CONFERENCE
APRIL 11-12, 2013
FONTAINEBLEAU HOTEL
Miami Beach
Training Overview
For the past two years the training classes offered at INFILTRATE have sold out. We anticipate the same for INFILTRATE 2013, so reserve your seat early. Please click here for registration and pricing information.
Which class is right for you?
Prerequisite evaulation tests are available for all training classes. These tests will help determine your skill level. Please email infiltrate@immunityinc.com for a copy of the test(s).
Unethical Hacking
Immunity's Unethical Hacking course focuses on teaching fundamentals of Windows x86 exploitation by having students write exploits! This class attempts to teach a strategic approach to attack and penetration that goes beyond "penetration testing" to model how a real attacker approaches targeting your company.
Security professionals familiar with x86 assembler, some reverse engineering, debugging, and Windows memory management will be best suited for this course.
Day 1: Intro
- Introduction to Assembly language
- Understanding stacks and memory layout
- Understanding calling conventions
- Introduction to buffer overflows
- Post-mortem analysis using Immunity Debugger
- Build your own exploits against entry-level targets using VisualSploit (challenge level: easy - medium)
Day 2: Exploit Writing
- Build your own exploits against real targets using VisualSploit (challenge level: easy - medium)
Day 3: Exploit Writing
- Build your own exploits against real targets using VisualSploit (challenge level: medium - high)
Day 4: Attack Automation Using CANVAS
- Advanced usage of the CANVAS exploitation framework
- Enumerate hosts on the network
- Fingerprint found hosts on the network
- Remote Exploitation
- Client-Side Exploitation using ClientD
- Maintain persistence on compromised devices using trojans/rootkits
- Escalation of privileges via local vulnerabilities
- Build your own custom local command (in Python using the CANVAS API)
- Bounce from one compromised machine to another to get further into a network
- Custom Wargame
- Find and exploit vulnerabilities in a custom web application. First to get root wins a prize!
Immunity Master Class
The Master class focuses on SMT, kernel exploitation and vulnerability findings. Intermediate to advanced exploit development skills are recommended for students wishing to take the Master class.
Day 1 - Finding bugs
- Advanced C Auditing
Day 2: SMT
- Introduction to automated static analysis
- Writing static analysis tools with Immunity Debugger
- Introduction to SMT solvers and symbolic execution
- Build your own DEPLIB - Automatically finding ROP gadgets
Day 3: SMT
- Tracing data and automatically generating new inputs
- Whitebox fuzzing - Using SMT solvers to fuzz for bugs
Day 4: Kernel-mode exploitation
- Debugging environment setup
- Kernel debugging principles
- Windows kernel architecture
- Kernel-land vs user-land
- Kernel shellcoding
- Kernel structures
- Token stealing
Day 5: Kernel-mode exploitation
- Past vulnerabilities & how to find them
- Protocols
- IOCTL & FSCTL
- Window management
- Arbitrary overwrite exploitation
- Kernel pool overflow exploitation
- Recent techniques
- Hands-on Exploitation
- Custom vulnerable driver
- Real vulnerabilities
Web Hacking
Immunity's WebHacking course focuses on understanding common web hacking techniques by having students exploit vulnerable systems. Security professionals with some hands on web hacking experience will get the most out of this course.
Day 1
- HTTP Protocol Refresher
- Linux CLI Refresher
- Information Gathering
- Finding and filtering Information Disclosure vulnerabilities
- Introduction to exploiting SQL injections (non-blind)
Day 2
- XSS and XSRF
- Practical Brute Force with Python
- Intermediate SQL Injection exploitation (blind)
- Privilege Escalation with CANVAS and Post Exploit Actions
Day 3
- LFI/RFI
- Review for questions
- Wargames
