015 7:30am - 8:45am CEST
00. Lounge University

8:30am CEST

Registration & Breakfast
Friday October 9, 2015 8:30am - 10:00am CEST
00. Lounge University

10:00am CEST

KEYNOTE - Looking Forward - Finding the right balance for INFOSEC
Wow. We’ve come a long way. Some would say not nearly far enough – but will it never be perfect? This industry has a lot of problems, and issues that need fixing but there’s so many good things that we’ve done to make the world a safer place. This talk will look at what we’ve done so far, the breaches we see and why they are still there, and what we need to continue to do to move forward. I’ll also be demonstrating (with live demos) some of the pitfalls of a lot of the “advanced” prevention technologies and why technology still struggles with stopping attackers.

Speakers
DK

Dave Kennedy

Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information... Read More →


Friday October 9, 2015 10:00am - 11:00am CEST
01. Westvleteren University

10:00am CEST

ICS Village

Ever wondered what industrial control systems look from the inside?
Ever wanted to know how to get logic into a programmable logic controller?
Ever wanted to use your security tools against industrial devices without breaking into the power plant nearby?

 All of the above?!  Then welcome to the industrial control systems (ICS) village!

 For the first time in BruCON history, a small group of SCADA Ninjas has decided to bring an ICS village to BruCON. Unless you are already operating a secret nuclear enrichtment facility in your basement or an ACME factory production line, then this is your best chance to get a kick-start into the world of ICS. We are bringing a number of real-world industrial devices from different vendors for you to look, feel and mess around with. The ICS village contains PLCs and RTUs that are commonly used throughout different industrial sectors. You may try to assess ICS devices with common security scanners, sniff the industrial network traffic, try to play along the Stuxnet storybook or play Tetris ported to a PLC. After the success of the ICS village at DEFCON we would like to pursue our overall goal in bringing the topic of ICS security to a broader audience now also to BruCON attendees. So see you around at BruCON's first ICS village!


Friday October 9, 2015 10:00am - 6:30pm CEST
02. Westmalle University

11:00am CEST

cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
cve-search is a free software to collect, search and analyse common vulnerabilities and exposures in software. cve-search grown organically over the past months in a modular system to fetch, index, search and analyse Common Vulnerabilities and Exposures (CVE) and Common Platform Enumeration (CPE) as published by the US agency NIST.

Speakers
AD

Alexandre Dulaunoy

Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff.
PM

Pieter-Jan Moreels

Programmer and Security enthusiast, fresh from school.Likes to break things, as well as creating things. Has no one hobby, but always tries something completely at random.


Friday October 9, 2015 11:00am - 12:00pm CEST
01. Westvleteren University

11:00am CEST

BrewCon
Limited Capacity seats available

From the timeless consistency of classic Trappist ales to seasonality of artisanal small batch farmhouse sours, Belgium has one of the greatest collections of breweries to be found anywhere on the globe. Sadly for most people "Belgian beer" means ordering a Stella, or occasionally getting a Chimay for a special occasion. Over the course of this 1 hour talk, we'll walk attendees through some of the hidden gems of Belgium. Come have a beer with Matt and Chris. They'll tell you about some of Belgium most classic beers, what makes them special, and where to go in Ghent to get some more good beers. There will be drinking, tasting notes, and recommendations.

Speakers
CL

Chris Lytle

Chris is a Senior Security Consultant at Spider Labs. This one time, he hacked a computer. His likes include tacos, bad cryptography, weird hardware, and long walks on the beach.


Friday October 9, 2015 11:00am - 1:00pm CEST
03. Chimay Novotel

11:00am CEST

iOS application pentesting
Limited Capacity seats available

This will be a hands on introduction to exploiting iOS applications. This workshop will be based on exploiting Damn Vulnerable iOS app and other vulnerable apps which are written by the trainer in order to make people understand the different kinds of vulnerabilities in an iOS application. This course will also discuss how a developer can secure their applications using secure coding and obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure iOS applications.

Speakers
PG

Prateek Gianchandani

Prateek is currently working as an Information Security Engineer at Emirates airlines in Dubai. He has interests in network security, mobile and web application security, mobile development, reverse engineering, vulnerability assessment, Mobile application penetration testing is one... Read More →


Friday October 9, 2015 11:00am - 1:00pm CEST
04. Orval Novotel

11:00am CEST

Pentesting ICS 101
Limited Capacity seats available

There is a lot of talking about ICS, SCADA and such nowadays, but only few people have the opportunity to get their hands dirty and understand how it works. The goal of this workshop is to give the knowledge required to start attacking Scada networks and PLCs, and give hands-on experience on real devices. In this workshop, you will learn the specifics of performing a penetration test on industrial control systems, and especially on Programmable Logic Controllers (PLCs). We will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will discover how they work, how they communicate with the SCADA systems, to learn the methods and tools you can use to p*wn them. Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train ! The setup will be completely different from the one I used at BlackHat, featuring more and newer PLCs, and real-life processes (train, robot arm).

Speakers
AS

Arnaud Soullié

Arnaud Soullié (@arnaudsoullie) is a senior security auditor working at Solucom, a French Management & IT consulting company. In five years, he performed 100+ penetration tests and security audits. His topics of interest include Industrial Control Systems and Windows Active Directory... Read More →


Friday October 9, 2015 11:00am - 1:00pm CEST
02. Westmalle University

11:00am CEST

Hands-on Incident Response (4h)
Limited Capacity seats available

During this workshop attendees will get guidance and practical experience with handling a security incident. Our objective is to confront the students with a real-world scenario and provide them with questions that they need to solve but also with guidance on how to solve these questions. Virtual machines will be provided to each student so that they can practice on their own pace and take these home to continue after the workshop. Two instructors will assist the attendees and demonstrate a typical solution at the end of the workshop.

The malware’s execution needs to be stopped within the 4 hour limit, else all files will have been encrypted and deleted from the workstation.

During the workshop, attendees will be required to provide responses to management and work in teams of 2 people.

Attendees laptop requirements:

  • x86-compatible or x64-compatible 2.0 GHz CPU minimum or higher
  • 4 GB RAM minimum with 8 GB or higher recommended
  • Ethernet adapter for wired network
  • 10 GB available hard-drive space
  • A working copy VMWare Workstation, Fusion or Player to run our virtual images
  • A functioning, non-intoxicated brain

Speakers
EV

Erik Van Buggenhout

Erik is a co-founder of the Belgian cyber security company NVISO. At NVISO, Erik is responsible for the Cyber Resiliency service line, thereby coordinating the delivery of highly technical services such as penetration testing, digital forensics, incident response and malware analysis... Read More →
avatar for Pieter Danhieux

Pieter Danhieux

Secure Code Warrior
Pieter Danhieux is a certified instructor for the SANS Institute teaching military, government and private organizations offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. Pieter worked seven years at Ernst & Young as one... Read More →


Friday October 9, 2015 11:00am - 4:00pm CEST
05. La Trappe Novotel

12:00pm CEST

Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live

“In my end is my beginning,” said T. S. Eliot in The Four Quartets, and he might have been talking about hacking. Because radical hacking is a state of mind, an approach to life, the universe, everything, a practice that must be understood with humility, explored with persistence, and mastered with grace and a flair for style.

It begins in the beginning. In Zen we hear of “beginners’ eyes,” which look with no preconceptions and see clearly what is there. That also means we can distinguish what’s in our own minds, see our perceptual apparatus and distinguish it from what’s “out there.” The boundary where those meet, where we half create and half perceive the reality in which we live, is the fertile area where radical hacking takes place. It's the brackish tidewater in which new forms of life are evolving.

So the future of hacking is in a way already here, a mold for possibility that draws us into itself. Those who allow the future to reach back to them and show them the way look like pioneers, creative geniuses, but really, they’re just hackers.

The future may exist, but not as we think it does. It’s not “there” in an objective way, it’s there as a possibility, actualized when we instantiate it. If that sounds like quantum physics, maybe it is: studies testing ESP have detected hits at a rate greater than chance for the next perception, the next event, suggesting the future is already available to us here and now.

But another point of view understands “the future” as how we hold ourselves here and now as possibilities for action. What we call the future is a range of possibilities and when we choose one, it happens in the now. And all is always now.

Thieme suggests possibilities for hacking aligned with these insights based on his experience. The necessity for mastering radical hacking is a non-trivial imperative, mandated by the untimely stories hackers must invent by making and creating contrary to the consensual realities of our time. They are untimely because they cause cognitive dissonance for those who inhabit the consensus, the “userspace” of our world, which is why hacking requires courage, discipline, the management of one’s ego, and a willingness to go as insane as a shaman, remembering how to return to the village of the present, the village of the damned.

Hackers worthy of the name live by the torchlight of doubt and chaos and find their way by fits and starts. Welcome to the world of not try, but do. 

Speakers
RT

Richard Thieme

Richard Thieme (www.thiemeworks.com) is an author and professional speaker focused on the deeper implications of technology, religion, and science for twenty-first century life. He speaks professionally about the challenges posed by new technologies and the future, how to redesign... Read More →


Friday October 9, 2015 12:00pm - 1:00pm CEST
01. Westvleteren University

1:00pm CEST

Lunch
Friday October 9, 2015 1:00pm - 2:00pm CEST
00. Lounge University

2:00pm CEST

Unified DNS View to Track Threats

A worldwide visibility into DNS traffic below and above the recursive level is important to develop a unified view of the Internet threat landscape.

Analyzing traffic patterns below the recursive resolvers allows for the creation of models that analyze client behavior. These models serve as a valuable source of information for investigating potentially new malicious domains.

Monitoring authoritative traffic above the resolvers is an excellent source of information for tracking the underlying domain/IP hosting infrastructures for malware campaigns over time. Combining these two different views of the DNS and IP space provides the analyst invaluable intelligence for detecting emerging threats.

The objective of this talk is to examine the methods we use at OpenDNS to analyze traffic at both the recursive and authoritative layers. We will present novel algorithms used to help identify traffic signal patterns at the recursive layer. One of them is a spike detection algorithm which finds domains that have experienced an unexpected spike in traffic. Spikes in DNS traffic are often associated with DGAs or Exploit kit families. Consequently, developing a robust understanding of the various process that generate spikes in traffic allows one to identify new Exploit kits and DGAs. However, not all domains that spike are necessarily malicious. A challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this, we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

At the same time, one should not wait until domains spike and then react, therefore we combine spike detection with proactively scrutinizing hosting infrastructures and TTPs used by adversaries in setting up their malware campaigns. With this insight we can preemptively block threats before they occur. Both approaches are complementary and they proved to be very effective at increasing our coverage of the threat search space. We will discuss various use cases that showcase our research and methods.


Speakers
DM

Dhia Mahjoub

Senior Security Researcher at OpenDNS, Dhia Mahjoub works on research and development problems involving DNS, security, big data analysis, and networks. He focuses on building threat detection systems based on the monitoring and analysis of traffic and hosting infrastructures. Dhia... Read More →
TM

Thomas Mathew

Thomas Mathew is a Security Researcher at OpenDNS where he focuses on implementing innovative classifications of malware and botnets using pattern recognition techniques. Thomas holds an MS in Computer Science with a specialty in data security. Prior to joining OpenDNS, Thomas served... Read More →


Friday October 9, 2015 2:00pm - 3:00pm CEST
01. Westvleteren University

2:00pm CEST

A Hands On Introduction To Software Defined Radio
Limited Capacity seats available

Software Defined Radio is a fascinating playfield for hackers. But the learning curve is steep, and the SDR devices are expensive.

This 2 hour hands on workshop introduces SDR via a gentle learning curve, and with cheap devices, so that everyone can participate.

Operating SDRs via the open source software GNU Radio offers a wealth of possibilities, but it is hard for beginners to start with GNU Radio. You need a good grasp of the radio concepts to find your way through the software. SDR is quite different from analogue radio, and for most attendees, even analogue radio is quite mysterious. As an electronics engineer and former CB radio operator, I have a good background in RF technology. With GNU Radio and GNU Radio Companion, I will guide the attendees through a set of exercises (specially designed for this workshop) intended to familiarize them with radio technology, SDR, GNU Radio and GNU Radio Companion.

Each attendee brings his own laptop. Didier brings 20 cheap SDR devices (USB digital TV receivers RTL2832U) and a couple of more performant devices, like the HackRF One, a WiSpy, a handheld digital spectrum analyzer, …


Attendees connect the RTL2832U to their laptop, we boot from a Live CD and we start doing simple exercises to understand SDR.

Because of the limited number of devices (20 devices), the workshop is limited to 20 attendees. But attendees can bring their own RTL2832U.

Speakers
DS

Didier Stevens

Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at... Read More →


Friday October 9, 2015 2:00pm - 4:00pm CEST
04. Orval Novotel

2:00pm CEST

Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
Limited Capacity seats available

Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don't have an incident response program? What if you are just setting one up? What if you don't have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need.  

In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you are a strong developer and understand web technologies such as Javascript and Flash you should have no problem completing the workshop. 

Speakers
SF

Sergei Frankoff

Sergei Frankoff is a malware researcher and the Director of Threat Intelligence at Sentrant. His current focus is ad-fraud malware and the ecosystems that support modern ad-fraud. Prior to joining Ara Labs Sergei worked as an incident responder and a security analyst. Sergei is a... Read More →
SW

Sean Wilson

Sean is an incident responder and malware researcher currently focused on tracking botnet and other crimeware based malware. He is also an active contributor to open source security tools focused on incident response. Previously Sean has worked in a number of application security... Read More →


Friday October 9, 2015 2:00pm - 4:00pm CEST
02. Westmalle University

2:00pm CEST

Intrusion detection on Linux and OS X with osquery (https://osquery.io)
Limited Capacity seats available

Osquery is an instrumentation framework for OS X and Linux. It exposes low-level operating system information as virtual SQL “tables” and queries can be grouped in “packs”. In this workshop participants will learn on how Facebook uses osquery for incident response and intrusion detection by analyzing a compromised Linux VM.


Friday October 9, 2015 2:00pm - 4:00pm CEST
03. Chimay Novotel

3:00pm CEST

Desired state: compromised

Desired State Configuration (DSC) is a core component of Microsoft's new enterprise management technology that provides unique opportunities for administrators and attackers alike. It's designed to monitor and maintain the configuration of a set of systems - even over the internet - with no Active Directory required. But in the wrong hands, a creative adversary can hijack DSC as an effective means of command-and-control using nothing but PowerShell scripts and built-in Windows features.

First, we'll demonstrate how to use DSC to infect systems and serve as a covert persistence mechanism for malware. We'll walk through the steps needed to build a remote C2 server that manages compromised systems - and can even re-infect those that have been cleaned - with DSC and a bit of scripting. Our presentation will also highlight other DSC capabilities, such as transferring files or modifying the registry, that can be abused for malicious control of a system.

After covering these intrusion scenarios, we'll tackle the topic from the perspective of a defender or incident responder. We'll illustrate the signs that DSC might be used on a compromised system, and how to investigate the forensic evidence it leaves behind.

Proof-of-concept source code will accompany the presentation and our research.


Speakers
MH

Matt Hastings

Matt Hastings is a Security Architect focused on research and development for Incident Response and forensic tools. Previously, Matt worked as a consultant performing enterprise-wide incident response, high-tech crime investigations, penetration testing, strategic corporate security... Read More →
RK

Ryan Kazanciyan

Ryan Kazanciyan is the Chief Security Architect for Tanium, and has twelve years of experience in incident response, forensic analysis, and security assessments. Prior to joining Tanium, Ryan was a Technical Director at Mandiant, where he led investigation and remediation efforts... Read More →


Friday October 9, 2015 3:00pm - 4:00pm CEST
01. Westvleteren University

4:00pm CEST

Coffee Break
Friday October 9, 2015 4:00pm - 4:30pm CEST
00. Lounge University

4:30pm CEST

Creating REAL Threat Intelligence ... with Evernote

In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing real actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions. And yeah … threat intel vendors still hold a role in ultimate threat intelligence nirvana but there is a lot you should do on your own first in order to better understand your requirements in searching for that ideal partner.


Speakers
LG

L. Grecs

grecs has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer... Read More →


Friday October 9, 2015 4:30pm - 5:30pm CEST
01. Westvleteren University

5:30pm CEST

Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
Over the past year, targeted attackers have rolled out new persistence mechanisms that evade existing detection technologies. In the past six months, we've identified multiple attacks that hijack the Application Compatibility Infrastructure shim databases (SDB) for code injection. This presentation digs deeply into the attacks and techniques for detection. We'll cover technical details and implementations, specific recommendations for detection, and brand new tools for analysis. We will conclude by teaching you how to use these new investigative methods to detect artifacts of shim persistence in both large and small environments.

Speakers
WB

Willi Ballenthin

Willi Ballenthin is a reverse engineer at FireEye who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys reverse engineering malware, developing forensic techniques, and exploring the cutting... Read More →
JT

Jon Tomczak

Jonathan Tomczak fights evil as a consultant at Mandiant, a FireEye Company. Based in the Washington DC area, Jonathan has experience in Windows forensics and software development. Jonathan has been in the security field since 2006, where he co-founded TZWorks building Windows forensics... Read More →


Friday October 9, 2015 5:30pm - 6:30pm CEST
01. Westvleteren University
 
Filter sessions
Apply filters to sessions.