From BruCON 2017
These are the confirmed trainings for Brucon 2011
FAIR - Factor Analysis of Information Risk by Jack Jones
Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
This training will introduce the students to FAIR and teach them how to apply it to real-life scenarios.
At the end of training, students are eligible to take a certification exam at no additional cost.
Everyone who attends training receives a free copy of the FAIRLite Excel-based application. FAIRLite is an Excel application designed to enable simple and effective quantitative analysis of risk scenarios using the FAIR framework. Developed by a former CISO who understands the need for efficient and practical tools, FAIRLite is simple to use and yet flexible enough to per- form powerful analyses on complex scenarios.
Note that FAIRLite requires an Excel plugin from RiskAMP.com. A fully functional 30-day demo version of the RiskAMP plugin is provided to students. Students may purchase the plugin (Professional Edition required) directly from RiskAMP for $249.95.
Students are considered to have a basic understanding of risk and some experience in one or more disciplines related to risk (e.g., information security, disaster recovery, continuity management, operational risk, etc.).
Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte
Based on the Corelan tutorials, this hands-on course will provide students with solid understanding of current Win32 stack based exploitation techniques :
- Win32 memory management
- Using debuggers and debugger plugins such as pvefindaddr
- Exploiting stack buffer overflows
- Bypassing memory protections (Safeseh, sehop, stack cookies, aslr, dep)
- Dealing with character set conversions and transformations (Unicode, etc)
- Using egghunters, omelet egg hunters
- Writing and integrating modules for Metasploit
- Writing shellcode
There’s An App For That (Pentesting Mobile Apps) by Joe McCray
This is a 2-day workshop focused on hands-on mobile application security testing. Each day this course starts you off with setting up your environment (emulator/sdk/hardware/etc), then quickly moves into using your device as an attack platform. From there the course goes into the basics of reverse engineering mobile applications, exploiting mobile applications on each respective platform, and finally on to attacking web services from each platform.
Threat Modeling and Architecture review by Pravir Chandra
Threat Modeling & Architecture Review are cornerstones of a preventative approach to Software Security Assurance. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the risks an application faces and how the application will handle those potential problems. This enables consistently accurate assessment of an application’s security posture and recommendation of appropriate improvements or mitigating controls.