{"id":2772,"date":"2021-06-15T15:33:06","date_gmt":"2021-06-15T13:33:06","guid":{"rendered":"https:\/\/archive.brucon.org\/2023\/?p=2772"},"modified":"2021-06-16T14:43:47","modified_gmt":"2021-06-16T12:43:47","slug":"brucon0x0d-training-open-for-registration","status":"publish","type":"post","link":"https:\/\/archive.brucon.org\/2023\/2021\/06\/15\/brucon0x0d-training-open-for-registration\/","title":{"rendered":"BruCON0x0D – Training open for registration"},"content":{"rendered":"

We are very happy to share the BruCON0x0D training program (4-6 October), a hybrid one with both in-person and virtual courses. Each course will be given either virtually or in-person, however students that register for a virtual courses can opt to attend their course in a class room<\/strong>\u00a0that we will prepare at the regular training location (Novotel Ghent Centrum or NH Ghent Belfort<\/em>). This way, you can still socialize (and have a beer together) with your fellow students or you can book your travel for the entire week if you also plan to attend the conference. You can specify your preference during registration.<\/p>\r\n\r\n

Early-bird will last till the end of the month, please fine the line-up here :<\/p>\r\n

[vc_row][vc_column width=”5\/6″][vc_column_text]Corelan Advanced \u2013 Peter Van Eeckhoutte (3-days – in-person) – <\/strong>The Corelan \u201cADVANCED\u201d exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this (typically 3 \u2018long\u2019 day) course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform, using Windows 7 and Windows 10 as the example platform, but using techniques that can be applied to other operating systems an applications. We will discuss differences between Windows 7 and Windows 10 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10.\u00a0 The trainer will share his \u201cnotes from the field\u201d and various tips & tricks to become more effective at writing exploits. This is most certainly not an entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 exploit development. More information here<\/a>[\/vc_column_text][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”489″ style=”vc_box_circle”][\/vc_column][\/vc_row][vc_row][vc_column width=”1\/6″][vc_single_image image=”2202″ style=”vc_box_circle”][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”2790″ style=”vc_box_circle”][\/vc_column][vc_column width=”4\/6″][vc_column_text]Practical DevSecOps \u2013 Continious Security in the age of cloud \u2013 Mohammed A. \u201csecfigo\u201d Imran and Marudhamaran Gunasekaran (3-days – in-person) – <\/strong>Ever wondered how to handle the deluge of security issues and reduce the cost of fixing before software goes to production? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In Practical DevSecOps training, you will learn how to handle security at scale using DevSecOps practices. We will start o\ufb00 with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Con\ufb01guration management, Infrastructure as code, etc., The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learned as part of the course. We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools that fit your organization\u2019s needs and culture. After the training, the students will be able to successfully hack and secure applications before hackers do. More information here<\/a>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=”5\/6″][vc_column_text]Assessing and Exploiting PLCs \u2013 Justin Searle (3-days – in-person) – <\/strong>This is not your traditional SCADA\/ICS\/IIoT security course! How many courses send you home with a PLC and non-expiring software to program it?!? This course teaches hands-on penetration testing techniques used to test PLCs, including their logic, field buses, network protocols, and proprietary maintenance interfaces. Skills you will learn in this course will apply directly to any current or past PLC in the industry. This course is structured around the formal penetration testing methodology created by ControlThings LLC and their opensource suite of tools found at ControlThings.io. More information here<\/a>[\/vc_column_text][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”1819″ style=”vc_box_circle”][\/vc_column][\/vc_row][vc_row][vc_column width=”1\/6″][vc_single_image image=”2432″ style=”vc_box_circle”][\/vc_column][vc_column width=”5\/6″][vc_column_text]Azure AD Attacks for Red and Blue Teams \u2013 Basic Edition \u2013 Nikhil Mittal (3-days – virtual) –<\/strong> More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now\u00a0 use Azure AD as an Identity and Access Management platform using the hybrid cloud model.\u00a0 This makes it imperative to understand the risks associated with Azure AD as not only the\u00a0 Windows infrastructure and apps use it but also identities of users across an enterprise are\u00a0 authenticated using it. In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications\u00a0 and infrastructure to Azure AD brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security\u00a0 challenge.\u00a0This hands-on training aims towards abusing Azure AD and a number of services offered by it.\u00a0 We will cover multiple complex attack lifecycles against a lab containing\u00a0multiple live Azure\u00a0 tenants<\/b>. All the phases of Azure red teaming and pentesting \u2013 Recon, Initial access, Enumeration,\u00a0 Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also\u00a0 discuss detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses\u00a0 more on methodology and techniques than tools. If you are a security professional trying to improve your skills in Azure AD cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you! More information here<\/a>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=”5\/6″][vc_column_text]A Complete Practical Approach to Malware Analysis and Memory Forensics \u2013 Monnappa K A (3-days – virtual) – <\/strong>This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics. This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (crimeware, APT malware, fileless malwares, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.\u00a0More information here<\/a>[\/vc_column_text][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”1822″ style=”vc_box_circle”][\/vc_column][\/vc_row][vc_row][vc_column width=”1\/6″][vc_single_image image=”2741″ style=”vc_box_circle”][\/vc_column][vc_column width=”5\/6″][vc_column_text]Operational Threat Intelligence \u2013 Joe Slowik (2-days starting Tuesday – in-person) –\u00a0 <\/strong>When used properly, cyber threat intelligence allows an organization to leverage another\u2019s breach or incident to their own benefit. Yet while many cyber threat intelligence courses and guides exist, these are primarily designed for developing long-range, in-depth intelligence products for strategic or similar overview with an overemphasis on theory and little experience in practice. Operational threat intelligence instead supports a different audience: day to day security work and network defense. While cyber threat intelligence must always meet standards for accuracy, relevancy, and timeliness, SOC watch-standers and IR personnel need enriched information now in order to execute their jobs. This course fills a critical role that other training does not address: how to successfully embed cyber threat intelligence operations into the daily rhythm of security to support everyday tasks, and extraordinary incidents. Toward that end, while this course will briefly touch on theoretical concepts such as analysis of competing hypotheses, kill chain methodology, and other ideas, the real focus will be on what efforts make operational threat intelligence possible and sustainable. More information here<\/a>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=”4\/6″][vc_column_text]Defending Enterprises \u2013 NEW for 2021! \u2013 Owen Shearing and William Hunt (2-days starting Tuesday – in-person) –\u00a0<\/strong>New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. From SIEM configuration to monitoring, alerting and threat hunting, you\u2019ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA\u2019s and IOC\u2019s from an enterprise breach.\u00a0You\u2019ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and\/or expressions will be supplied for both platforms (where applicable). We know 2 days isn\u2019t a lot of time, so you\u2019ll also get 14-days FREE lab time after class and Discord access for support. More information here<\/a>[\/vc_column_text][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”2181″ style=”vc_box_circle”][\/vc_column][vc_column width=”1\/6″][vc_single_image image=”2180″ style=”vc_box_circle”][\/vc_column][\/vc_row][vc_row][vc_column width=”1\/6″][vc_single_image image=”1828″ style=”vc_box_circle”][\/vc_column][vc_column width=”5\/6″][vc_column_text]Black Belt Pentesting \/ Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation \u2013 Dawid Czagan (2-days starting Tuesday – virtual) –\u00a0<\/strong>HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters. Modern web applications are complex and it\u2019s all about full-stack nowadays. That\u2019s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say \u2018No\u2019 to classical web application hacking. Join this unique hands-on training and become a full\u2011stack exploitation master. More information here<\/a>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]The training location will be\u00a0Novotel Ghent Centrum or NH Ghent Belfort<\/strong> for in-person courses or when you attend a virtual course in a classroom. Location and accommodation information here<\/a><\/p>\r\n\r\n

All training details and registration links can be found on the BruCON training pages (link<\/a>)<\/p>\r\n\r\n

your BruCON team.[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text][\/vc_column_text][\/vc_column][\/vc_row]<\/p><\/div>","protected":false},"excerpt":{"rendered":"

We are very happy to share the BruCON0x0D training program (4-6 October), a hybrid one with both in-person and virtual courses. Each course will be given either virtually or in-person, however students that register for a virtual courses can opt to attend their course in a class room\u00a0that we will prepare at the regular training location (Novotel Ghent Centrum or NH Ghent Belfort). This way, you can still socialize (and have a beer together) with…<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,1],"tags":[],"class_list":{"0":"post-2772","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-0x0d","7":"category-uncategorized"},"menu_order":0,"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/posts\/2772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/comments?post=2772"}],"version-history":[{"count":12,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/posts\/2772\/revisions"}],"predecessor-version":[{"id":2796,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/posts\/2772\/revisions\/2796"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/media?parent=2772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/categories?post=2772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/tags?post=2772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}