From BruCON 2017
ARCHIVED ON ORGA WIKI
- 1 Registration
- 2 Introduction in Assessing and Exploiting Web Applications with Samurai-WTF LiveCD
- 3 CERT AbuseHelper Workshop
- 4 Damn Vulnerable Web App
- 5 Hardware Hacking Area: Learn To Make Cool Things With Microcontrollers!
- 6 Living with SELinux How to configure SELinux for your daily applications in CentOS/RHEL
- 7 Lockpicking 101
- 8 Malicious PDF analysis
- 9 RFID workshop
- 10 Seccubus workshop: Analyzing vulnerability assessment data the easy way
- 11 The Security Innovation Network - Cluster of Clusters
- 12 Beer Brewing
In order to smooth the organization and because the number of places for some of the workshops is very limited, we kindly ask you to add your name or nickname on the Workshop Registration page.
Introduction in Assessing and Exploiting Web Applications with Samurai-WTF LiveCD
by Justin Searle
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
This workshop gives a short introduction on how to work with the liveCD but is not meant to replace the full course. During the workshop, participants will be given the latest version of the CD which has yet to be released this week!!!
Max 30 seats!
Attendees to this workshop must come with their own laptop
All other programs will be given on a cd during the workshop.
CERT AbuseHelper Workshop
by David Durvaux and Christian Van Heurck
AbuseHelper is an open-source project initiated by CERT.FI (Finland) and CERT.EE (Estonia) with ClarifiedNetworks to automatically process incidents notifications. This tool is being developped for CERTs and ISP's to help them in their daily job of following and treating a wide range of high-volume information sources. CERT.be is part of the project for testing it for their proper use, contributing code to the community and promoting collaboration amongst other CERT's. It is interesting to note that the framework can also be used for automatically processing (standardised) information from a wide range of sources.
The aim of this workshop is to explain how to deploy a basic installation and show how to extend the framework with new agents. The workshop will be divided in 3 parts:
- a small introduction on AbuseHelper and why/to whom it could be useful;
- a hands-on session on the AbuseHelper installation;
- a hands-on on coding session for AbuseHelper.
Max 25 seats!
The participants to this workshop should have the following knowledges:
- Basic Linux/UNIX system administration for the installation of AbuseHelper;
- Basic Python programming knowledge for the hands-on coding session.
All participants are expected to come with a laptop and VMWare Player/Fusion/Workstation installed, being able to run a virtual machine that will be provided for the workshop.
Damn Vulnerable Web App
by Ryan Dewhurst
Damn Vulnerable Web App (DVWA) is an Open Source PHP/MySQL web application that is vulnerable to the most common types of web application security bugs. It is an aid for security professionals to test their skills and tools in a legal and controlled environment, help developers to better understand the processes of securing web applications and aid teachers/students to teach and learn web application security in a classroom environment. (DVWA, 2010)
The DVWA project started in December 2008 and has steadily grown in popularity. It is now used by thousands of security professionals, students and teachers world wide. More recently it was featured at a well renowned hacker conference held in Washington D.C. called Shmoocon attended by over 1500 people from the Information Security community.
Max 40 seats! (and tables for the first 20 people)
Every participants to this workshop must come with their own laptop and be able to boot from a Live CD.
Hardware Hacking Area: Learn To Make Cool Things With Microcontrollers!
by Mitch Altman
Anyone can learn to solder and make cool things with microcontrollers!
Come to the Hardware Hacking Area any time during the conference and Mitch will teach you to solder and make any number of fun and intriguing open-source projects, that you can take home with you.
Turn off TVs in public places with TV-B-Gone, trip out to your brain waves with the Brain Machine, play games, LEDcubes, make art -- microcontrollers can do all this and more.
Mitch will have plenty of parts for fun and intriguing open-source projects, organized as simple kits that anyone can successfully complete and take home.
This is for all ages and skill levels.
Mitch can also help you with your projects.
So, come on by at the Hardware_hacking_area!
Refs: Cornfield Electronics ("maker faire" tab) Mitch Altman has taught thousands of people to solder at workshops he has given at hacker conferences, Maker Faires, hackerspaces, and schools all over the world.
Living with SELinux How to configure SELinux for your daily applications in CentOS/RHEL
by Toshaan Bharvani
Security Enhanced Linux, is disabled in most cases due to fact that most people do not take the time to understand how to work with SELinux. However security increases, by keeping SELinux on, as all applications are segregated therefore even if a intruder were to enter it would only affect that application. In RHEL, CentOS or Fedora most applications are predefined in SELinux and can be adjusted, however other applications can be added easily with the integrated tools, allowing you to run any custom application. The presentation explains what SELinux is, how it works, how to implement the predefined policies and how to create custom policies.
Max 40 seats! (and tables for the first 20 people)
Please bring your laptop preferably with a Linux distro that supports SELinux
by Walter Belgers (TOOOL.nl)
The Open Organization of Lockpickers (TOOOL) was founded in Amsterdam. Meanwhile, we have groups in Eindhoven (Netherlands) and the USA as well. We regularly meet to practice lockpicking and discuss techniques used in locks. Every year, championships are being held in lockpicking, safe lock manipulation and impressioning.
Our knowledge about locks is also used to inform the general audience. This helps them in making informed decisions when buying locks. Also, we strive to have open communication with the lock industry and help them eliminate weaknesses in locks before they hit the market.
Toool will give a presentation and demonstration about the weaknesses and strengths of common locks. This will help visitors choose better and more secure locks for their homes or enterprises.
This will be followed by hands-on lockpicking by the attendees. Practice locks and lockpicking tools will be provided.
Toool was featured in a Dutch television program "Nova" where they warned about the dangers of bump keys. If you want to know how to mitigate this technique, come and visit us at Brucon.
Max 20 seats!
Malicious PDF analysis
by Didier Stevens
This workshop will teach you the fundamentals you need to know to analyze (malicious) PDF documents. Didier Stevens will familiarize you with PDFiD and pdf-parser, two essential tools for PDF analysis he authored. The workshop is hands-on: bring your laptop, start the VM we provide you (VMware or VirtualBox) and you're ready to go! Contained in the Linux VM are the tools and PoC samples to do the exercises of the workshop. We start with a very simple, PoC malicious PDF file (you could even analyze this PoC file with Notepad or vi) to lay out the fundamentals, and then work through more complex examples.
Each attendee will receive a copy of a 20+ page PDF analysis document Didier Stevens authored. And yes, this document will be provided in the Portable Document Format, but hey, when you successfully complete this workshop, you will know how to identify malicious PDF files ;-)
Max 40 seats! (and tables for the first 20 people)
Attendees to this workshop must come with their own laptop + virtualbox or vmware
by Philippe Teuwen
Come with your laptop & tags
You'll get a bootable LiveCD and be able to borrow a RFID reader
The workshop will be a mix of presentation and hands-on
Intro about RFID readers for PC:
- Global architecture, chipset, connection (USB, serial...), drivers,...
- PC/SC: limits of manipulating RFID with contact-oriented standards, pseudo-ATR & pseudo-APDU
- Manipulating APDUs to talk to 13.56MHz RFID tags
- Challenge/Response authentication
- Read various tags... Come with your own tags as well!
- Libraries RFIDiot, LibNFC
- Applications ePassport Viewer, ...
And more demos, depending on available time
Philippe Teuwen is Principal Engineer in the SECurity REsearch Team - Leuven, Belgium, NXP Semiconductors.
He gave several talks at Hack.lu about Wi-Fi and Smartcards security.
Max 15 seats!
Attendees to this workshop must come with their own laptop and able to boot on a live CD, physically or through virtualbox/vmware (but you'll need USB support, so no Virtualbox OSE!)
You can come with your own tags providing that you're legally allowed to read their content
e-Passports are especially welcome!
Seccubus workshop: Analyzing vulnerability assessment data the easy way
by Frank Breedijk
As part of his job as Security Engineer at Schuberg Philis, Frank Breedijk performs regular security scans. The repetitive nature of scanning the same customer infrastructure over and over again made him decide to look for a more automated approach. After building his first scanning scheduler he realized that it actually does not make sense to look at all findings every time they are reported. It would be much better to only investigate the deltas between the scans. The philosophy behind AutoNessus was born. In his workshop Frank will demonstrate Seccubus by making the attendees perform scans of a live demo environment and explain the inner workings of Seccubus and the philosophy behind it.
What is Seccubus?
Seccubus automates regular vulnerability scans and provides delta reporting. It effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.
Anyone who has ever used Nessus or OpenVAS will be familiar with one of its biggest drawbacks. Nessus and OpenVAS are very valuable tools, but unfortunately also very noisy. The time needed to report on a single scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular scans of the same infrastructure.
How does it work?
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction of the analysis time.
What will be in the talk?
The talk will be combined presentation and demonstration of the AutoNessus tool. While scanning a live demo environment Frank will discuss the following topics:
- The philosophy behind Seccubus
- The inner workings
- Seccubus in action
- Seccubus in real live
Everything about Seccubus and its philosophy.
This talk will give you real world knowledge. You will learn how to do more vulnerability scanning in less time and get more accurate results.
If scanning is part of you job, you should attend this talk. If scanning the same infrastructure more then once is part of your job, this is a must see talk!
Max 25 seats!
Every participants needs to bring her/his own laptops with mandatory working internet connectivity and being able to run ssh and a browser!
The Security Innovation Network - Cluster of Clusters
by Ulrich Seldeslachts
The Security Innovation Network is a partnership of Europe's leading Security Associations. These national Security clusters have joined forces to form a transnational European Security cluster, aiming to facilitate sharing experiences, business and research opportunities and building of trust amongst the partners. Not so much to find the next leak in a Windows, Adobe or network system, but to consider the best next solutions that could some of the current and future threats. During the workshop, the aim is to draft a number of major cyber security threats, provided by some examples and discussions amongst participants. We will be able to challenge each other the level of threat that some of those are facing us, and at the same time list out a number of potential ideas and solutions to those problems. Those could be both from a technological, administrative or policy level. Next the aim is to drill down some of those solutions to workable scenario’s and find a relative impact of the solutions once applied. The final aim is to prepare some out of the box thinking on the current and future challenges awaiting us. We’ll consider whether technologies such as virtualization, white boxing, deep packet analysis, honey pots, and others are valid solutions and how future borderless networks, mobile environments and electronic identities will be handled. We’ll also consider the wider infrastructure impact of cyber security and how countries and companies are taking measures (or not) considering cyber terrorism, or even cyber war. Some of the threats could finally be part of the solution and taken as a measure of defense, fighting the malicious attackers with their own weapons and more …
Subject to the outcome and the interests of the participants, results of the discussions can be published either as concepts to a wider market for further discussion, or shared with people and companies in the SecurityInnovationNetwork, where they can serve as means for further innovative and research developments. People participating will be invited to join or lead the innovative programs, and will be guided through R&D funding programs and supported in finding the right development and business partners.
The process of the workshop is to feed the participants with some innovation concepts, with some of the latest threats and challenges, and to open a discussion on whether these can be treated with some different thinking and approaches.
Max 40 seats!
by Machtelt Garrels
Brewing a great Belgian-style double-fermentation beer, includes tasting and taking some home. You will learn the steps in the process, everything is demonstrated, lots of info about where to get ingredients, materials, small hacks to make your life as a brewer easier. The process takes about 2 months, but everything is prepared so we can cut the waiting time.
This workshop will address the following aspects of the brewing process:
- The various stages of brewing and a little chemistry:
Brew is even easier if you know what happens.
- What do you need?
Anyone who's a little bit handy can tinker easily together the necessary material.
- Where do you get the ingredients?
Do you need special grain? What is the importance of hops? What yeast do you use?
Machtelt learned already very early knitting and crochet then embroidery, gardening, welding, weaving, spinning, doll making, sewing, herbal medicine and much more. She could never sit still.
She studied electro-mechanical engineer but ended up in the IT world, devoting 15 years to the spread of free software and writing many books and giving many workshops.
From her father she learned to operate cars, to make wine and brew beer. She's keen on mixing cocktails and preparing various beverages such as crème de cassis, elixirs etc.
Bring a glass for the tasting session.
This workshop will be hosted oustide the SURF House in a tent. (Just follow the signs)
Max 30 seats!