I recently returned from presenting at BruCon 2009 and wanted to give everyone a quick recap of my trip.
Figure 1) Stephan Chenette speaking at BruCon on Day 2 of the conference. I spoke on Script Fragmentation, an exploit delivery technique for attackers in a Web 2.0 world.
This was officially the first BruCon, but Benny and the BruCon organizers did such a professional job that it ran like a seasoned conference. I was thoroughly impressed by the venue, setup, motivation from the volunteers, and the speakers.
Here is a list of the talks with a summary of those speakers whose presentations I especially enjoyed attending:
Trusted Cryptography - Vincent Rijmen
Belgian cryptographer and co-designer of Advanced Encryption Standard (AES)
SQL Injection - how far does the rabbit hole go? - Justin Clarke
I was fortunate enough to attend a dinner with Justin afterwards and discuss some of his penetration/analysis work, to which I found to be first rate.
All Your Packets Are Belong to Us - Attacking Backbone Technologies - Daniel Mende & Roger Klose
Social engineering for penetration testers - Sharon Conheady
An excellent presenter, who shared some entertaining anecdotes when working as a professional pen-tester and social engineer.
Dispelling the myths and discussing the facts, Global Cyber-Warfare - Jayson E. Street
I had the opportunity to discuss several topics with Jayson at the conference. He certainly has a unique perspective on cyber warfare, especially concerning China. He recently released a novel titled, Dissecting the Hack: The F0rb1dd3n Network . After meeting him, I'm definitely going to pick up a copy!
Botnets, Ransomware, Malware, and Stuff! - Julia Wolf
Julia is a fellow researcher, whom I respect very much. She dived into some of the more technical details of various malware and exploits, great for those of us in the audience who wanted to see some deeper-level presentations.
Open Source Information Gathering - Chris Gates
This was a great talk by Chris, who shows how all the information-gathering work you put into a pen-test can really pay off.
Red and Tiger Team - Chris Nickerson
Both Chris Gates and Chris Nickerson showed the more realistic aspects of pen-testing and how pen-testing by the book shows only that your security is as safe as the standards...too bad attackers aren't reading those same standards! Luckily, Gates and Nickerson aren't playing by the rules either. They shared with the audience various red-teaming tactics they go through in their pen-testing.
The Belgian Beer Lover's Guide to Cloud Security - Craig Balding
Craig did an excellent job of taking a rather serious subject these days, the Cloud, and associating it with the theme of the conference, beer... Hey, what do you expect? It was Belgium!
I was happy to have been accepted to speak at BruCon, and honored to help make the first BruCon a true success. I look forward to speaking at next year's conference, and encourage those of you in Europe to attend BruCon 2010!
Principal Security Researcher: Stephan Chenette