INFILTRATE Training 2017
$500 – $4,800
INFILTRATE Training 2017

INFILTRATE Training 2017

Event Information

Share this event

Date and Time

Location

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Friends Who Are Going
Event description

Description


*IMPORTANT - CONFERENCE/TRAINING BUNDLE DISCOUNT*

If you are planning to attend one of our training classes (excluding the Web Hacking Language Review) and would also like to attend the conference, please purchase your training ticket FIRST, then click HERE for the conference registration page. Once you complete your training class purchase, you will be given an access code to purchase a discounted ticket to the conference.

*IMPORTANT - GROUP DISCOUNT*

If you are a company/organization looking to send several members of your team to the conference and/or training, please reach out to us at infiltrate@immunityinc.com or call 786.220.0600 (M-F 9am-5pm EST) to learn more about discount options.



Training Overview

Our INFILTRATE training courses offer (ISC)2 CPE credits for CISSP, CSSLP and SSCP certifications. Just let us know that you are interested in earning credits after your register by emailing infiltrate@immunityinc.com.

If you are trying to determine which class you are best suited for, just email infiltrate@immunityinc.com and ask for the evaluation test for the course(s) you are interested in.

The below classes are listed in order of difficulty / skill set required.


Web Hacking Language Review - March 22, 2017 (Taught remotely via WebEx)

7 (ISC)2 CPE CREDITS

Web Hacking Language Review (WHLR) functions as an optional bolt on to the web hacking class, or it could be taken as a stand-alone course. The one day class is taught remotely via WebEx and is only offered prior to the INFILTRATE Web Hacking course.

Syllabus (subject to change):

DAY 1

  • HTTP Protocol
  • Linux command line fundamentals
  • Python 2.X programming
  • JavaScript
  • MySQL queries

Web Hacking - April 2 - 5, 2017

28 (ISC)2 CPE CREDITS

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

Syllabus (subject to change):

DAY 1 - INTRODUCTION TO XSS

  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection

DAY 2 - COMMAND INJECTION AND XXE/XSLT ATTACKS

  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection

DAY 3 - SQL INJECTION

  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools

DAY 4 - WEB CRYPTO

  • ECB
  • CBC
  • Padding Oracles

Wide Open To Interpretation - April 3 - 5, 2017

21 (ISC)2 CPE CREDITS

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.

Syllabus (subject to change):

DAY 1

  • Java Classes 101
    • Class member access
    • Classes hierarchy & interfaces
    • Nested & Inner Classes
  • Introduction to Java Security & Sandbx
    • Bytecode Verifier
    • Security Manager & Access Controller
    • Security Manager in Application Servers
    • Serialization
    • Java Reflection
  • Secure Coding Guidelines
  • Environment Setup
  • Java Web Applications Introduction
  • Information Disclosure
  • Input Validation
    • Cross Site Scripting
    • SQL Injection
    • Command Injection
  • Logical Bugs
    • Path Traversal
    • File Disclosure
    • File Overwrite
    • Privilege Escalation

DAY 2

  • Request Forgery
    • Client Side Request Forgery
    • Server Side Request Forgery
  • Dangerous Parsing
    • XML
    • XSLT
    • Deserialization
  • El Injection

DAY 3


  • JNDI/LDAP Manipulation
  • Frameworks & Services
    • WebServices
    • REST APIs
    • Vulnerabilities in Popular Frameworks
  • Crypto
    • Padding Oracle
    • PRNGs
  • Exploitation

Click Here For Ring0 - April 2 - 5, 2017

28 (ISC)2 CPE CREDITS

Immunity's Click Here for Ring0 class teaches both Windows clientside exploitation as well as Windows kernel exploitation. These two combined courses complement each other perfectly through hands-on exploitation that takes the student from gaining remote access to elevating privileges on modern Windows systems. This is an intermediate class that requires a solid grasp of userland and kernel debugging on Windows platforms.

Syllabus (subject to change):

DAY 1

  • Memory layout analysis
  • Client side vectors of explotation
  • Memory corruption vulnerabilities
  • Use After Free vulnerabilities in practice
  • Exploiting browser plugins

DAY 2

  • Modern day browser protections
  • Information disclosures
  • Improving exploit reliability
  • Hunting for client-side bugs
  • From client to kernel

DAY 3

  • Debugging environment setup
  • Kernel debugging principles
  • Windows kernel architecture
  • Kernel-land vs user-land
  • Kernel shell coding
  • Kernel structures
  • Token stealing

DAY 4

  • Past vulnerabilities & how to find them
  • Protocols
  • IOCTL & FSCTL
  • Window management
  • Arbitrary overwrite exploitation
  • Recent techniques
  • Hands-on Exploitation
  • Custom vulnerable driver
  • Real vulnerabilities

Master Track - Applied Cryptanalysis - April 2 - 5, 2017

28 (ISC)2 CPE CREDITS

The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.

Syllabus (subject to change):

DAY 1

  • Academia vs Real World Cryptanalysis
  • Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
  • Hands on problem solving with Sage
  • The state of PRNG and associated issues
  • The state of Hash Functions
  • Statistical and Algebraic attacks against Symmetric ciphers
  • A focus on Groebner Bases and SAT

DAY 2

  • The state of RSA (common mistakes & factorization)
  • Solving (EC)DLP (Pollard RHO, Index calculus)
  • Elliptic Curves specifics

DAY 3

  • Real World Implementation issues
  • Symmetric/Asymmetric primitives
  • Source / Compilation / Languages / Platform specific issues
  • Local timing attacks
  • Improvement of an attack using filtering

DAY 4

  • Cache attacks
  • Padding Oracle
  • Remote timing attacks

Master Track - Kernel Exploitation - April 2 - 5, 2017

28 (ISC)2 CPE CREDITS

The Immunity Kernel Exploitation Master Track focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to this class.

Syllabus (subject to change):

DAY 1

* User Land vs Kernel Land

* Introduction to the Kernel Land

* Kernel Debugging Environment

* Kernel Internals

DAY 2

* Memory Models and the Address Space

* Kernel Shellcodes

* Taxonomy of Kernel Vulnerabilities

* Arbitrary Kernel Read/Write

DAY 3

* Kernel Heap Allocators (SLAB/SLUB)

* Kernel Pool Overflows and Use-After-Free

* Race Conditions

DAY 4

* Logical and HW-related Bugs

* Kernel and Hardware Protections

* Bypassing Protections

* The Future of Kernel Vulnerabilities


*IMPORTANT - REFUND POLICY*

  • Conference Briefings and Training Session fees are non-refundable after March 17, 2017.
  • Registrants who must cancel may substitute another person. Substitutions are allowed with the written permission of the original registrant.
  • All cancellation and substitution requests shall be made in writing and sent to infiltrate@immunityinc.com from original registrant.
  • Paid registrants who do not cancel by March 17, 2017, fail to send a substitute or do not attend the conference and/or training forfeit their entire registration fee.

For more information on Cancellation/Substitution policy, please click HERE.



Share with friends

Date and Time

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Save This Event

Event Saved