$250 – $4,900

INFILTRATE 2019 TRAINING COURSES

Event Information

Share this event

Date and Time

Location

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Event description

Description

*IMPORTANT - CONFERENCE / TRAINING BUNDLE DISCOUNT*

If you are planning to attend an INFILTRATE training class and would also like to attend the conference, please purchase your training ticket FIRST. Once you complete your training ticket purchase, you will be provided a one-time discount code in the confirmation message. You can then use this code to register for the conference at the discounted price of $1,000 USD. If you register for the conference first, you will not be provided this discount code.

*IMPORTANT - GROUP DISCOUNT*

If you are a company/organization looking to send several members of your team to the conference and/or training, please reach out to us at infiltrate@immunityinc.com or call 786.220.0600 (M-F 9am-5pm EST) to learn more about discount options.

*GUEST MEAL TICKET

INFILTRATE Training breakfast and lunch buffets (Sunday - Wednesday) are for paid training attendees only. If you would like your guest to join you for breakfast and lunch, please add the GUEST MEAL TICKET to your order.



IMMUNITY Training Courses Overview

IMMUNITY's INFILTRATE 2019 training courses offer (ISC)2 CPE credits for CISSP, CSSLP and SSCP certifications. If you are taking a course that offers CPE credits and are interested in earning them, please email us at infiltrate@immunityinc.com after your register.

If you are trying to determine which class you are best suited for, email infiltrate@immunityinc.com and we can supply you with an evaluation quiz and/or additional information that may help you decide. However, the below list of IMMUNITY classes are in order of difficulty / skill set required.

All IMMUNITY classes include a laptop for the student to use during the class. All IMMMUNITY classes are eligible for the Conference Briefings Discount ticket. All IMMUNITY classes include breakfast and lunch for the registered student on class days.


Immunity Web Hacking - April 28 - May 1, 2019

28 (ISC)2 CPE CREDITS

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

Syllabus (subject to change):

DAY 1 - INTRODUCTION TO XSS

  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection

DAY 2 - COMMAND INJECTION AND XXE/XSLT ATTACKS

  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection

DAY 3 - SQL INJECTION

  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools

DAY 4 - WEB CRYPTO

  • ECB
  • CBC
  • Padding Oracles

Immunity Java Exploitation - April 29 - May 1, 2019

21 (ISC)2 CPE CREDITS

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.

Syllabus (subject to change):

DAY 1

  • Java Classes 101
    • Class member access
    • Classes hierarchy & interfaces
    • Important keywords and modifers
  • Introduction to Java Security & Sandbx
    • Bytecode Verifier
    • Security Manager & Access Controller
    • Security Manager in Application Servers
  • Secure Coding Guidelines
  • Environment Setup
  • Java Web Applications Introduction
  • Information Disclosure
  • Input Validation
    • Cross Site Scripting
    • SQL Injection
    • Command Injection
  • Logical Bugs
    • Path Traversal
    • File Disclosure
    • File Overwrite
    • Privilege Escalation

DAY 2

  • Request Forgery
    • Client Side Request Forgery
    • Server Side Request Forgery
  • Dangerous Parsing
    • XML
    • XSLT
    • Deserialization
    • JSON
  • El Injection

DAY 3

  • JNDI/LDAP Manipulation
  • Frameworks & Services
    • WebServices
    • REST APIs
    • Vulnerabilities in Popular Frameworks
  • Crypto
    • Padding Oracle
    • PRNGs (Random & RandomStringUtils)
  • Exploitation

Immunity Click Here For Ring0 - April 28 - May 1, 2019

28 (ISC)2 CPE CREDITS

Immunity's Click Here for Ring0 class teaches both Windows clientside exploitation, as well as Windows kernel exploitation. These two combined courses complement each other perfectly through hands-on exploitation that takes the student from gaining remote access to elevating privileges on modern Windows systems. This is an intermediate class that requires a solid grasp of userland and kernel debugging on Windows platforms.

Syllabus (subject to change):

DAY 1

  • Memory layout analysis
  • Client side vectors of explotation
  • Memory corruption vulnerabilities
  • Use After Free vulnerabilities in practice
  • Exploiting browser plugins

DAY 2

  • Modern day browser protections
  • Information disclosures
  • Improving exploit reliability
  • Hunting for client-side bugs
  • From client to kernel

DAY 3

  • Debugging environment setup
  • Kernel debugging principles
  • Windows kernel architecture
  • Kernel-land vs user-land
  • Kernel shell coding
  • Kernel structures
  • Token stealing

DAY 4

  • Past vulnerabilities & how to find them
  • Protocols
  • IOCTL & FSCTL
  • Window management
  • Arbitrary overwrite exploitation
  • Recent techniques
  • Hands-on Exploitation
  • Custom vulnerable driver
  • Real vulnerabilities

Immunity Applied Cryptanalysis - April 28 - May 1, 2019

28 (ISC)2 CPE CREDITS

The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.

Syllabus (subject to change):

DAY 1

  • Academia vs Real World Cryptanalysis
  • Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
  • Hands on problem solving with Sage
  • The state of PRNG and associated issues
  • The state of Hash Functions
  • Statistical and Algebraic attacks against Symmetric ciphers
  • A focus on Groebner Bases and SAT

DAY 2

  • The state of RSA (common mistakes & factorization)
  • Solving (EC)DLP (Pollard RHO, Index calculus)
  • Elliptic Curves specifics

DAY 3

  • Real World Implementation issues
  • Symmetric/Asymmetric primitives
  • Source / Compilation / Languages / Platform specific issues
  • Local timing attacks
  • Improvement of an attack using filtering

DAY 4

  • Cache attacks
  • Padding Oracle
  • Remote timing attacks

Immunity Linux Kernel Exploitation - April 28 - May 1, 2019

28 (ISC)2 CPE CREDITS

The Immunity Kernel Exploitation Master Track focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to this class.

Syllabus (subject to change):

DAY 1

* User Land vs Kernel Land

* Introduction to the Kernel Land

* Kernel Debugging Environment

* Kernel Internals

DAY 2

* Memory Models and the Address Space

* Kernel Shellcodes

* Taxonomy of Kernel Vulnerabilities

* Arbitrary Kernel Read/Write

DAY 3

* Kernel Heap Allocators (SLAB/SLUB)

* Kernel Pool Overflows and Use-After-Free

* Race Conditions

DAY 4

* Logical and HW-related Bugs

* Kernel and Hardware Protections

* Bypassing Protections

* The Future of Kernel Vulnerabilities


3rd Party Training:

INFILTRATE 2019 now offers 3rd pary training courses in addition to the IMMUNITY training courses. None of the 3rd party classes offer CPE credits. All students of the 3rd party classes are required to bring their own laptop to use during the class. Technical specifications will be provided. All 3rd party classes are eligible for the the Conference Bundle Discount ticket. All 3rd party classes include breakfast and lunch for the registered student on class days.

Azeria's ARM-based IoT Exploit Development - April 28 - May 1, 2019

*Laptops Not Provided, Students Must Bring Own Laptop*

This course starts with a comprehensive overview of the ARM 32-bit architecture. To give the students more context, advanced concepts like TrustZone and privileged modes will also be part of this introduction. The ARM Assembly part of the course includes all relevant concept needed to reverse engineer ARM-based binaries and write elaborate ROP chains. Writing shellcode gives students practice in assembly and teaches them concepts such as leveraging the “literal pool” to reference strings and struct values. The “reverse engineering” part of this course introduces students to the process of RE and debugging ARM binaries, followed by a lab in which they will reverse engineer their first binary and understand how function flow works on ARM. Students will be introduced to memory-corruption vulnerabilities on the first day. After understanding what is needed to corrupt the stack, students will trigger a stack-based vulnerability and write an exploit allowing them to execute their own shellcode from the stack. After this lab, the concept of NX and Return Oriented Programming will be introduced, followed by a more complex challenge that will require the students to build a ROP chain where the ideal ROP gadgets are not available in the target library. The second day of this course will be 80% lab time. After a quick introduction into NX mitigation bypasses and different ways of bypassing ASLR, students will start exploiting their first real-world target. For each new target, we will start with an overview of the hardware-hacking and firmware-emulation process. Students will write exploits to bypass all of the mitigations on two different IoT targets and learn how to overcome common restrictions encountered during the debugging process. After obtaining a shell through a ROP chain that leverages the system() api, students will then learn an alternative way of gaining access to the target system that is far less noisy. The labs will also teach them how to bypass common memory read and write issues when taking control over the Program Counter register, as well as how to debug real-world vulnerabilities, and how to write elaborate ROP chains to bypass all mitigations on the chosen real-world targets. On the third day, students will be introduced to information leak vulnerabilities by exploiting a buffer overflow coupled with a format string vulnerability and write an exploit to bypass NX and ASLR. Students will then be introduced to Heap exploitation and will write an exploit for a heap overflow vulnerability.

Syllabus (subject to change):

DAY 1

ARM 32-bit Architecture

  • Difference between Architecture and Microarchitecture
  • ARM processor types
  • RISC CPU features
  • Privilege Modes
  • TrustZone Extension
  • Memory model, memory types, memory segments

ARM Assembly Language

  • Syntax of Assembly programs
  • User mode registers and privileged banked registers
  • Exception handling process
  • Status registers (CPSR and SPSR)
  • Conditional execution
  • Thumb mode
  • Most common instructions
  • Data processing instructions
  • Load immediate restrictions
  • Literal pool
  • Load and store instructions
  • Load and store addressing modes and offset modes
  • Load and store multiple register processing
  • Function calls and subroutines (function prologue and epilogue)
  • Preserving runtime environment via stack

Writing ARM Shellcode

  • Overview of Shellcode writing process
  • Tracing system calls and determining Syscall number
  • Mapping out function parameters
  • Translation to assembly
  • Checking for null-bytes and avoiding them
  • Converting assembly into hex string

Lab: Reverse Shell

Students will translate the following function calls into assembly: socket, connect, execve, dup2. This exercise teaches them how system functions are being invoked in assembly and how to make use of the literal pool when trying to reference strings and values like IP addresses.

Reverse Engineering

  • Introduction to ELF binaries
  • Process of gathering information about the binary
  • Static analysis of ARM functions
  • Understanding function flow
  • Debugging with GDB, useful commands
  • Dynamic analysis of function flow

Lab: Debugging with GDB

Debugging an ARM binary with GDB and analyzing the function flow with guidance of a workbook in which students will answer questions about the binary and learn the process of static and dynamic analysis. This exercise will familiarize the students with the debugging process and prepare them for the exercises that follow.

Memory corruption vulnerabilities

  • Stack frames
  • Examples of vulnerable functions
  • Visualization of a vulnerable function call
  • Stack corruption
  • Executing Shellcode on the stack with a simple gadget
  • Introduction to gadget hunting

Lab: Exploiting BoF

In this exercise students will corrupt the stack by exploiting a vulnerable function and create their first exploit in which they identify the offset for the PC crash and leverage a simple gadget to jump to their Shellcode on the stack.

Exploit mitigations

  • Introduction to the NX bit which makes the stack non-executable
  • Ways around this restriction
  • Introduction to Return Oriented Programming
  • invoking system() via ROP to execute a command - the traditional way

Lab: Bypassing NX

In this exercise, students can’t use the traditional way of invoking system(“/bin/sh”), which is only possible with old libraries containing the ideal gadget. This challenge uses a newer Libc library, in which the ideal gadget is not present. This lab challenges students to creatively think about a restriction and come up with a workaround.

DAY 2

Return Oriented Programming

  • More detailed explanation of ROP
  • Gadgets that break your ROP chain
  • Workaround through register initialization
  • Noisy vs stealth ways of exploitation

Mprotect ROP chains

  • Technique of making a stack region executable through ROP
  • Building mprotect ROP chains
  • How to avoid null-bytes when trying to fill a register with a small value
  • How to make stack addresses page aligned

First target: D-Link DIR890

  • Process of gaining access to the device via UART and getting shell access to the device
  • Process of extracting and emulation the firmware
  • The vulnerable service

Lab: Bypassing memory-write issue to take over PC

Taking control over the Program Counter is not always as trivial as supplying a long string of A’s. Our first target crashes before reaching the PC overwrite. Students need to identify the issue, understand why it occurred, and find a way to bypass this issue in order to continue execution until the PC crash.

Lab: invoking system to get a reverse shell connection

After bypassing the restriction in the previous lab and gaining control over PC, students are introduced to the easy but noisy way of exploitation. Students will learn how to craft a quick Proof of Concept exploit and learn how to get a back connect without the possibility to execute reverse Shellcode from the stack.

Lab: D-Link mprotect ROP chain

The goal of this lab is to write an entire mprotect ROP chain. This type of exploit usually Involves writing around 60-80 lines of code, 80% of which is the mprotect ROP chain itself. Students will get a deep understanding of building ROP chains of any kind. The exploit is then launched against the vulnerable service to get a shell.

Lab: Bypassing memory-read issue to take over PC

The goal of the following two labs is to take control over the Tenda router using similar. This lab is yet another example of real world restrictions when attempting to crash the application and take over PC. Students will debug a Tenda buffer overflow and find a way around a memory read issue that prevents the service from crashing in PC.

Day 3

Lab: Tenda mprotect ROP chain

This lab is for students who managed to finish the previous labs ahead of time. The mprotect ROP chain of this target is similar to the previous one, however there are two problems: one part of the D-Link mprotect ROP chain needs to be modified to fit the new target, and the Shellcode needs to be modified to avoid certain characters that would cut off the payload. These characters are returns which pose a problem when exploiting a buffer overflow in a cookie header. Students learn how to think outside the box and adopt their exploit to the new target.

Address Space Layout Randomization

Techniques for bypassing ASLR:

  • Brute-Force
  • Partial PC overwrite
  • Information leaks via string format vulnerabilities

Lab: Exploit to bypass ASLR with format string vulnerability

Students will exploit a buffer overflow and a format string vulnerability. The goal of this lab is to write an exploit that takes advantage of a buffer overflow to get a shell and calculates the Libc base address from an information leak to bypass ASLR.

Introduction to Heap Exploitation

  • Introduction to the heap
  • Heap layout
  • Vulnerability types affecting the heap
  • Categories of heap vulnerabilities
  • Concepts and exploitation techniques
  • Use-after-free

Lab: Writing an exploit for a heap-based buffer overflow vulnerability


Vector 35's Reverse Engineering with Binary Ninja - April 30 - May 1, 2019

*Laptops Not Provided, Students Must Bring Own Laptop*

Ready to be more efficient with the time you spend reverse engineering? Reverse Engineering with Binary Ninja covers everything you need to be faster with your manual RE tasks and also build automation using Binary Ninja's API for both RE and VR. Students will also learn how to extend CPU architectures and create their own binary views for custom file formats. You'll become immersed in the type system, all the layers of Binary Ninja's Intermediate Languages (BNIL), and come out with the ability to write concise powerful scripts to solve a wide variety of RE and VR challenges. A free student license to Binary Ninja is included with each registration -- if you already have a license, feel free to gift it to a friend!

Students should already be familiar with reverse engineering concepts such as memory, stack, registers, calling conventions and at least one low-level assembly language (multiple architectures will be used throughout the course but in-depth knowledge in them is not required). Familiarity with python is strongly recommended as most of the samples will be written in python though very few advanced python features are required.

Students are required to bring their own laptop to use in class. Any laptop capable of running both Binary Ninja and an Ubuntu 18.04 virtual machine (VMWare or VirtualBox) is acceptable. A commercial license for Binary Ninja is recommended for multithreading and headless processing, but students will receive a redemption code for a free personal license in the course. Students may opt to pay the difference for a commercial license separately from course registration. Recent MacOS, Linux, and Windows (x64 versions of Win10) are all supported though please test your Linux build if it is not Ubuntu LTS or most recent stable.


*CANCELLATION INFORMATION *

  • Conference Briefings and Training Session fees are non-refundable after April 5th, 2019.

  • Registrants who must cancel may substitute another person. Substitutions are allowed with the written permission of the original registrant.

  • All cancellation and substitution requests shall be made in writing and sent to infiltrate@immunityinc.com from original registrant.

  • Paid registrants who do not cancel by April 5th, 2019, fail to send a substitute or do not attend the conference and/or training forfeit their entire registration fee.


For more information on Cancellation/Substitution policy, please click HERE.

Share with friends

Date and Time

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Save This Event

Event Saved