Infiltrate Security Conference


CONFERENCE
APRIL 6-7, 2017

FONTAINEBLEAU HOTEL
Miami Beach


Exclusive Offense

Training Overview

Based on student feedback we have made some changes to the training classes offered for INFILTRATE 2017. We have extend the Master Class course by one day (now a five day course) to allot more time to cover the course material and work on the practical exercises. Also, the Wide Open To Interpretation course will be a three day course that focuses solely on auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes.
Of course our INFILTRATE training courses will continue to offer CPE credits for CISSP, CSSLP and SSCP certifications. Just let us know that you are interested in earning credits when you register.

Web Hacking Language Review

(7 CPE credits)

Web hacking language review (WHLR) functions as an optional bolt on to the web hacking class, or it could be taken as a stand-alone course. The one day class is taught remotely via WebEx and is only offered prior to the INFILTRATE Web Hacking course.

View Class Syllabus

Infiltrate Class Syllabus*

Web Hacking Language Review

  • HTTP Protocol
  • Linux command line fundamentals
  • Python 2.X programming
  • JavaScript
  • MySQL queries.
*class syllabus is subject to change

Web Hacking

(28 CPE credits)

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

View Class Syllabus

Infiltrate Class Syllabus*

Web Hacking

Course Length: 4 Days
  • Day 1 - Introduction to XSS
  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection
  • Day 2 - Command Injection and XXE/XSLT Attacks
  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection
  • Day 3 - SQL Injection
  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools
  • Day 4 - Web Crypto
  • ECB
  • CBC
  • Padding Oracles
*class syllabus is subject to change

Wide Open To Interpretation

(21 CPE credits for each session)

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.

Click Here For Ring0

(28 CPE credits)

Immunity's Click Here for Ring0 class teaches both Windows clientside exploitation as well as Windows kernel exploitation. These two combined courses complement each other perfectly through hands-on exploitation that takes the student from gaining remote access to elevating privileges on modern Windows systems. This is an intermediate class that requires a solid grasp of userland and kernel debugging on Windows platforms.

View Class Syllabus

Infiltrate Class Syllabus*

Click Here For Ring0

Course Length: 4 Days
  • Day 1
  • Memory layout analysis
  • Client side vectors of explotation
  • Memory corruption vulnerabilities
  • Use After Free vulnerabilities in practice
  • Exploiting browser plugins
  • Day 2
  • Modern day browser protections
  • Information disclosures
  • Improving exploit reliability
  • Hunting for client-side bugs
  • From client to kernel
  • Day 3
  • Debugging environment setup
  • Kernel debugging principles
  • Windows kernel architecture
  • Kernel-land vs user-land
  • Kernel shell coding
  • Kernel structures
  • Token stealing
  • Day 4
  • Past vulnerabilities & how to find them
  • Protocols
  • IOCTL & FSCTL
  • Window management
  • Arbitrary overwrite exploitation
  • Recent techniques
  • Hands-on Exploitation
  • Custom vulnerable driver
  • Real vulnerabilities
*class syllabus is subject to change

Master Class

(35 CPE credits)

The Immunity Master Class focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to take the Master class.

View Class Syllabus

Infiltrate Class Syllabus*

Master Class

Course Length: 4 Days
  • Day 1
  • Academia vs Real World
  • How to Audit Cryptosystems
  • Introduction to Logic & Algebra
  • Symmetric Cryptography and related primitives
  • Statistical Cryptanalysis (differential, linear, etc)
  • Algebraic Cryptanalysis (SAT, F4)
  • Day 2
  • Introduction to Algebraic Number Theory
  • Introduction to Elliptic Curves
  • Asymmetric Cryptography (RSA, ECDH, etc.)
  • Birthday Paradox based algorithms
  • Index Calculus
  • Side Channel Attacks(timing, cache)
  • Whitebox Cryptography
  • Day 3
  • User Land vs Kernel Land
  • Introduction to the Kernel Land
  • Kernel Debugging Environment
  • Kernel Internals
  • Memory Models and the Address Space
  • Kernel Shellcodes
  • Taxonomy of Kernel Vulnerabilities
  • Arbitrary Kernel Read/Write
  • Day 4
  • Kernel Heap Allocators (SLAB/SLUB)
  • Kernel Pool Overflows and Use-After-Free
  • Race Conditions
  • Logical and HW-related Bugs
  • Kernel and Hardware Protections
  • Bypassing Protections
  • The Future of Kernel Vulnerabilities
*class syllabus is subject to change