DFIRCON - Live Online: The ALL Digital Forensics, Threat Hunting and Incident Response Training Event. Save $300 thru 10/7.

Brussels October 2018

Brussels, Belgium | Mon, Oct 8 - Sat, Oct 13, 2018
This event is over,
but there are more training opportunities.

SANS ‚ NVISO social night

  • Thursday, October 11th, 6:00pm - 8:45pm

On , you are welcome to attend the SANS ‚ NVISO Community night at the Radisson Blu Royal Hotel in Brussels. You are welcome to join us as of 6.00PM for some drinks and networking after which we invite you to two inspiring and educational sessions provided by our very own SANS instructor and NVISO founder Erik van Buggenhout and his colleagues Michel Coene and Didier Stevens.

If you are attending one of the SANS Courses taught at SANS Brussels you are welcome to join this evening at no extra charge.

If you are not registered for any of the SANS courses and you would like to attend this event, please register via this link.

Program for the evening :

6.00 PM ‚ Welcome drinks, snacks & networking

7.00 PM ‚ Start

7.10 PM ‚ Purple is the new black

8.00 PM ‚ Powershell Inside a Certificate ?

8.45 PM ‚ Closing drinks

Session 1 - Purple is the new black by Erik Van Buggenhout & Michel Coene

More and more organisations are looking into this new concept of ¬ę purple teaming ¬Ľ. As with a lot of things in information security, the ideas behind this new term are not new, as they‚ve been around for a while. How can we make red and blue teams work better together, resulting in an increased added value for the organisation? During this talk, Erik Van Buggenhout & Michel Coene will answer some of the following questions:

What is purple teaming?

Do I need to create a third team next to my red and blue team?

How do I deliver a valuable engagement? What approach can I use?

What kind of people do I need in my purple team ?

What tools are available?


If time permits, we will also do a live demo of some interesting adversary simulation tools that are being used in this space!

Session 2 - PowerShell Inside a Certificate? By Didier Stevens

Your adversaries are always looking for new techniques to infiltrate into and exfiltrate data from your network. Your job is to detect and prevent this.

In this presentation, we will focus on certificates as a vector. Certificates are opaque and can easily be created and transformed with built-in Windows tools. Casey Smith came up with a simple method to masquerade a Windows executable as a certificate. Adversaries (criminals and red teams) soon adopted this method, and ways for detection and prevention were developed.

We demystify certificates and present a generic method to detect fake certificates (Windows executables and other payloads). Of course, during this session, we have to present and analyze the payload of some juicy ‚certificates‚ we identified. In addition, we have a more profound take-away too: how do you learn from your adversaries? Join world-renowned expert Didier Stevens (SANS ISC Senior handler) for this interesting session!

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, October 9
Session Speaker Time Type
Building a Forensically Capable Network Infrastructure Nik Alleyne Tuesday, October 9th, 7:00pm - 8:00pm SANS@Night
Thursday, October 11
Session Speaker Time Type
SANS ‚ NVISO social night Thursday, October 11th, 6:00pm - 8:45pm Special Events