$4,900 – $5,100

INFILTRATE 2020 TRAINING COURSES

Event Information

Share this event

Date and Time

Location

Location

Online Event

Event description
INFILTRATE 2020 training courses will be held virtually on October 11th until October 14th.

About this Event

INFILTRATE 2020 Training will be held Virtually

*IMPORTANT - CONFERENCE / TRAINING BUNDLE DISCOUNT*

If you are planning to attend an INFILTRATE training class and would also like to attend the conference, please purchase your training ticket FIRST.  Once you complete your training ticket purchase, you will be provided a one-time discount code in the confirmation message. You can then use this code to register for the conference at the discounted price of $1,000 USD. If you register for the conference first, you will not be provided with this discount code.

*IMPORTANT - GROUP DISCOUNT*

If you are a company/organization looking to send several members of your team to the conference and/or training, please reach out to us at infiltrate@immunityinc.com or call 786.220.0600 (M-F 9am-5pm EST) to learn more about discount options.

IMMUNITY Training Courses Overview

IMMUNITY's INFILTRATE 2020 training courses offer (ISC)2 CPE credits for CISSP, CSSLP and SSCP certifications. If you are taking a course that offers CPE credits and are interested in earning them, please email us at infiltrate@immunityinc.com after you register. 

If you are trying to determine which class you are best suited for, email infiltrate@immunityinc.com and we can supply you with an evaluation quiz and/or additional information that may help you decide. However, the below list of IMMUNITY classes are in order of difficulty/skillset required.

All IMMUNITY classes are eligible for the Conference Briefings Discount ticket.

Immunity Web Hacking - October 11 - October 14, 2020

28 (ISC)2 CPE CREDITS

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

Syllabus (subject to change):

DAY 1 - INTRODUCTION TO XSS

  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection

DAY 2 - COMMAND INJECTION AND XXE/XSLT ATTACKS

  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection

DAY 3 - SQL INJECTION

  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools

DAY 4 - WEB CRYPTO

  • ECB
  • CBC
  • Padding Oracles

Immunity Linux Kernel Exploitation - October 11 - October 14, 2020

28 (ISC)2 CPE CREDITS

The Immunity Kernel Exploitation Master Track focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to this class. 

Syllabus (subject to change):

DAY 1

* User Land vs Kernel Land

* Introduction to the Kernel Land

* Kernel Debugging Environment

* Kernel Internals

DAY 2

* Memory Models and the Address Space

* Kernel Shellcodes

* Taxonomy of Kernel Vulnerabilities

* Arbitrary Kernel Read/Write

DAY 3

* Kernel Heap Allocators (SLAB/SLUB)

* Kernel Pool Overflows and Use-After-Free

* Race Conditions

DAY 4

* Logical and HW-related Bugs

* Kernel and Hardware Protections

* Bypassing Protections

* The Future of Kernel Vulnerabilities

3rd Party Training:

INFILTRATE 2020 now offers 3rd party training courses in addition to the IMMUNITY training courses. None of the 3rd party classes offer CPE credits. All students of the 3rd party classes are required to bring their own laptop to use during the class. Technical specifications will be provided. All 3rd party classes are eligible for the Conference Bundle Discount ticket. All 3rd party classes include breakfast and lunch for the registered student on class days. 

Boston Cybernetics: Vulnerability Assessment for Embedded Systems - October 11 - October 14, 2020

This course is intended for engineers who need to perform assessments and then actually demonstrate vulnerabilities on embedded systems, IoT devices or similar systems. Students learn how to find vulnerabilities, demonstrate them by writing exploits, and communicate the nature and severity of vulnerabilities to a non-technical audience.

This is a majority hands-on course, with theory and lectures as needed. Exercises focus on embedded Linux and ARM but other architectures are mixed in for perspective. This course balances application of skills with fundamental knowledge so no one is just “going through the steps” but rather is engaging in a creative problem-solving experience, just like in the real world.

Syllabus (subject to change):

DAY 1: Reversing Embedded Architectures

- Remote debugging with IDA Pro and QEMU

- Extract, parse, and analyze firmware

- Architecture specific challenges

- Reversing ARM/MIPS/PowerPC binaries

- Overcoming anti-analysis techniques

DAY 2: Vulnerability Analysis

- Bug classes

- Source and binary auditing

- Stack and heap-based memory corruption

- Information disclosures

DAY 3: Exploitation

- Writing and using shellcode

- Abusing stack and heap semantics

- Manufacturing Information disclosures

- No-execute bit, ASLR, stack canaries

- Return oriented programming

DAY 4: Comprehensive

- End-to-end exploitation of an embedded device

- Extract and parse target filesystem and to emulate applications

- Identify vulnerabilities in software

- Exploit vulnerabilities to gain control of target

Jeremy Blackthorne: Reverse-Engineering with Ghidra - October 11 - October 14, 2020

This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware, and will be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

DAY 1 - Reversing Engineering with Ghidra

* Ghidra overview

* Project management

* Code navigation, manipulation

* Symbols, labels, bookmarks, searching

* Disassembler-decompiler interaction

* Patching

DAY 2 - Ghidra Expert Tools

* Decompiler deep dive

* Datatype management

* Memory management

* P-code

* Program flow

* Ghidra tools

* Plugin groups

DAY 3 - Automation with Ghidra

* Java/Jython refresher

* The Ghidra FlatAPI

* Development with Eclipse and the GhidraDev plugin

* Analysis in Ghidra headless mode

* Java-Jython interop

DAY 4 - Extending Ghidra with ExtensionPoint

* Loader, Decryptor, FileSystem

* BuiltInDataType, AbstractAnalyzer

Margin Research: Program Analysis for Vulnerability Research - October 11 - October 14, 2020

This is four-day course trains students to do sophisticated program analysis using Binary Ninja and the Binary Ninja Python API for the purpose of vulnerability research to improve auditing processes, improve the ability to identify interesting code paths, and encoding bug primitives.

In the class, students will learn Binary Ninja inside and out by extending its analysis capabilities to support a custom architecture which is difficult to analyze manually. Students will also leverage the Binary Ninja plugin architecture to identify vulnerabilities in a machine architecture-independent way. After taking this course, students will have experience working with the least intuitive and even some undocumented parts of Binary Ninja to create powerful program analysis tools which can be used across architectures.

Day 1

API and GUI review

Discussion of program analysis use cases

Turing machines, correctness, and formal verification

In-depth Binary Ninja Low-Level Intermediate Language (LLIL) review

Start to write a generic plugin with binary ninja PluginCommand to better reverse engineer language-specific artefacts

Day 2

SSA Form and its benefits

The binary ninja memory and address concept

Control flow analysis vs. Data flow analysis

Type propagation inside of a function context and cross-function

Automatically recovering structures inside of a function context

Abstract Interpretation

Day 3

Data flow analysis and tracing the lifetime of a variable or object

Path constraint solving using SAT solvers to determine reachability and to solve for input variables

Vulnerability discovery with binary ninja

Identifying “sources” and “sinks” in a program. Using taint analysis track where controlled input can reach program sinks and constraint solving to determine the boundaries of a vulnerability

Day 4

Discuss bug classes, what makes certain ones easier to programmatically find and why

Encoding bug classes as read and write primitives, it easier to find specific vulnerability types -- such as memory corruption and incorrect usage of API

Write a binary ninja pass to find different classes of bugs for specific example targets

Attempt to analyze and find bugs in a ‘real world’ program

Discussion on the future of the field. How would machine learning help us determine the harder types of bugs – logic bugs etc

SensePost Unplugged: Modern Wi-Fi Hacking - October 11 - October 14, 2020

If you want to learn how to understand and compromise Wi-Fi networks, this is your course.Learning modern Wi-Fi hacking can be a pain. There is lots of outdated material for technologies we rarely see deployed in the real world anymore. Numerous tools overly rely on automation, and leave you wondering when they don't work, because neither the fundamentals nor underlying attack is understood. Even worse, some popular attacks will rarely if ever work in the real world.If you want to really understand what's going on, and master the attacks in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know.We've been pentesting Wi-Fi networks for nearly two decades, and have built some popular Wi-Fi hacking tools such as Snoopy and Mana.This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self directed practicals at the end of each section to reinforce the learning. The course is hosted in a "Wi-Fi in the cloud" environment we invented several years ago, which means no more fiddling with faulty hardware or turning the classroom into a microwave.

Learning Objectives:* How Wi-Fi hacking fits into wider attack or defence objectives* Important physical and low level RF concepts and how to reason through/debug strange situations* Understanding how monitor mode works, when to use or not use it, and practical examples of what to do with collectedframes or data* Grokking the WPA2 4-way handshake and the numerous ways of recovering PSKs and what do with them* First looks at attacking WPA3's Dragonfly handshake with downgrades* Grokking EAP & EAP vulnerabilities relating to certificate validation, tunnelled mode key derivation and how topractically attack them with downgrades, relays and manipulating state

Syllabus:

Introduction  * How & Why    - When and why to use Wi-Fi attacks  * Physical & Low Level    - Understanding spectrum, signals and propagation    - Peculiarities of crowded Wi-Fi spectrum & resulting behaviour in Tx & Rx    - Understanding hardware - cards, antennas. Practical recommendations    - Specifics of Wi-Fi signalling  * Practical: Getting comfortable & understanding your toolsMonitor Mode  * What it is    - How it works. What you get. Why it isn't promiscuous.    - Prism/Radiotap headers & how driver implementations differ.  * How to use it    - Practical: Interception & Cookie TheftProbing, Tracking & Deanonymisation  * Management frames - beacons & probes  * Device probe'ing behaviour  * Practical: Snoopy Tracking, Spectrum & DeanonymisationWPA/2/3 PSK  * What it is    - IEEE & WEP history    - 4-way handshake crypto  * Handshakes    - Capturing, deauthing    - Practical: Vanilla de-auth & capture handshake    - Practical: Decrypting traffic  * Broken handshake debugging    - Practical: Rogue AP Half Handshake    - Practical: Detecting/Fixing broken handshakes  * PMKID attacks  * WPS attacks  * Advanced    - Approaches and methodologies for the real world    - Practical: Real World WPA/2  * WPA3    - The Dragonfly handshake    - Other WPA3 improvements/defences    - Practical: WPA3 downgradeEAP  * What it is    - Generic EAP flow    - Specific EAP types and how they work  * PEAP    - Deep inside the second tunnel    - CVE-2019-6203    - Practical: Evil-Twin WPE    - EAP-GTC downgrade attack  * EAP-TLS    - Understanding/breaking cert validation    - Practical: EAP-TLS isn't safe  * Tunneled EAP Relays    - Practical: Sycophant; Relaying Tunnelled Modes

*CANCELLATION INFORMATION *

  • Conference Briefings and Training Session fees are non-refundable after September 10, 2020.
  • Registrants who must cancel may substitute another person. Substitutions are allowed with the written permission of the original registrant.
  • All cancellation and substitution requests shall be made in writing and sent to infiltrate@immunityinc.com from the original registrant.
  • Paid registrants who do not cancel by September 10, 2020, fail to send a substitute or do not attend the conference and/or training forfeit their entire registration fee.

For more information on Cancellation/Substitution policy, please click HERE

Share with friends

Date and Time

Location

Online Event

Save This Event

Event Saved