BruCon 2018 (0x0A) – day 2

Volunteering at Brucon

As a BruCon volunteer I help out with the management of the workshop rooms, we have been doing that for a couple of years.  We have been doing this with the same volunteer crew for a couple of years now, which means that you have a trust relationship with the core team and the hotel.  That relationship helps because there are always little issues that come up. For me personally yesterday it was multi-socket power adapters, yet 5 minutes later by the time everybody sat down the whole problem was solved.

If you plan to volunteer for an event I would recommend going a couple of years, get to know other volunteers. Help them if they can use a hand and volunteer for the same position every year if you have found what you like.


The first workshop I managed the room for was on the topic of broEva Szilagyi and David Szili gave us a good overview of how you can use bro as an incident response tool and as a network security monitoring tool (NSM).

Eva and David had prepared an Ubuntu VM with bro and an ELK-stack to visualize some of the results for the workshop attendees to get some hands on experience with the tool.

If the week of the 15th of October you happen to be in Luxembourg and are into infosec you are in for a treat. There is the MISP summit, and BSidesLuxembourg which Eva and David help to organize. If you attend BSidesLuxembourgh go say hello to them.

Developing Resilient Detections

The second workshop of the day was on the topic of writing good signatures for detecting malicious actors in your ecosystem. Daniel Bohannon, who works for FireEye’s Advanced Practices Team, is also the author of Invoke-Obfuscation, Invoke-CradleCrafter and Invoke-DOSfuscation obfuscation frameworks and the co-author of the Revoke-Obfuscation PowerShell obfuscation detection framework.

Daniel developed the tools mentioned above to test the signature he writes and explained how he develops signatures, can make them generic enough and test them with his tools.

The room was really into the topic and there was a lot of interaction, it had a bit of an impact on Daniel’s time to follow the slides but I think everybody really enjoyed it. If you happen to meet Daniel, he is really into coffee, buy him one and you most certainly will have a very nice conversation with a guy that has a really cool job.

Up to BruCon 2018 day 3 …