$699 – $4,800

Training and Workshops @ INFILTRATE 2018

Event Information

Share this event

Date and Time

Location

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Event description

Description


*IMPORTANT - CONFERENCE / IMMUNITY TRAINING BUNDLE DISCOUNT*

If you are planning to attend an Immunity training class and would also like to attend the conference, please purchase your training ticket FIRST. Once you complete your training ticket purchase, you will be provided a one-time discount code in the confirmation message. You can then use this code to register for the conference at the discounted price of $975. If you register for the conference first, you will not be provided this discount code. The bundle discount does not apply to the Vector 35 Workshop.

*IMPORTANT - GROUP DISCOUNT*

If you are a company/organization looking to send several members of your team to the conference and/or training, please reach out to us at infiltrate@immunityinc.com or call 786.220.0600 (M-F 9am-5pm EST) to learn more about discount options.



Immunity Training Overview

Immunity's training courses offer (ISC)2 CPE credits for CISSP, CSSLP and SSCP certifications. Just let us know that you are interested in earning credits after your register by emailing infiltrate@immunityinc.com.

If you are trying to determine which class you are best suited for, just email infiltrate@immunityinc.com and ask for the evaluation test for the course(s) you are interested in.

The below classes are listed in order of difficulty / skill set required.


Immunity Web Hacking - April 22 - 25, 2018

28 (ISC)2 CPE CREDITS

Immunity's Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity's senior consulting team!

Syllabus (subject to change):

DAY 1 - INTRODUCTION TO XSS

  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • XSS via Flash
  • Crossdomain.xml issues
  • Client side template injection

DAY 2 - COMMAND INJECTION AND XXE/XSLT ATTACKS

  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection

DAY 3 - SQL INJECTION

  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools

DAY 4 - WEB CRYPTO

  • ECB
  • CBC
  • Padding Oracles

Immunity Wide Open To Interpretation - April 23 - 25, 2018

21 (ISC)2 CPE CREDITS

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.

Syllabus (subject to change):

DAY 1

  • Java Classes 101
    • Class member access
    • Classes hierarchy & interfaces
    • Nested & Inner Classes
  • Introduction to Java Security & Sandbx
    • Bytecode Verifier
    • Security Manager & Access Controller
    • Security Manager in Application Servers
    • Serialization
    • Java Reflection
  • Secure Coding Guidelines
  • Environment Setup
  • Java Web Applications Introduction
  • Information Disclosure
  • Input Validation
    • Cross Site Scripting
    • SQL Injection
    • Command Injection
  • Logical Bugs
    • Path Traversal
    • File Disclosure
    • File Overwrite
    • Privilege Escalation

DAY 2

  • Request Forgery
    • Client Side Request Forgery
    • Server Side Request Forgery
  • Dangerous Parsing
    • XML
    • XSLT
    • Deserialization
  • El Injection

DAY 3


  • JNDI/LDAP Manipulation
  • Frameworks & Services
    • WebServices
    • REST APIs
    • Vulnerabilities in Popular Frameworks
  • Crypto
    • Padding Oracle
    • PRNGs
  • Exploitation

Immunity Click Here For Ring0 - April 22 - 25, 2018

28 (ISC)2 CPE CREDITS

Immunity's Click Here for Ring0 class teaches both Windows clientside exploitation as well as Windows kernel exploitation. These two combined courses complement each other perfectly through hands-on exploitation that takes the student from gaining remote access to elevating privileges on modern Windows systems. This is an intermediate class that requires a solid grasp of userland and kernel debugging on Windows platforms.

Syllabus (subject to change):

DAY 1

  • Memory layout analysis
  • Client side vectors of explotation
  • Memory corruption vulnerabilities
  • Use After Free vulnerabilities in practice
  • Exploiting browser plugins

DAY 2

  • Modern day browser protections
  • Information disclosures
  • Improving exploit reliability
  • Hunting for client-side bugs
  • From client to kernel

DAY 3

  • Debugging environment setup
  • Kernel debugging principles
  • Windows kernel architecture
  • Kernel-land vs user-land
  • Kernel shell coding
  • Kernel structures
  • Token stealing

DAY 4

  • Past vulnerabilities & how to find them
  • Protocols
  • IOCTL & FSCTL
  • Window management
  • Arbitrary overwrite exploitation
  • Recent techniques
  • Hands-on Exploitation
  • Custom vulnerable driver
  • Real vulnerabilities

Immunity Master Track - Applied Cryptanalysis - April 22 - 25, 2018

28 (ISC)2 CPE CREDITS

The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.

Syllabus (subject to change):

DAY 1

  • Academia vs Real World Cryptanalysis
  • Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
  • Hands on problem solving with Sage
  • The state of PRNG and associated issues
  • The state of Hash Functions
  • Statistical and Algebraic attacks against Symmetric ciphers
  • A focus on Groebner Bases and SAT

DAY 2

  • The state of RSA (common mistakes & factorization)
  • Solving (EC)DLP (Pollard RHO, Index calculus)
  • Elliptic Curves specifics

DAY 3

  • Real World Implementation issues
  • Symmetric/Asymmetric primitives
  • Source / Compilation / Languages / Platform specific issues
  • Local timing attacks
  • Improvement of an attack using filtering

DAY 4

  • Cache attacks
  • Padding Oracle
  • Remote timing attacks

Immunity Master Track - Kernel Exploitation - April 22 - 25, 2018

28 (ISC)2 CPE CREDITS

The Immunity Kernel Exploitation Master Track focuses on modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to this class.

Syllabus (subject to change):

DAY 1

* User Land vs Kernel Land

* Introduction to the Kernel Land

* Kernel Debugging Environment

* Kernel Internals

DAY 2

* Memory Models and the Address Space

* Kernel Shellcodes

* Taxonomy of Kernel Vulnerabilities

* Arbitrary Kernel Read/Write

DAY 3

* Kernel Heap Allocators (SLAB/SLUB)

* Kernel Pool Overflows and Use-After-Free

* Race Conditions

DAY 4

* Logical and HW-related Bugs

* Kernel and Hardware Protections

* Bypassing Protections

* The Future of Kernel Vulnerabilities


*IMPORTANT - REFUND POLICY*

  • Conference Briefings and Training Session fees are non-refundable after March 30th, 2018.
  • Registrants who must cancel may substitute another person. Substitutions are allowed with the written permission of the original registrant.
  • All cancellation and substitution requests shall be made in writing and sent to infiltrate@immunityinc.com from original registrant.
  • Paid registrants who do not cancel by March 30th, 2018, fail to send a substitute or do not attend the conference and/or training forfeit their entire registration fee.

For more information on Cancellation/Substitution policy, please click HERE.


VECTOR 35 Workshop @ INFILTRATE 2018 | Wednesday, April 25th, 2018

Awesome Automation: Up your RE and VR Game Using Binary Ninja

Want to find more bugs? Speed up your reverse engineering? Automate tedious tasks and let Binary Ninja do some of the hard work. This half-day class is a crash course in program analysis concepts and applying them to reverse engineering and vulnerability research. You'll learn what use an SSA form can have, the limitations of value set analysis and static data flow, when to use a particular abstraction layer, and most importantly, gain practice on concrete examples and produce working code before the end.

NOTE: Purchase of a Vector 35 Workshop ticket does NOT include INFILTRATE 2018 Conference Briefings passes or access to related INFILTRATE 2018 events (the Wednesday Night Welcome Reception and Open Bar, Thursday Night Dinner Reception, Friday Evening Open Bar, or the Immunity Training and INFILTRATE 2018 breakfasts and lunches). This ticket is ONLY for the Vector 35 Workshop on Wednesday, April 25th, 2017.

Laptops will not be provided and students must bring their own. For the syllabus and more information regarding the Vector 35 Workshop, please click HERE.

CPE credits are not available for the Vector 35 Workshop.

Share with friends

Date and Time

Location

Fontainebleau Miami Beach

4441 Collins Avenue

Miami Beach, FL 33140

View Map

Save This Event

Event Saved