Me and the Eurotrash Security Podcast Crew @ BruCon 2010

BruCON is an annual security and hacker(*) conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Brussels, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker(*) community.

The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers(*), security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies, etc…..

Look out Belgium, all the Eurotrash Security crew are going to be in attendance at BruCon 2010 in September.

Myself (Dale Pearson) and Craig Balding will be presenting, and Chris John Riley and Wim Remes will also be in attendance at the conference. The Eurotrash Security team will also be taking part in the podcasters meet up. So feel free to come along and buy us a drink 🙂

Chris Nickerson – Red and Tiger Team Testing – BruCon 2009

This is the third and final of my 3 videos recorded at BruCon 2009. Sorry its taken so long, I had some upload issues due to size, so this needs to be in two parts.
This is the excellent presentation from Chris Nickerson on Red and Tiger Team Testing.

Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. “Think like our enemy!” That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn’t it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads… literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

Also to learn more about Chris and what hes up to check out his website and Exotic Liability.

Chris Nickerson – Red and Tiger Team Testing Part 1 – BruCon 2009 from Dale Pearson on Vimeo.

Chris Nickerson – Red and Tiger Team Testing Part 2 – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Chris Nickerson | Linking to is fine ::

Chris Gates – Open Source Information Gathering – BruCon 2009

This is the second of my 3 videos recorded at BruCon 2009.
This is the excellent presentation from Chris Gates on Open Source Information Gathering.

Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we’re on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.

Also to learn more about Chris and what hes up to check out his website.

Chris Gates – Open Source Information Gathering – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Chris Gates | Linking to is fine ::

Jayson E. Street – Dispelling the myths and discussing the facts of Global Cyber-Warfare – BruCon 2009

This is the first of my 3 videos recorded at BruCon 2009.
This is the excellent presentation from Jayson E. Street on Dispelling the myths and discussing the facts of Global Cyber-Warefare.

Abstract: There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.

Jayson has an excellent book coming out called “Dissecting the Hack: The Forbidden Network

Also to learn more about Jayson and where he is talking check out his website.

Jayson E. Street – Dispelling the myths and discussing the facts of Global Cyber-Warfare – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Jayson E. Street | Linking to is fine ::

BruCon 2009, gone but certainly not forgotten

CIMG2534

Well I am back from BruCon, and what can I say it was excellent. Benny and Co did a fantastic job of setting up and running the Conference, and I am sure an excellent time was had by all. Great to see faces old and new, listen to some great speakers, attend some great workshops and spend some excellent time with cool people drinking excellent beer 🙂

If your not sure what I am on about check out http://brucon.org for more information.

I have recorded a couple of videos that I will be posting over coming few weeks (due to Vimeo restrictions), so check back to the blog for presentations from Jayson Street, Chris Gates and Chris Nickerson.

If you want some detailed posts on some of the presentations as they went on check out Chris Riley’s Blog (he has a time machine, so he could blog about them before the speaker even knew what they were saying).

Also check out Help Net Security for some official press material of the event.

So to all those I met and enjoyed the company of (you know who you are) thanks for a great one and see you soon.

Couple of pics, even some Kiosk hacking and Craig Balding talking about Cloud Security 🙂