BruCON 0x10: Full Schedule

Michael Sikorski (@mikesiko) is the CTO of Unit 42 at Palo Alto Networks where he leads the Threat Intelligence and Engineering teams. He is a renowned expert in reverse engineering and wrote the best seller, “Practical Malware Analysis”. Previously at Mandiant for 15 years, he’s... Read More →

Thursday September 19, 2024 10:00 - 11:00 CEST
01. Gouden Carolus

Talk

10:00 CEST

Wireless Hacking 101 with WHAD

Thursday September 19, 2024 10:00 - 12:00 CEST

04. Het Anker

WHAD stands for "Wireless Hacking Devices" (or "Wireless Hacking for Dummies") and is a brand new framework providing a unified interface to play with various wireless protocols, with multiple hardware devices supported out-of-the-box. It has been thought as a flexible and extensible toolbox to interact with wireless devices, including multiple customizable protocol stacks and some super-duper features like real-time monitoring with Wireshark or tool chaining to achieve complex tasks.

This workshop will teach you how to use WHAD and its off-the-shelf tools, but also how to take advantage of it to create your own tools in Python to interact with Bluetooth Low Energy and other ZigBee devices, as well as wireless mice and keyboards! You will also discover how to emulate a device with a few lines of Python and even create BLE exploits that run smoothly on any compatible device.

Speakers

Damien Cauquil

Damien Cauquil is security engineer at Quarkslab, France. He loves electronics, embedded devices, wireless protocols and to hack all of these not especially in that order. He authored several Bluetooth Low Energy tools like Btlejuice and Btlejack, discovered a way to hack into an... Read More →

Romain Cayre

Romain Cayre is assistant professor in Software and System Security (S3) group at EURECOM, France. He works on topics related to wireless security, IoT security and embedded systems security. He loves hacking embedded wireless stacks and playing with wireless protocols. In the past... Read More →

Thursday September 19, 2024 10:00 - 12:00 CEST
04. Het Anker

Workshop

10:00 CEST

XOR Cryptanalysis

Thursday September 19, 2024 10:00 - 12:00 CEST

05. Boscoli

In this 2 hour workshop, Didier will guide you through XOR Cryptanalysis exercises using several open source tools (several of these tools are created and maintained by Didier).

After an introduction to the XOR operator and its use in cryptography, we will work through several exercises that will familiarize you with tools like:

CyberChef
translate.py
XOR 010 Editor script
XORSearch
xor-kpa.py

And we will end with exercises using custom ransomware decryption tools that Didier developed for a particular ransomware strain with flawed crypto.

Speakers

Didier Stevens

Didier Stevens is a malware expert working for NVISO. Didier is a SANS Internet Storm Center senior handler and Microsoft MVP, and has developed numerous popular tools to assist with malware analysis.

Thursday September 19, 2024 10:00 - 12:00 CEST
05. Boscoli

Workshop

10:00 CEST

ICS and IoT Village

Thursday September 19, 2024 10:00 - 18:00 CEST

03. Maneblusser

Thursday September 19, 2024 10:00 - 18:00 CEST
03. Maneblusser

Village

11:00 CEST

CurveBack: A Backdoor Analysis

Thursday September 19, 2024 11:00 - 12:00 CEST

01. Gouden Carolus

The evolution of China-nexus based backdoors the last decade has rapidly produced several families that have been documented in great detail. One of the latest additions to this order are SideWalk / ScrambleCross which employ challenging techniques and are difficult to detect without prior knowledge about their functionality. In the fall of 2023, the mnemonic Incident Response Team (mIRT) was engaged to uncover an attack as part of an esponiage campaign, and discovered a previously undocumented backdoor in the evolutional trail. Keeping track of the development of these malware families is essential for defenders. This talk shares the highlights from our analysis of the malware and reflections on how to detect it.

Speakers

Rafael Lukas Maers

Rafael Lukas Maers has a Master's degree in MathemaMcs and has worked in mnemonic since 2013. He began his cybersecurity career as an analyst, before he ventured into network analysis and developed a world-class decoder for an ICS/OT network protocol. In 2017, he started working as... Read More →

Stian Jahr

Stian Jahr holds a Master’s degree in InformaMon Security and has been part of mnemonic’s Managed Security Services since 2006. He has played a central role in the formaMon and technical management of mnemonic’s Security Services, where he has been focusing on network analysis... Read More →

Thursday September 19, 2024 11:00 - 12:00 CEST
01. Gouden Carolus

Talk

12:00 CEST

Lunch

Thursday September 19, 2024 12:00 - 13:30 CEST

00. Lounge

Thursday September 19, 2024 12:00 - 13:30 CEST
00. Lounge

Lounge

13:30 CEST

The Best Of 2023-2024: inside the biggest hacks and facts of the past year

Thursday September 19, 2024 13:30 - 14:30 CEST

01. Gouden Carolus

It's a struggle keeping track of everything happening day after day, right? Don't blink or you'll miss new vulnerabilities, new techniques and leaks, …

The presenter, Dieter Van Den Bosch, suggested in the feedback form of BruCON back in 2011, that someone should do a presentation on the security highlights of the past year.

We’re 13 years later… and for the second year in a row, Dieter will give that talk himself!

He will take you through a journey of the most active threat actors, some surprising facts that even experts have missed and some of the weirdest things of the past year!

Speakers

Dieter Van Den Bosch

Thursday September 19, 2024 13:30 - 14:30 CEST
01. Gouden Carolus

Talk

14:00 CEST

Zeek and Destroy with Python and Machine Learning Workshop

Thursday September 19, 2024 14:00 - 16:00 CEST

05. Boscoli

Zeek is an open-source network security monitor (NSM) and analytics platform that has been around for quite some time (since the mid-90s). It is used at large university campuses and research labs, but in the past few years, more and more security professionals in the industry have turned their attention to this fantastic tool.

But Zeek is so much more than just a NIDS generating alerts (notices) and log files! Zeek's scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting brute-force attacks, or, most importantly, interfacing with external sources, such as Python! The Zeek Python bindings allow us, the analysts, to use powerful Python libraries such as Numpy, Pandas, and Tensorflow and apply machine learning-based detection on network traffic.

During this two-hour workshop, we will learn about the following topics:

Super fast introduction to Zeek (architecture, events, logs, signatures, etc.)
Using machine learning and data science tools on Zeek logs (as an example, we will use Fourier Analysis to detect C2 beaconing)
Super fast crash course in Zeek scripting (just enough to understand how to create new logs)
Connecting Zeek and Python via the Zeek Broker Communication Framework
Using machine learning tools in Python on the data we receive from Zeek for detection (as an example, we will use convolutional neural network and random forest models to compare them, and then use them to find unknown malware in live network traffic)

Requirements for the workshop:

A laptop with at least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).
Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended), VMWare Workstation Player, VMWare Fusion, or VirtualBox.
Only 64-bit Intel-compatible (Intel or AMD) processors are supported.

/!\ WARNING /!\: ARM-based (Apple Silicon, some Microsoft Surface) devices cannot perform the necessary virtualization and therefore cannot be used for the workshop.

Speakers

Eva Szilagyi

Eva Szilagyi is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. She has more than ten years of professional experience in various areas like penetration testing, security source code review, vulnerability management... Read More →

David Szili

David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture... Read More →

Thursday September 19, 2024 14:00 - 16:00 CEST
05. Boscoli

Workshop

14:00 CEST

An Introduction to Firmware Cartography

Thursday September 19, 2024 14:00 - 18:00 CEST

04. Het Anker

This workshop will introduce attendees to the world of firmware analysis. It will discuss only structured firmwares---i.e. firmware containing a file system---by opposition to monolithic firmwares also known as baremetal firmwares. Students will discover two major steps of this analysis workflow which are also the most firmware specific ones: extraction of the filesystem and its cartography. Various open-source tools will be introduced, including two developed by Quarkslab: Pyrrha, a mapper collection for firmware analysis, and its underlying API Numbat. Based on this latter, attendees will be able to develop their own cartography tools with a nice UI. All along this workshop, a strong focus will be made on the tasks that could be automated by some existing or future tools but also on the limits of this automatization.

Requirements:

This workshop requires attendees to be able to script in Python.

Speakers

Eloïse Brocas

Eloïse Brocas is a security researcher and reverse engineer at Quarkslab.She has a strong interest in create tooling that support security analysts in their day-to-day tasks, some of these tools have been open-sourced like Pyrrha... Read More →

Thursday September 19, 2024 14:00 - 18:00 CEST
04. Het Anker

Workshop

14:30 CEST

Bypassing firewalls with API-to-API Hacking: Using Chained Transformations to deliver payloads to 2nd order API's

Thursday September 19, 2024 14:30 - 15:30 CEST

01. Gouden Carolus

In this talk we'll explore the opportunities that protocol & standards transformations provide for attackers in environments with an API microservice architecture.

Transformation of user input happens automatically when protocols & standards support certain encodings.

When API backends are constructing their own API calls to 2nd order API's using user input, "chained transformations" happen. This allows an attacker to construct payloads that only manifest in harmful form after a certain number of transformations. The payloads are often too obfuscated to be recognized by the perimeter Web Application Firewall.

This type of vulnerability is present even in hardened targets. Pentesters and bugbounty hunters can maximize the attack surface and increase impact using this bug.

Speakers

Johan Caluwé

Cyber Security Expert @ Centre for Cybersecurity BelgiumMember of Technical Research Team of CERT.beGuest professor "Web Application Pentesting Advanced" @ Howestuniversity of applied sciencesBug bounty hunter & ethical hacker

Thursday September 19, 2024 14:30 - 15:30 CEST
01. Gouden Carolus

Talk

15:30 CEST

Coffee Break

Thursday September 19, 2024 15:30 - 16:00 CEST

00. Lounge

Thursday September 19, 2024 15:30 - 16:00 CEST
00. Lounge

Lounge

16:00 CEST

Uncovering Hidden Threats: Intro to Kernel Debugging with WinDbg

Thursday September 19, 2024 16:00 - 18:00 CEST

05. Boscoli

In the dynamic realm of system security, the ability to diagnose and debug at the kernel level is invaluable. "Uncovering Hidden Threats: Intro to Kernel Debugging with WinDbg" is a workshop designed for IT professionals, system administrators, and security researchers who are eager to gain foundational skills in kernel debugging. This session will immerse participants in practical, hands-on scenarios using WinDbg for kernel debugging.

Throughout this workshop, attendees will engage directly with real-world debugging exercises, designed to provide a deep dive into the inner workings of the Windows kernel. Participants will be provided with preconfigured virtual machine (steps on how to set up debugging environment from scratch are provided on request), interpret common kernel-mode data structures, and detect common stealth and persistence techniques encountered in the Windows rootkits. The focus will be heavily on 'learning by doing,' ensuring that every attendee not only understands the theoretical underpinnings but also acquires direct experience in applying these techniques.

By the end of the workshop, participants will have the skills to uncover and mitigate hidden threats in their own systems, armed with a robust set of debugging competencies that can be applied immediately in their professional roles.

Speakers

Aleksandra Euler

Aleksandra Euler is an information security professional specializing in both offensive security and forensic investigations. Initially rooted in Linux kernel development, her expertise has seamlessly transitioned to mastering Windows kernel internals and technical intricacies of... Read More →

Thursday September 19, 2024 16:00 - 18:00 CEST
05. Boscoli

Workshop

17:00 CEST

Saddle up the system, y'all: A Texas handbook to Linux EDR baseline configurations.

Thursday September 19, 2024 17:00 - 18:00 CEST

01. Gouden Carolus

While there's often a strong focus on securing Windows environments against malicious activities, due to their widespread use, it's crucial not to underestimate the potential for Linux based systems to be exploited in a similar fashion.

Wrangling those EDR tools on Linux is downright essential, given its varied attack vectors and plenty of trickster trails to navigate. Linux setups are pretty common in server, cloud and IoT environments, each bringing their own flavor of security showdowns.

With Linux's robust privilege management, you need to set up your EDR solutions in a way that they can effectively oversee and respond to unusual activities. By engaging in active EDR testing on Linux, a comprehensive approach to security is ensured, covering a wide range of threats and system complexities. It's like having your digital glam squad handle all the security drama, so you can focus on the fabulousness!

Speakers

Melina Phillips

I am an Offensive Security Engineer with 10 years of IT experience and 6 years specifically focused on IT Security. As an Offensive Security Engineer, I leverage my expertise and passion for red teaming to identify vulnerabilities and develop effective strategies to protect my organization... Read More →

Thursday September 19, 2024 17:00 - 18:00 CEST
01. Gouden Carolus

Talk

08:30 CEST

Registration

Friday September 20, 2024 08:30 - 10:00 CEST

00. Lounge

Friday September 20, 2024 08:30 - 10:00 CEST
00. Lounge

Lounge

10:00 CEST

Keynote: To be Announced

Friday September 20, 2024 10:00 - 11:00 CEST

01. Gouden Carolus

Speakers

Kim Wuyts

Kim Wuyts (@Wuytski) is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy... Read More →

Friday September 20, 2024 10:00 - 11:00 CEST
01. Gouden Carolus

Talk

10:00 CEST

XOR Cryptanalysis

Friday September 20, 2024 10:00 - 12:00 CEST

05. Boscoli

CyberChef
translate.py
XOR 010 Editor script
XORSearch
xor-kpa.py

And we will end with exercises using custom ransomware decryption tools that Didier developed for a particular ransomware strain with flawed crypto.

Speakers

Didier Stevens

Friday September 20, 2024 10:00 - 12:00 CEST
05. Boscoli

Workshop

10:00 CEST

Zeek and Destroy with Python and Machine Learning Workshop

Friday September 20, 2024 10:00 - 12:00 CEST

04. Het Anker

Super fast introduction to Zeek (architecture, events, logs, signatures, etc.)
Using machine learning and data science tools on Zeek logs (as an example, we will use Fourier Analysis to detect C2 beaconing)
Super fast crash course in Zeek scripting (just enough to understand how to create new logs)
Connecting Zeek and Python via the Zeek Broker Communication Framework
Using machine learning tools in Python on the data we receive from Zeek for detection (as an example, we will use convolutional neural network and random forest models to compare them, and then use them to find unknown malware in live network traffic)

Requirements for the workshop:

A laptop with at least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).
Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended), VMWare Workstation Player, VMWare Fusion, or VirtualBox.
Only 64-bit Intel-compatible (Intel or AMD) processors are supported.

/!\ WARNING /!\: ARM-based (Apple Silicon, some Microsoft Surface) devices cannot perform the necessary virtualization and therefore cannot be used for the workshop.

Speakers

Eva Szilagyi

David Szili

Friday September 20, 2024 10:00 - 12:00 CEST
04. Het Anker

Workshop

10:00 CEST

ICS and IoT Village

Friday September 20, 2024 10:00 - 18:00 CEST

03. Maneblusser

Friday September 20, 2024 10:00 - 18:00 CEST
03. Maneblusser

Village

11:00 CEST

MitM but for Mail (MaitM)

Friday September 20, 2024 11:00 - 12:00 CEST

01. Gouden Carolus

Mistyped domains often take some convincing to be effective in phishing attacks. After finding the perfect typo, the real work starts setting up the perfect lure. Instead of this, an often-forgotten attack vector exists where potential victims already make these typo's when sending email and or configuring systems, letting go of plenty useful information while at it.

In this talk we will explore this attack vector, ultimately setting ourselves up for a Mail-in-the-middle (MaiTM) attack to steal confidential information, login using password resets, embed tracking pixels and even deliver malware. Configuring this can still take some work and requires quick timing, so to help with that we have developed a toolkit that we will demonstrate during this talk. Finally, considering the impact of these attacks we will dive into some detection and prevention strategies for this attack while also releasing some new proof of concept tooling to aid organizations in defending against it.

Speakers

Felipe Molina

Felipe Molina is a Spaniard hacker working in the SensePost Team at Orange Cyberdefense with 10 years of experience in the cyber security field. He loves Andalusia, Spain, to hack, to drink beer, to barbecue with family and friends, and deep diving into new software to find cool... Read More →

Szymon Ziolkowski

Szymon Ziolkowski is a pentester at the SensePost team of Orange Cyberdefense. Szymon has been in the industry for close to 8 years and enjoys application security and physical assessments - always looking for a door to open with a spoon. "He is Polish and a good guy" - Felipe Mo... Read More →

Friday September 20, 2024 11:00 - 12:00 CEST
01. Gouden Carolus

Talk

12:00 CEST

Lunch

Friday September 20, 2024 12:00 - 13:30 CEST

00. Lounge

Friday September 20, 2024 12:00 - 13:30 CEST
00. Lounge

Lounge

13:30 CEST

Insert coin: Hacking arcades for fun

Friday September 20, 2024 13:30 - 14:30 CEST

01. Gouden Carolus

Since we were children we wanted to go to the arcade and play for hours and hours for free. How about we do it now? In this talk I’m gonna show you some vulnerabilities that I discovered in the cashless system of one of the biggest companies in the world, with over 2,300 installations across 70 countries, from arcades in Brazil, amusement parks in the United Arab Emirates to a famous roller coaster in Las Vegas. We will talk about API security, access control and NFC among other things.

Speakers

Ignacio Navarro

Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security.Speaker at Hackers2Hackers... Read More →

Friday September 20, 2024 13:30 - 14:30 CEST
01. Gouden Carolus

Talk

14:00 CEST

Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections

Friday September 20, 2024 14:00 - 16:00 CEST

05. Boscoli

Code obfuscation is fast becoming a normal part of modern Windows malware. Pioneered by Emotet and popularized by the Conti ransomware leaks, we now see even simple credential stealers using cracked versions of commercial grade code virtualization! The solution… if you can’t reverse it, just run it!

In this workshop we will cover different tracing techniques that can be used to bypass and extract information from protected code. The workshop is divided into modules covering tracing with x64dbg, dynamic binary instrumentation with PIN, and API tracing with DTrace. A challenge binary is provided with each module for students to practice and the final challenge is a real world malware sample that has been virtualized.

This workshop is aimed at reverse engineers and malware analysts who have experience analyzing malware and are comfortable with debugging in userland. If you don’t have experience with malware but you do have a few hours behind the debugger you should have no problem completing the workshop.

Requirements:

Students must bring a laptop/workstation capable of running a Windows Virtual Machine (VM)
A preinstalled Windows 10 (64bit) 20H1(or later) VM with at least 50G of free space.
You will be provided with detailed tools installation and setup instructions prior to the workshop

Speakers

Sergei Frankoff

Sergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience... Read More →

Sean Wilson

Sean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.Twitter... Read More →

Friday September 20, 2024 14:00 - 16:00 CEST
05. Boscoli

Workshop

14:00 CEST

Uncovering Hidden Threats: Intro to Kernel Debugging with WinDbg

Friday September 20, 2024 14:00 - 16:00 CEST

04. Het Anker

Speakers

Aleksandra Euler

Friday September 20, 2024 14:00 - 16:00 CEST
04. Het Anker

Workshop

14:30 CEST

Forensic Flows, but make them better

Friday September 20, 2024 14:30 - 15:30 CEST

01. Gouden Carolus

Digital forensic procedures often come with significant overhead, from navigating the complexities of different operating systems to lengthy processes for image collection in the cloud. Additionally, the myriad of available tools can require expertise to select and utilize effectively. Why deal with these challenges when you can automate the basics?

In this talk, we'll discuss the design of a framework aimed at automating triage-level forensics, making it accessible for all analysts to integrate into their investigations. We'll explore the open-source tools we've incorporated and the design paradigms ensuring scalability, concluding with valuable lessons learned.

Speakers

Jessica Wilson

Jessica Wilson is a security engineer who specializes in response and forensics. She’s worked on a detection and response team for over 6 years building logging pipelines, creating forensic programs, and automating triage level forensics.

Friday September 20, 2024 14:30 - 15:30 CEST
01. Gouden Carolus

Talk

15:30 CEST

Coffee Break

Friday September 20, 2024 15:30 - 16:00 CEST

00. Lounge

Friday September 20, 2024 15:30 - 16:00 CEST
00. Lounge

Lounge

16:00 CEST

Attacking Microsoft 365 with GraphSpy

Friday September 20, 2024 16:00 - 18:00 CEST

05. Boscoli

With more and more organizations moving away from traditional on-prem infrastructures towards hybrid or full cloud environments, the need for breaching the network perimeter as an attacker becomes increasingly redundant to cause any impact. The primary identity solutions for companies are shifting from Active Directory towards Microsoft Entra ID, on-prem SMB shares are replaced by OneDrive and SharePoint Online, and Exchange Servers are decommissioned in favor of Exchange Online.

With the most sensitive information of an organization now being stored in the cloud, penetration testers and red teamers need to adapt their techniques and focus on this shifted attack surface. This led to the creation of GraphSpy, the Swiss Army Knife for attacking Microsoft 365 & Entra. In this workshop, you will be able to play with some of the most powerful capabilities of the tool to compromise and move laterally inside a realistic lab environment created by the author of GraphSpy.

Requirements:

This workshop requires a laptop or virtual machine on which python3 is installed (any OS should work).

The workshop will be accessible for beginners, while also being fun and challenging for the more advanced participants. Both red and blue team backgrounds are welcome!

Speakers

Keanu Nys

Keanu is the Offensive Security Lead at Spotit. While he has a passion for all offensive cybersecurity topics, he mostly specializes in Active Directory, Azure and Social Engineering.He is also the author of the Microsoft 365 and Entra attacking toolkit GraphSpy

Friday September 20, 2024 16:00 - 18:00 CEST
05. Boscoli

Workshop

16:00 CEST

Defenders YARA Factory: Building Effective Detection Rules

Friday September 20, 2024 16:00 - 18:00 CEST

04. Het Anker

This workshop is designed to equip defenders with the skills and knowledge necessary to effectively leverage YARA rules for threat detection and analysis. Participants will explore YARA fundamentals, rule syntax, detection research methodology, ruleset management, adversary tradecraft, and extended topics. Through hands-on exercises and practical demonstrations, attendees will gain proficiency in creating, testing, and optimizing YARA rules to enhance their organization's defense capabilities.

Speakers

Rushikesh Nandedkar

Friday September 20, 2024 16:00 - 18:00 CEST
04. Het Anker

Workshop

17:00 CEST

A Year in Review: Lessons Learnt from Red Teaming Gen AI

Friday September 20, 2024 17:00 - 18:00 CEST

01. Gouden Carolus

Over the last 12 months Microsoft’s AI Red Team (AIRT) has conducted nearly 100 assessments of AI systems including comprehensive reviews of foundation models, multiple reviews of Copilot features, and in-depth reviews of AI systems in sensitive domains such as health care. From this work AIRT has developed deep knowledge of the most impactful security, safety, and privacy risks that the usage of AI systems in the real world can cause, the techniques and tooling needed to elicit them, and approaches to prevent or detect these risks.

In this presentation we will cover what AI Red Teaming is, the processes and tooling AIRT has developed, and most interesting what the key trends have been in terms of techniques and weaknesses identified during our many assessments. We will discuss how AI security issues are tightly connected with traditional cybersecurity, but also how the safety aspect of AI introduces new and exciting challenges to our work. We will also touch on how AIRT’s work has informed the development of new defenses for AI systems and security professionals should approach defending the AI systems that they use.

We will also look ahead to next year and where the risks might go next, and how we might want to prevent them in a world where AI system capabilities are evolving at an extremely rapid pace.

Speakers

Peter Bryan

"Pete leads Microsoft's AI Red Team, working to identify key security and safety risks in the AI systems Microsoft develops and uses. The team research, develop, and deploy novel attacks against AI systems and work with product teams to develop controls and mitigations for the new... Read More →

Friday September 20, 2024 17:00 - 18:00 CEST
01. Gouden Carolus

Talk

18:00 CEST

BruCON Closing

Friday September 20, 2024 18:00 - 18:30 CEST

01. Gouden Carolus

Friday September 20, 2024 18:00 - 18:30 CEST
01. Gouden Carolus

Talk