CONFERENCE
APR 16-17,
2015
FONTAINEBLEAU HOTEL
Miami Beach

Cast Your Vote Now

Want to have a hand is selecting the presentations you hear at INFILTRATE 2015? It is simple. Just log in and let your voice be heard!

Interested in Speaking

We are pleased to announce that Call For Papers for INFILTRATE 2014 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, bio and headshot to cfp@immunityinc.com.
Some of the benefits of speaking at INFILTRATE are:

1. A trip to Miami Beach during the non-gates-of-hell-hot season
2. A stay at one of the premier luxury resorts in the area
3. A no-bullshit environment where you don't have to be apologetic about breaking stuff without fixing it
4. Chance to man-wrestle Dave Aitel at our annual BJJ event

Talks

speaker

20 ways past secure boot
(4) reviewers

Author: Jasper van Woudenberg
Category: Hardware
Summary: This talk presents an overview of all things that can go wrong when developers attempt to implement a chain of ...

speaker

Legacy Sandboxing: Escaping IE11 Enhanced Protected Mode
(3) reviewers

Author: James Forshaw
Category: Exploit Development
Summary: In June 2013 Microsoft started the first of their new bug-bounty programs, focusing on finding vulnerabilities in IE11 on the ...

speaker

Offensive OSINT
(3) reviewers

Author: Sudhanshu Chauhan
Category: OSINT
Summary: As, the scope of penetration testing emerges, the end-to-end approach of penetration testing is broken into multiple entities, out of ...

speaker

Hacking US traffic control systems
(3) reviewers

Author: Cesar Cerrudo
Category: Fire Sale operations
Summary: Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist ...

speaker

Fun attacks using a compromised random number generator
(3) reviewers

Author: Nick Sullivan
Category: Crypto attacks
Summary: Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have ...

speaker

I See Your APT And Raise You BSFUD
(2) reviewers

Author: Jesus Oquendo
Category: APT
Summary: While companies, and news organizations, have been fixated on naming threat actors via "debunkable" fashion (IP addresses, strings in memory), ...

speaker

Ghosts of Christmas Past: Fuzzing Language Interpreters using Regression Tests
(2) reviewers

Author: Sean Heelan
Category: Bug finding
Summary: In this talk I will discuss an approach to fuzzing language interpreters that has found a large number of bugs ...

speaker

Python, deflowered: Shangrila!
(1) reviewers

Author: Christos Kalkanis
Category: Trojans
Summary: The use of dynamic languages in sophisticated persistent frameworks is not new. In the past, Lisp, Forth and Lua have ...

speaker

Breaking Same-Origin Policy for mastering targeted attacks
(1) reviewers

Author: Mauro Gentile
Giorgio Fedon
Category: APT
Summary: Today's threat actors could take advantage of strategic surprise to conduct stealth and unpredictable targeted attacks. Such an approach would ...

speaker

MDM is gone, MAM is come. New Challenges on mobile security
(1) reviewers

Author: Yury Chemerkin
Category: Mobile Security
Summary: Synopsis of Talk Last years, we have been observing a market expansion on compliance, guidelines and best practices besides of ...

speaker

Drone Attacks! 50 Ways to Lose Your Hover
(1) reviewers

Author: Davi Ottenheimer
Category: Drones Exploitation
Summary: This presentation shows how to find and attack drones, for good. A simple perl script called skyjack was released after ...

speaker

Digital Rights Management for Malicious Software
(1) reviewers

Author: Paul Royal
Category: Malware
Summary: To process and extract intelligence from large volumes of suspect executables collected in networks each day, numerous automated malware analysis ...

speaker

JS Suicide: Using JavaScript Security Features to kill JS Security
(1) reviewers

Author: Ahamed Nafeez
Category: Browser Security
Summary: Abstract: JavaScript today has a presence in almost every single website across the Internet. Aggressive research is in progress in ...

speaker

“I know your email-filtering policy far better than you do”: External enumeration of email security solutions
(1) reviewers

Author: Ben Williams
Category: Information Gathering
Summary: Email-filtering is a core component for protecting company employees from malware, phishing and client-side attacks. These solutions are never 100% ...

speaker

SQL Injections to MIPS Overflows: Part Deux
(1) reviewers

Author: Zachary Cutlip
Category: Exploit Development
Summary: A while back, I showed how to combine SQL injection vulnerabilities with MIPS Linux buffer overflows in order to pop ...

speaker

Autonomous Pentesting Drone Army
(1) reviewers

Author: Dr. Phil Polstra
Category: Penetration Test
Summary: Are you tired to running pentests from a van outside your target? Working 24x7 hunched over your laptop got you ...

speaker

Avoid execution on Virtual machines
(1) reviewers

Author: Jordi Vazquez
Category: Exploit Development
Summary: A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow ...

speaker

Fuzzing,reversing and Maths
(1) reviewers

Author: Josep Pi Rodriguez
Pedro Guillén Núñez
Category: Vulnerability Research
Summary: We want to presentate several 0days using fuzzing and reverse engineering and maths. 1 Critical remote 0day in an EMC ...

speaker

Researching Android Device Security with the Help of a Droid Army
(1) reviewers

Author: Joshua J. Drake
Category: Android
Summary: In the last few years, Android has become the world's leading smart phone operating system. Unfortunately, the diversity and sheer ...

speaker

Analytics, and scalability, and UEFI exploitation! Oh my!
(1) reviewers

Author: Teddy Reed
Category: Firmware
Summary: We use UEFI and commodity PC manufacturer "firmware" as a use case for vulnerability discovery and exploit development powered by ...

speaker

Culture Shock: exploiting failures in culture, legislation, system design and IT implementations for fun and profit
(1) reviewers

Author: Jose Luis Garduno
Category: OSINT
Summary: This work-in-progress talk will present the results of the master thesis titled "Shortcomings in [REDACTED SOUTH AMERICAN COUNTRY] privacy protection: ...

speaker

JavaScript Rootkit From Hell
(1) reviewers

Author: Mohamed Bedewi
Category: Web Hacking
Summary: During this presentation the audience will get exposed to one of the most dangerous and sophisticated JavaScript attacks which can ...

speaker

Anti Virus or Attack Vector?
(1) reviewers

Author: Alex Grant
Category: Exploit Development
Summary: Attacking modern browsers can be difficult. You may need to chain together multiple exploits and leverage kernel vulnerabilities just to ...

speaker

Exploiting Hyper-V
(1) reviewers

Author: Felix Wilhelm, Matthias Luft
Category: Hypervisors
Summary: In this presentation we will describe our research on the architecture and security of the Hyper-V hypervisor and its role ...

speaker

Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
(1) reviewers

Author: Collin Mulliner
Category: Bug Finding
Summary: Graphical user interfaces (GUIs) contain a number of common visual elements or widgets such as labels, text fields, buttons, and ...

speaker

How to Train your Snapdragon
(0) reviewers

Author: Josh Thomas
Category: Mobile
Summary: Have you ever wondered how power is routed around your phone, how it is stored and if it could be ...

speaker

Bypassing EMET 4.1
(0) reviewers

Author: Jared DeMott
Category: Exploit Development
Summary: The goal of this study is to gauge how difficult it is to bypass the protections offered by EMET, a ...

speaker

Zombies in ur air
(0) reviewers

Author: Gaurav Raj Anand
Category: Wireless
Summary: With the growing need and advancement in technology, enterprises were in need of a unique kind of technology that can ...

speaker

Just What The Doctor Ordered?
(0) reviewers

Author: Scott Erven
Category: Security Testing
Summary: You have probably heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a ...

speaker

CFP - Hunting Down a Cyber Scammer (The Bourne Identity)
(0) reviewers

Author: Fadli B. Sidek
Category: Social Engineering
Summary: As the number of online users grow, so will the number of online criminals. We have read in the newspapers ...

speaker

No cure for social engineering: The case of numb employees
(0) reviewers

Author: Dr. Aury M. Curbelo
Category: Social engineering
Summary: The presentation will discuss cases studies about intense and offensive techniques used in different companies to execute social engineering attacks. ...

speaker

Offensive Chinese Hacks - Designed to Make You See Red!
(0) reviewers

Author: William Hagestad II
Category: APT
Summary: During this presentation the audience will be exposed several offensive Chinese Hacking tools taken from direct field experience and research...all ...

speaker

A Curious Cyber War: Business Owners vs Investors
(0) reviewers

Author: Suzanne E. Kecmer
Category: Investment Banking
Summary: This presentation will discuss recent market and valuation trends of offensively-focused cyber companies. The audience will be exposed to an ...