Infiltrate Security Conference


CONFERENCE
APRIL 6-7, 2017

FONTAINEBLEAU HOTEL
Miami Beach


Exclusive Offense
Sponsored by:

Training Overview

Our INFILTRATE training courses offer (ISC)2 CPE credits for CISSP, CSSLP and SSCP certifications. Just let us know that you are interested in earning credits after your register by emailing infiltrate@immunityinc.com.
If you are trying to determine which class you are best suited for, just email infiltrate@immunityinc.com and ask for the evaluation test for the course(s) you are interested in.

Title Dates Price CPE Credits (CISSP, CSSLP, SSCP)
Web Hacking Language Review (Taught Remotely via WebEx) March 22nd, 2017 $500 7
Web Hacking April 2-5, 2017 $4,800 28
Wide open to interpretation April 3-5, 2017 $3,600 21
Click Here for Ring0 April 2-5, 2017 $4,800 28
Master Track: Applied Cryptanalysis April 2-5, 2017 $4,800 28
Master Track: Kernel Exploitation April 2-5, 2017 $4,800 28

Included in the above pricing is:

Powered by Eventbrite

Training Class Details

Web Hacking Language Review

(7 CPE credits)

Web Hacking Language Review (WHLR) functions as an optional bolt on to the web hacking class, or it could be taken as a stand-alone course. The one day class is taught remotely via WebEx and is only offered prior to the INFILTRATE Web Hacking course.

View Class Syllabus

Infiltrate Class Syllabus*

Web Hacking Language Review

  • HTTP Protocol
  • Linux command line fundamentals
  • Python 2.X programming
  • JavaScript
  • MySQL queries.
*class syllabus is subject to change

Web Hacking

(28 CPE credits)

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

View Class Syllabus

Infiltrate Class Syllabus*

Web Hacking

Course Length: 4 Days
  • Day 1 - Introduction to XSS
  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection
  • Day 2 - Command Injection and XXE/XSLT Attacks
  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection
  • Day 3 - SQL Injection
  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools
  • Day 4 - Web Crypto
  • ECB
  • CBC
  • Padding Oracles
*class syllabus is subject to change

Wide Open To Interpretation

(21 CPE credits)

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.

View Class Syllabus

Infiltrate Class Syllabus*

Wide Open To Interpretation

Course Length: 3 Days
  • Day 1
  • Java Classes 101
    • Class member access
    • Classes hierarchy & interfaces
    • Nested & Inner Classes
  • Introduction to Java Security & Sandbx
    • Bytecode Verifier
    • Security Manager & Access Controller
    • Security Manager in Application Servers
    • Serialization
    • Java Reflection
  • Secure Coding Guidelines
  • Environment Setup
  • Java Web Applications Introduction
  • Information Disclosure
  • Input Validation
    • Cross Site Scripting
    • SQL Injection
    • Command Injection
  • Logical Bugs
    • Path Traversal
    • File Disclosure
    • File Overwrite
    • Privilege Escalation
  • Day 2
  • Request Forgery
    • Client Side Request Forgery
    • Server Side Request Forgery
  • Dangerous Parsing
    • XML
    • XSLT
    • Deserialization
  • El Injection
  • Day 3
  • JNDI/LDAP Manipulation
  • Frameworks & Services
    • WebServices
    • REST APIs
    • Vulnerabilities in Popular Frameworks
  • Crypto
    • Padding Oracle
    • PRNGs
  • Exploitation
*class syllabus is subject to change

Click Here For Ring0

(28 CPE credits)

Immunity's Click Here for Ring0 class teaches both Windows clientside exploitation as well as Windows kernel exploitation. These two combined courses complement each other perfectly through hands-on exploitation that takes the student from gaining remote access to elevating privileges on modern Windows systems. This is an intermediate class that requires a solid grasp of userland and kernel debugging on Windows platforms.

View Class Syllabus

Infiltrate Class Syllabus*

Click Here For Ring0

Course Length: 4 Days
  • Day 1
  • Memory layout analysis
  • Client side vectors of explotation
  • Memory corruption vulnerabilities
  • Use After Free vulnerabilities in practice
  • Exploiting browser plugins
  • Day 2
  • Modern day browser protections
  • Information disclosures
  • Improving exploit reliability
  • Hunting for client-side bugs
  • From client to kernel
  • Day 3
  • Debugging environment setup
  • Kernel debugging principles
  • Windows kernel architecture
  • Kernel-land vs user-land
  • Kernel shell coding
  • Kernel structures
  • Token stealing
  • Day 4
  • Past vulnerabilities & how to find them
  • Protocols
  • IOCTL & FSCTL
  • Window management
  • Arbitrary overwrite exploitation
  • Recent techniques
  • Hands-on Exploitation
  • Custom vulnerable driver
  • Real vulnerabilities
*class syllabus is subject to change

Master Track: Applied Cryptanalysis

(28 CPE credits)

The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.

View Class Syllabus

Infiltrate Class Syllabus*

Master Track: Applied Cryptanalysis

Course Length: 4 Days
  • Day 1
  • Academia vs Real World Cryptanalysis
  • Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
  • Hands on problem solving with Sage
  • The state of PRNG and associated issues
  • The state of Hash Functions
  • Statistical and Algebraic attacks against Symmetric ciphers
  • A focus on Groebner Bases and SAT
  • Day 2
  • The state of RSA (common mistakes & factorization)
  • Solving (EC)DLP (Pollard RHO, Index calculus)
  • Elliptic Curves specifics
  • Day 3
  • Real World Implementation issues
  • Symmetric/Asymmetric primitives
  • Source / Compilation / Languages / Platform specific issues
  • Local timing attacks
  • Improvement of an attack using filtering
  • Day 4
  • Cache attacks
  • Padding Oracle
  • Remote timing attacks
*class syllabus is subject to change

Master Track: Kernel Exploitation

(28 CPE credits)

The Immunity Kernel Exploitation Master Track focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to this class.

View Class Syllabus

Infiltrate Class Syllabus*

Master Track: Kernel Exploitation

Course Length: 4 Days
  • Day 1
  • User Land vs Kernel Land
  • Introduction to the Kernel Land
  • Kernel Debugging Environment
  • Kernel Internals
  • Day 2
  • Memory Models and the Address Space
  • Kernel Shellcodes
  • Taxonomy of Kernel Vulnerabilities
  • Arbitrary Kernel Read/Write
  • Day 3
  • Kernel Heap Allocators (SLAB/SLUB)
  • Kernel Pool Overflows and Use-After-Free
  • Race Conditions
  • Day 4
  • Logical and HW-related Bugs
  • Kernel and Hardware Protections
  • Bypassing Protections
  • The Future of Kernel Vulnerabilities
*class syllabus is subject to change