Brucon presentation


Published on

short intro to the Brucon conference which will be held on September 18th and 19th in Brussels, Belgium

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Brian Honan Brian Honan is recognised as an industry expert on information security and has addressed a number of major conferences relating to the management and securing of information technology. Brian is author of the book "Implementing ISO 27001 in a Windows Environment" ( ) and has also published a number of technical papers and has been technical editor and reviewer of a number of industry recognised publications. Brian is also the European editor for the SANS Institute’s weekly SANS NewsBites, a semi-weekly electronic newsletter. Brian founded the Irish Reporting and Information Security Service (IRISS which is Ireland's first national CSIRT (Computer Security Incident Response Team). He is a member of the Information Systems Security Association, Irish Information Security Forum, Information Systems Audit and Control Association, a member of the Irish Computer Society,the Business Continuity Institute and was a founding member of the Irish Corporate Windows NT User Group. Chris Gates Chris Gates (CG). Founder Full Scope Security performing full scope penetration testing and security engineering. Previous jobs includes full scope penetration tester for one of the DoD Red Teams and Army Signal Officer spending gobs of time in layer 2 and layer 3 land. columnist and security blogger. Chris Nickerson Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Red Team Testing and Social Engineering. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and Vulnerability assessments, to policy design, Social Engineering, Penetration Testing, Red Team Testing and Regulatory compliance testing. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a reality television program showing the activities of actual penetration tests and active assessments. He is also co-founder and host of the Exotic Liability Security Podcast, Christofer Hoff Christofer Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management with a focus on virtualization and Cloud Computing security. Hoff is currently doing nothing until he finds something more fun to do or his wife goes mad and sends him to Starbucks to pretend to work. Prior to his role as unofficial beach bum of the blogosphere, he was Unisys Corporation’s Chief Security Architect, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy. Hoff obviously also enjoys referencing himself in the third person. Daniel Mende Daniel Mende is a German security researcher specialized on network protocols and technologies. He's well known for his Layer2 extensions of he SPIKE and Sulley fuzzing frameworks, he has discussed new ways in botnet-building and presented on protocol security at many occasions including Troopers08, ShmooCon and Blackhat. Usually he releases a new tool when giving a talk. Eric Adrien Filiol Eric Adrien Filiol has been an officer in the French Army for 20 years. He is now head scientist officer and professor in a research lab working for different department in France (justice, police, defense, academic). He holds a PhD in mathematics and computer science, a habilitation thesis in computer science, an engineer diploma in cryptology and has graduated from NATO in InfoOps. Eric Vyncke Before joining Cisco Systems in 1997, Eric worked for Siemens as their chief architect of the firewall product. Now, he is a Distinguished Engineer and assists customers with security designs and deployments. He is a guest professor at several Belgian Universities, participates regularly at the IETF. He wrote a book on LAN Switch Security and another one on IPv6 Security. Esther Schneeweisz Jayson E. Street Jayson is well versed in the ten domains of Information Systems security defined by the International Information Systems Security Certification Consortium ([ISC]2). He specializes in intrusion detection response, penetration testing, and auditing. Jayson has created and conducted security awareness training for a major Internet bank and have created security policies and procedures currently used by several companies. He also created and taught a three day training course on Intrusion Detection Systems for an undisclosed government agency in Washington D.C.. His consultation with the FBI on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. In 2007 He consulted with the Secret Service on the WI-FI security posture at the White House. He is on the SANS GIAC Advisory Board. Also a current member on the board of directors for the Oklahoma "INFRAGARD". Jayson is also Vice President of the ISSA OKC chapter and a member of the "OSVDB". He is also a longtime member of the "SNOsoft" research team. Julia Wolf Julia Wolf does malware analysis, exploit research, reverse engineering, cryptography, and other low-level bit-twiddling. Currently she creates technologies for the analysis and detection of malware for Fireeye, inc. Justin Clarke Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand. Justin is the co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), and the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009) as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP. Mario Heiderich Mario Heiderich is a cologne based CTO for an online enterprise based in Cologne and New York. He was a visitor and speaker on several OWASP conferences, maintains the PHPIDS and other security related projects and recently authored a German book on Web Security together with Christian Matthies, fukami and Johannes Dahse. Mario is currently into browser security and digging the HTML5 specifications. Paul James Craig Principal Security Consultant Sharon Conheady Sharon Conheady is a social engineer/penetration tester at First Defence Information Security in the UK. She has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. She has presented on social engineering at security conferences including Deepsec, Recon, CONFidence, ISSE, ISF, SANS Secure Europe and more. After inventing the Internet alongside Al Gore, Sharon moved on to the development of security protocols that were used to crack 128 bit encryption. She holds a degree in Computer Science from Trinity College Dublin and a MSc in Information Security from Westminster University. Three times winner of the Nobel Prize, Sharon enjoys belly dancing and space travel. If you see Sharon around your office, she kindly requests that you open the door to let her in. Stephan Chenette Stephan Chenette is a Senior Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools ranging from kernel-land sandboxes, to static analysis scanners. He has released public analyses on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security. Vincent Rijmen Vincent Rijmen is a Belgian cryptographer and one of the designers of the Rijndael, the Advanced Encryption Standard (AES). Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ciphers Anubis, KHAZAD, Square, NOEKEON and SHARK. Since 1 August 2001, Rijmen has been working as chief cryptographer with Cryptomathic. From 2001–2003, Rijmen was a visiting professor at the Institute for Applied Information Processing and Communications at Graz University of Technology (Austria), and a full professor there from 2004–2007. Since October 2007, Rijmen is an associate professor (hoofddocent) at K.U.Leuven, working once again with the COSIC lab.
  • Brucon presentation

    1. 1. BruCON is an annual security and hacker(*) conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Brussels, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. It's affordable, accessible and entertaining. BruCON is a conference by and for the security and hacker community. (*)Hackers are "persons who delight in having an intimate understanding of the internal workings of a system, computers and computer networks in particular." People who engage in illegal activities like unauthorized entry into computer systems are called crackers and don't have anything to do with hacking. BruCON doesn't promote any illegal activities or behavior. Many hackers today are employed by the security industry and test security software and systems to improve the security of our networks and applications. In addition, for the younger generations, we want to create some awareness and interest in IT students to learn more about IT Security.
    2. 2. Two day conference featuring: Christofer Hoff - The frogs who desired a king: A virtualization & cloud computing fable Vincent Rijmen - Trusted cryptography Chris Nickerson - Red and tiger team Chris Gates - Open source information gathering Jayson E. Street - Dispelling the myths and discussing the facts of Global Cyber-Warfare Paul James Craig - Rage against the Kiosk Eric Vyncke - Transition to IPv6 on the Internet: Threats and mitigation techniques Eric Adrien Filiol - How to prepare, coordinate and conduct a cyber attack Esther Schneeweisz - Building hacker spaces everywhere Brian Honan - Knowing Me Knowing You (The dangers of social networks) Mario Heiderich - Malicious markup - I thought you were my friend - cycle 3 Daniel Mende - "All your packets are belong to us" - Attacking Backbone Technologies" Sharon Conheady - Jedi mindtricks - Social engineering for penetration testers Stephan Chenette - A new web attack vector: Script fragmentation Justin Clarke - SQL Injection - how far does the rabbit hole go?
    3. 3. <ul><li>Two day trainings are possible before the conference by some industry experts: </li></ul><ul><li>Crash course in Penetration Testing </li></ul><ul><li>By Joe McCray, and Chris Gates </li></ul><ul><ul><li>Former speaker at SOURCE Boston 09, NotACon ,Toorcon X and ChicagoCon. He is scheduled to speak BlackHat USA 2009 and Defcon 17 </li></ul></ul><ul><li>Web 2.0 Hacking – Attacks and Defense </li></ul><ul><li>By Shreeraj Shah </li></ul><ul><ul><li>Author of Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03) </li></ul></ul><ul><li>Social Engineering testing for IT Security professionals </li></ul><ul><li>By Sharon Conheady </li></ul><ul><ul><li>Sharon Conheady is a social engineer/penetration tester at First Defence Information Security in the UK. She has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Former speaker at Deepsec, Recon, CONFidence, ISSE, ISF, SANS Secure Europe and more . </li></ul></ul>
    4. 4. Why should people attend this event? These are renowned speakers, international experts and book authors which you will seldom meet at other events. It’s an event by and for the security and hacker community. With 400 seats, it's an ideal occasion to network with others and exchange knowledge. Lightning talks will give possibilities for visitors to present their own projects, tools or website Various workshops on wireless security, digital ID, lockpicking, VOIP,…. The Hex Factor: a contest where people can learn basics of web application security, forensics,… both fun and challenging for both absolute beginners as well as experts. More info? How to register? Visit