SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Workshops"

Difference between revisions of "Workshops"

From BruCON 2017

Jump to: navigation, search
(Damn Vulnerable Web App)
m (Workshop)
 
(18 intermediate revisions by 8 users not shown)
Line 1: Line 1:
<!--
+
'''''ARCHIVED ON ORGA WIKI'''''
== Registration==
 
'''In order to smooth the organization and because the number of places for the workshops is very limited, we kindly ask you to add your name or nickname on the [[Workshop Registration]] page.'''
 
-->
 
  
== Cryptanalysis workshop: Breaking office encryption ==
+
==Registration==
by''''' Eric Filiol'''''
+
'''In order to smooth the organization and because the number of places for some of the workshops is limited, we kindly ask you to add your name or nickname on the [[Workshop Registration]] page.'''
  
In this workshop, we propose to make people practice cryptanalysis of, amongst other things, the Office encryption (up to 2003) when using the strongest encryption mode (128-bit RC4).
+
==White Hat Shellcode: Not for Exploits==
<br>'''The timetable is the following one:'''
+
by '''''Didier Stevens'''''
* presentation of the techniques
 
* presentation of the cryptanalysis programs
 
* practice
 
Attendees to this workshop must come with their own laptop (Windows or Linux) and a C compiler.
 
<br>All other programs will be given during the workshop.
 
<br>Programming in C language is required.
 
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
  
== Damn Vulnerable Web App ==
+
===Capacity===
by''''' Ryan Dewhurst'''''
+
Max 40 seats! (and tables for the first 20 people)
 +
<br>[[Workshop Registration|register here]]
  
Damn Vulnerable Web App (DVWA) is an Open Source PHP/MySQL web application that is vulnerable to the most common types of web application security bugs. It is an aid for security professionals to test their skills and tools in a legal and controlled environment, help developers to better understand the processes of securing web applications and aid teachers/students to teach and learn web application security in a classroom environment. (DVWA, 2010)
+
===Requirements===
 +
Attendees to this workshop must come with their own laptop + virtualbox or vmware
  
The DVWA project started in December 2008 and has steadily grown in popularity. It is now used by thousands of security professionals, students and teachers world wide. More recently it was featured at a well renowned hacker conference held in Washington D.C. called Shmoocon attended by over 1500 people from the Information Security community.
+
==Agnitio: the security code review Swiss army knife==
 +
by '''''Security Ninja''''
  
Every participants to this workshop must come with their own laptop
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
<!--
+
===Requirements===
<br>[[Workshop Registration|register]]
 
-->
 
  
== Hardware Hacking Area: Learn To Make Cool Things With Microcontrollers! ==
+
==Its static analysis, but not as we know it==
by '''''Mitch Altman'''''
+
by '''''''''
  
Anyone can learn to solder and make cool things with microcontrollers! 
+
===Capacity===
<br>Come to the Hardware Hacking Area any time during the conference and Mitch will teach you to solder and make any number of fun and intriguing open-source projects, that you can take home with you.
+
<br>[[Workshop Registration|register here]]
<br>Turn off TVs in public places with TV-B-Gone, trip out to your brain waves with the Brain Machine, play games, LEDcubes, make art -- microcontrollers can do all this and more.  <br>Mitch will have plenty of parts for fun and intriguing open-source projects, organized as simple kits that anyone can successfully complete and take home. 
 
<br>This is for all ages and skill levels. 
 
<br>Mitch can also help you with your projects. 
 
<br>So, come on by!
 
  
Refs: [http://www.cornfieldelectronics.com Cornfield Electronics ("maker faire" tab)] Mitch Altman has taught thousands of people to solder at workshops he has given at hacker conferences, Maker Faires, hackerspaces, and schools all over the world. 
+
===Requirements===
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
==Living with SELinux How to configure SELinux for your daily applications in CentOS/RHEL==
 
by '''''Toshaan Bharvani'''''
 
  
Security Enhanced Linux, is disabled in most cases due to fact that most people do not take the time to understand how to work with SELinux. However security increases, by keeping SELinux on, as all applications are segregated therefore even if a intruder were to enter it would only affect that application. In RHEL, CentOS or Fedora most applications are predefined in SELinux and can be adjusted, however other applications can be added easily with the integrated tools, allowing you to run any custom application. The presentation explains what SELinux is, how it works, how to implement the predefined policies and how to create custom policies.
+
==Collective Malicious PDF Analysis==
<!--
+
by '''''x0ner''''
<br>[[Workshop Registration|register]]
 
-->
 
==Lockpicking 101==
 
by '''''Walter Belgers''''' (TOOOL.nl)
 
  
The Open Organization of Lockpickers (TOOOL) was founded in Amsterdam. Meanwhile, we have groups in Eindhoven (Netherlands) and the USA as well. We regularly meet to practice lockpicking and discuss techniques used in locks. Every year, championships are being held in lockpicking, safe lock manipulation and impressioning.
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
Our knowledge about locks is also used to inform the general audience. This helps them in making informed decisions when buying locks. Also, we strive to have open communication with the lock industry and help them eliminate weaknesses in locks before they hit the market.
+
===Requirements===
  
'''Presentation:'''
+
==Going beyond one sample at a time==
 +
by '''''''''
  
Toool will give a presentation and demonstration about the weaknesses and strengths of common locks. This will help visitors choose better and more secure locks for their homes or enterprises.
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
'''Hands-on:'''
+
===Requirements===
  
This will be followed by hands-on lockpicking by the attendees.
+
==Script Kiddie Hacking Techniques==
Practice locks and lockpicking tools will be provided.
+
by '''''Ellen Moar & Colin McLean''''
  
Toool was featured in a Dutch television program "Nova" where they warned about the dangers of bump keys. If you want to know how to mitigate this technique, come and visit us at Brucon.
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
 +
===Requirements===
  
Max 15-20 persons at a time.
+
==How a script kiddie can copy and paste their way to effective hacks==
 +
by '''''''''
  
Saturday only!
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
<!--
+
===Requirements===
<br>[[Workshop Registration|register]]
 
-->
 
  
==Malicious PDF analysis==
+
==The Web Application Hacking Toolchain==
by '''''Didier Stevens'''''
+
by '''''jhaddix''''
  
This workshop will teach you the fundamentals you need to know to analyze (malicious) PDF documents. Didier Stevens will familiarize you with PDFiD and pdf-parser, two essential tools for PDF analysis he authored. The workshop is hands-on: bring your laptop, start the VM we provide you (VMware or VirtualBox) and you're ready to go! Contained in the Linux VM are the tools and PoC samples to do the exercises of the workshop. We start with a very simple, PoC malicious PDF file (you could even analyze this PoC file with Notepad or vi) to lay out the fundamentals, and then work through more complex examples.
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
Each attendee will receive a copy of a 20+ page PDF analysis document Didier Stevens authored. And yes, this document will be provided in the Portable Document Format, but hey, when you succesfully complete this workshop, you will know how to identify malicious PDF files ;-)
+
===Requirements===
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
  
==RFID workshop==
+
==web hacking made better==
by '''''Philippe Teuwen'''''
+
by '''''''''
  
Come with your laptop & tags
+
===Capacity===
<br>You'll get a bootable LiveCD and be able to borrow a RFID reader
+
<br>[[Workshop Registration|register here]]
<br>The workshop will be a mix of presentation and hands-on
 
  
'''Intro about RFID readers for PC:'''
+
===Requirements===
* Global architecture, chipset, connection (USB, serial...), drivers,...
 
* PC/SC: limits of manipulating RFID with contact-oriented standards, pseudo-ATR & pseudo-APDU
 
'''Hands-on:'''
 
* Manipulating APDUs to talk to 13.56MHz RFID tags
 
* Challenge/Response authentication
 
* Read various tags... Come with your own tags as well!
 
* Libraries RFIDiot, LibNFC
 
* Applications ePassport Viewer, ...
 
And more demos, depending on available time
 
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
  
Philippe Teuwen is Principal Engineer in the SECurity REsearch Team - Leuven, Belgium,  NXP Semiconductors.
 
<br>He gave several talks at Hack.lu about Wi-Fi and Smartcards security.
 
  
==Seccubus workshop: Analyzing vulnerability assessment data the easy way==
+
==Learn to use shellcode for defense==
by '''''Frank Breedijk'''''
+
by '''''''''
  
As part of his job as Security Engineer at Schuberg Philis, Frank Breedijk performs regular security scans.
+
===Capacity===
The repetitive nature of scanning the same customer infrastructure over and over again made him decide
+
<br>[[Workshop Registration|register here]]
to look for a more automated approach. After building his first scanning scheduler he realized that
 
it actually does not make sense to look at all findings every time they are reported.
 
It would be much better to only investigate the deltas between the scans.
 
The philosophy behind AutoNessus was born.
 
In his workshop Frank will demonstrate Seccubus by making the attendees perform scans of
 
a live demo environment and explain the inner workings of Seccubus  and the philosophy behind it.
 
  
'''What is Seccubus?'''
+
===Requirements===
  
Seccubus automates regular vulnerability scans and provides delta reporting. It effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.
+
==VOIP==
 +
by '''''''''
  
'''Why?'''
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
Anyone who has ever used Nessus or OpenVAS will be familiar with one of its biggest drawbacks. Nessus and OpenVAS are very valuable tools, but unfortunately also very noisy. The time needed to report on a single scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular scans of the same infrastructure.
+
===Requirements===
  
'''How does it work?'''
+
==RFID==
 +
by '''''''''
  
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction of the analysis time.
+
===Capacity===
 +
<br>[[Workshop Registration|register here]]
  
'''What will be in the talk?'''
+
===Requirements===
  
The talk will be combined presentation and demonstration of the AutoNessus tool. While scanning a live demo environment Frank will discuss the following topics:
 
  
* The philosophy behind Seccubus
 
* The inner workings
 
* Seccubus in action
 
* Seccubus in real live
 
  
'''Knowledge gained'''
 
  
Everything about Seccubus and its philosophy.
 
  
'''Why attend?'''
+
==Lockpicking 101==
 +
by '''''Walter Belgers''''' (TOOOL.nl)
  
This talk will give you real world knowledge. You will learn how to do more vulnerability scanning in less time and get more accurate results.
+
The Open Organization of Lockpickers (TOOOL) was founded in Amsterdam. Meanwhile, we have groups in Eindhoven (Netherlands) and the USA as well. We regularly meet to practice lockpicking and discuss techniques used in locks. Every year, championships are being held in lockpicking, safe lock manipulation and impressioning.
  
If scanning is part of you job, you should attend this talk. If scanning the same infrastructure more then once is part of your job, this is a must see talk!
+
Our knowledge about locks is also used to inform the general audience. This helps them in making informed decisions when buying locks. Also, we strive to have open communication with the lock industry and help them eliminate weaknesses in locks before they hit the market.
  
Refs: http://seccubus.com
+
'''Presentation:'''
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
==The Security Innovation Network - Cluster of Clusters==
 
by '''''Ulrich Seldeslachts'''''
 
  
The Security Innovation Network is a partnership of Europe's leading Security Associations.
+
Toool will give a presentation and demonstration about the weaknesses and strengths of common locks. This will help visitors choose better and more secure locks for their homes or enterprises.
These national Security clusters have joined forces to form a transnational European Security cluster,
 
aiming to facilitate sharing experiences, business and research opportunities and building of trust amongst the partners.  
 
The participating clusters will present their program and first results.
 
  
The Security Innovation Network has analyzed the Security market in Europe with on its key challenges, opportunities and evolutions in order to allow for a better coordinated action between companies across Europe to respond to those challenges. Participants will be able to evaluate and assess this analysis, and understand key challenges from their peers in other countries. The methodology will be demonstrated, and the outcome of the various specialized expert groups sessions will be recommended. A call for action is for the attendees to recognize some of this key learning and  to join in the discussions. This session will focus on innovations to improve Cybersecurity and a call for actions on how to jointly address cyber attack issues.
+
'''Hands-on:'''
  
The Security Innovation Network will identify some of the most apparent challenges and evolutions in the Security landscape in Europe and will call for companies and research institutions to work together on a transnational basis to determine innovative solutions. Based upon different STIG's (security innovation workshops), the different national associations in France, Germany, UK and Belgium have been bringing together expert companies in their respective domains. These experts identified some of the key challenges ahead and suggested for actions accordingly. Some actions will be leading to further international coordinated research actions, others will lead to joint development programs. Focus areas include electronic identities and access management, cloud computing and virtualization, pki and certification authorities, biometrics, European certification programs, challenges in data protection, convergence between physical and logical security, … The Security Innovation Network is supported by the European Regional Development Fund under the INTERREG IVb program, as a transnational collaboration in North-West Europe. The project is open for other national cluster initiatives, companies and academic experts to join. The initiative aims to reduce the fragmentation in the local markets, allow for a better international co-operation and establish trust relationships between expert companies across the borders.
+
This will be followed by hands-on lockpicking by the attendees.  
 +
Practice locks and lockpicking tools will be provided.  
 +
 
 +
Toool was featured in a Dutch television program "Nova" where they warned about the dangers of bump keys. If you want to know how to mitigate this technique, come and visit us at Brucon.  
 +
 
 +
===Capacity===
 +
Max 20 seats!
 +
Monday only!
 +
<br>[[Workshop Registration|register here]]
  
URL: http://www.securityinnovationnetwork.com
 
<!--
 
<br>[[Workshop Registration|register]]
 
-->
 
 
==Beer Brewing==
 
==Beer Brewing==
 
by '''''Machtelt Garrels'''''
 
by '''''Machtelt Garrels'''''
Line 190: Line 143:
 
<br>She studied electro-mechanical engineer but ended up in the IT world, devoting 15 years to the spread of free software and writing many books and giving many workshops.  
 
<br>She studied electro-mechanical engineer but ended up in the IT world, devoting 15 years to the spread of free software and writing many books and giving many workshops.  
 
<br>From her father she learned to operate cars, to make wine and brew beer. She's keen on mixing cocktails and preparing various beverages such as crème de cassis, elixirs etc.
 
<br>From her father she learned to operate cars, to make wine and brew beer. She's keen on mixing cocktails and preparing various beverages such as crème de cassis, elixirs etc.
 +
 +
Bring a glass for the tasting session.
 +
 +
This workshop will be hosted oustide the SURF House in a tent. (Just follow the signs)
 +
 +
===Capacity===
 +
Max 30 seats!
 +
Monday only!
 +
<br>[[Workshop Registration|register here]]

Latest revision as of 17:24, 17 July 2011

ARCHIVED ON ORGA WIKI

Registration

In order to smooth the organization and because the number of places for some of the workshops is limited, we kindly ask you to add your name or nickname on the Workshop Registration page.

White Hat Shellcode: Not for Exploits

by Didier Stevens

Capacity

Max 40 seats! (and tables for the first 20 people)
register here

Requirements

Attendees to this workshop must come with their own laptop + virtualbox or vmware

Agnitio: the security code review Swiss army knife

by Security Ninja'

Capacity


register here

Requirements

Its static analysis, but not as we know it

by ''''

Capacity


register here

Requirements

Collective Malicious PDF Analysis

by x0ner'

Capacity


register here

Requirements

Going beyond one sample at a time

by ''''

Capacity


register here

Requirements

Script Kiddie Hacking Techniques

by Ellen Moar & Colin McLean'

Capacity


register here

Requirements

How a script kiddie can copy and paste their way to effective hacks

by ''''

Capacity


register here

Requirements

The Web Application Hacking Toolchain

by jhaddix'

Capacity


register here

Requirements

web hacking made better

by ''''

Capacity


register here

Requirements

Learn to use shellcode for defense

by ''''

Capacity


register here

Requirements

VOIP

by ''''

Capacity


register here

Requirements

RFID

by ''''

Capacity


register here

Requirements

Lockpicking 101

by Walter Belgers (TOOOL.nl)

The Open Organization of Lockpickers (TOOOL) was founded in Amsterdam. Meanwhile, we have groups in Eindhoven (Netherlands) and the USA as well. We regularly meet to practice lockpicking and discuss techniques used in locks. Every year, championships are being held in lockpicking, safe lock manipulation and impressioning.

Our knowledge about locks is also used to inform the general audience. This helps them in making informed decisions when buying locks. Also, we strive to have open communication with the lock industry and help them eliminate weaknesses in locks before they hit the market.

Presentation:

Toool will give a presentation and demonstration about the weaknesses and strengths of common locks. This will help visitors choose better and more secure locks for their homes or enterprises.

Hands-on:

This will be followed by hands-on lockpicking by the attendees. Practice locks and lockpicking tools will be provided.

Toool was featured in a Dutch television program "Nova" where they warned about the dangers of bump keys. If you want to know how to mitigate this technique, come and visit us at Brucon.

Capacity

Max 20 seats! Monday only!
register here

Beer Brewing

by Machtelt Garrels

Brewing a great Belgian-style double-fermentation beer, includes tasting and taking some home. You will learn the steps in the process, everything is demonstrated, lots of info about where to get ingredients, materials, small hacks to make your life as a brewer easier. The process takes about 2 months, but everything is prepared so we can cut the waiting time.
This workshop will address the following aspects of the brewing process:

  • The various stages of brewing and a little chemistry:
    Brew is even easier if you know what happens.
  • What do you need?
    Anyone who's a little bit handy can tinker easily together the necessary material.
  • Where do you get the ingredients?
    Do you need special grain? What is the importance of hops? What yeast do you use?

Machtelt learned already very early knitting and crochet then embroidery, gardening, welding, weaving, spinning, doll making, sewing, herbal medicine and much more. She could never sit still.
She studied electro-mechanical engineer but ended up in the IT world, devoting 15 years to the spread of free software and writing many books and giving many workshops.
From her father she learned to operate cars, to make wine and brew beer. She's keen on mixing cocktails and preparing various beverages such as crème de cassis, elixirs etc.

Bring a glass for the tasting session.

This workshop will be hosted oustide the SURF House in a tent. (Just follow the signs)

Capacity

Max 30 seats! Monday only!
register here