Brucon 2009
September 18 - 19, 2009
Brussels, Belgium

Any con with the catch phrase "HACKING FOR B33R" is worth a look. 

BruCON aims to become the best and most fun hacking (*) and security event in Belgium and W. Europe offering a high quality line up of speakers, opportunities of networking with peers, hacking challenges and workshops. Organized in Brussels, BruCON is an open-minded gathering of people discussing computer security, privacy, information technology and its cultural/technical implications on society. The conference creates bridges between the various actors active in computer security world, included but not limited to hackers(*), security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies, etc...

Topics of interest include, but are not limited to :

- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Web Application and Web Services Security
- Lockpicking & physical security
- Honeypots/Honeynets
- Spyware, Phishing and Botnets (Distributed attacks)
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Electronic Voting
- Free Software and Security
- Standards for Information Security
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
- Network security
- Security aspects in SCADA, industrial environments and "obscure" networks
- Forensics and Anti-Forensics
- Mobile communications security and vulnerabilities
- Information warfare and industrial espionage.

For more info:
http://www.brucon.org/

Don

Don,

thanks for the headsup on this one. I might see if I can make this one.

Yeah, it is confirmed:

http://www.brucon.org/index.php/Presentations

Open Source Information Gathering
by Chris Gates

Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we're on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.


Red and Tiger Team
by Chris Nickerson

Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

Hi Dale,

I'll be there, never been to a security conference (or Brussels) before so very much looking forward to it!

Where are you travelling from?

I'm from London, so will be getting the eurostar I think.

Anyone else form EH.net going?

Don,

I didn't make it but it seems like those there are having WAY too much fun. I've been following #brucon on twitter to keep up to date, can't wait until some official material is released post event.

I am home, what an excellent time.
I will be posting some videos on my blog later in the week hopefully of the Gates and Nickerson presentations.

What a great time was had by all, brilliant.

I really was an impressive con, even more so it was the first one, great success.

Just realised I dont think I met up with kungfusteve, sorry..