Infiltrate Security Conference OPEN CFP

OPEN CFP
This CFP is not yet open - Check back soon!

CAST YOUR VOTE NOW

Want to have a hand in selecting the presentations you hear at INFILTRATE 2018? It is simple, just log in and let your voice be heard!

Reviewers | 4 Likes
Exploit Development

In June 2013 Microsoft started the first of their new bug-bounty programs, focusing on finding vulnerabilities in IE11 on the upcoming Windows 8.1 OS. Rather than spending my time fuzzing for RCEs I instead focused on pure logic bugs and ...

Reviewers | 4 Likes
Hardware

This talk presents an overview of all things that can go wrong when developers attempt to implement a chain of trust also called 'secure boot'. This talk is not so much focused at things like UEFI and Microsoft lockdown, but ...

Reviewers | 3 Likes
OSINT

As, the scope of penetration testing emerges, the end-to-end approach of penetration testing is broken into multiple entities, out of which Information Gathering phase is the most important one. And guess what, being targeted on exploitation, most of us simply ...

Reviewers | 3 Likes
Fire Sale operations

Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so ...

Reviewers | 3 Likes
Crypto attacks

Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A ...

Reviewers | 3 Likes
Bug finding

In this talk I will discuss an approach to fuzzing language interpreters that has found a large number of bugs over the past few months, across a number of different targets (Javascript, PHP & Ruby interpreters). Taking inspiration from previous ...

Reviewers | 2 Likes
Information Gathering

Email-filtering is a core component for protecting company employees from malware, phishing and client-side attacks. These solutions are never 100% effective - it can be trivial for an attacker to bypass the security controls if they know exactly what products ...

Reviewers | 2 Likes
APT

While companies, and news organizations, have been fixated on naming threat actors via "debunkable" fashion (IP addresses, strings in memory), this is setting a dangerous precedence. Relying on these methods of analyzation leaves room for plenty of defensive errors, and ...

Reviewers | 1 Likes
Trojans

The use of dynamic languages in sophisticated persistent frameworks is not new. In the past, Lisp, Forth and Lua have all been used successfully to that effect. This talk will discuss how a complete Python environment can be transformed into ...

Reviewers | 1 Likes
APT

Today's threat actors could take advantage of strategic surprise to conduct stealth and unpredictable targeted attacks. Such an approach would immediately complicate the task of the mechanisms in place to defend against these. As APT/AVTs (advanced persistent threats and advanced ...

Reviewers | 1 Likes
Mobile Security

Synopsis of Talk Last years, we have been observing a market expansion on compliance, guidelines and best practices besides of technical solutions on mobile security like MDM or something. There is a byword (typical stereotyped view) – “Many employees do ...

Reviewers | 1 Likes
Drones Exploitation

This presentation shows how to find and attack drones, for good. A simple perl script called skyjack was released after Amazon announced intentions to deliver packages via unattended aerial vehicles (UAV). Skyjack was designed to intercept good drones and turn ...

Reviewers | 1 Likes
Malware

To process and extract intelligence from large volumes of suspect executables collected in networks each day, numerous automated malware analysis systems (now represented by various threat detection appliances and multi-billion dollar companies) have been created. In an effort to avoid ...

Reviewers | 1 Likes
Browser Security

Abstract: JavaScript today has a presence in almost every single website across the Internet. Aggressive research is in progress in the security community to come up with better security features in JavaScript everyday. But unfortunately, many security features of JS ...

Reviewers | 1 Likes
Exploit Development

A while back, I showed how to combine SQL injection vulnerabilities with MIPS Linux buffer overflows in order to pop root on Netgear SOHO routers. I decided to revisit the "ReadyDLNA" UPnP server that ships on nearly all Netgear routers, ...

Reviewers | 1 Likes
Penetration Test

Are you tired to running pentests from a van outside your target? Working 24x7 hunched over your laptop got you down? Wouldn't you rather drop a few hacking devices outside/inside your target and monitor the test poolside at your hotel ...

Reviewers | 1 Likes
Exploit Development

A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. In this ...

Reviewers | 1 Likes
Vulnerability Research

We want to presentate several 0days using fuzzing and reverse engineering and maths. 1 Critical remote 0day in an EMC application. 2 Critical remote 0day in a novosoft famous backup application.The main idea is to present 0days found by us ...

Reviewers | 1 Likes
Android

In the last few years, Android has become the world's leading smart phone operating system. Unfortunately, the diversity and sheer number of devices in the ecosystem represent a significant challenge to security researchers. Primarily, auditing and exploit development efforts are ...

Reviewers | 1 Likes
Firmware

We use UEFI and commodity PC manufacturer "firmware" as a use case for vulnerability discovery and exploit development powered by analytics. BIOS, UEFI, and embedded firmware are recent focus areas for vulnerability analysis and exploit research. There are great offensive-security ...

Reviewers | 1 Likes
OSINT

This work-in-progress talk will present the results of the master thesis titled "Shortcomings in [REDACTED SOUTH AMERICAN COUNTRY] privacy protection: an overview of public policies, culture, system design, IT implementations and tools to exploit them." First, we will see how ...

Reviewers | 1 Likes
Web Hacking

During this presentation the audience will get exposed to one of the most dangerous and sophisticated JavaScript attacks which can start by a mouse click and end by a total PWN in a command and control environment, being a zombie ...

Reviewers | 1 Likes
Exploit Development

Attacking modern browsers can be difficult. You may need to chain together multiple exploits and leverage kernel vulnerabilities just to get reliable remote code execution at a useful integrity level. Anti Virus software potentially offers an easier way in. AV ...

Reviewers | 1 Likes
Hypervisors

In this presentation we will describe our research on the architecture and security of the Hyper-V hypervisor and its role in the Microsoft Azure cloud. Besides a deeply technical discussion of the hypervisor implementation and its attack surface, we will ...

Reviewers | 1 Likes
Bug Finding

Graphical user interfaces (GUIs) contain a number of common visual elements or widgets such as labels, text fields, buttons, and lists. GUIs typically provide the ability to set attributes on these widgets to control their visibility, enabled status, and whether ...

Reviewers | 0 Likes
Mobile

Have you ever wondered how power is routed around your phone, how it is stored and if it could be made dangerous? I have, and I somehow talked the DARPA Cyber Fast Track group into funding my research into the ...

Reviewers | 0 Likes
Exploit Development

The goal of this study is to gauge how difficult it is to bypass the protections offered by EMET, a popular Microsoft zero-day prevention capability. We initially focused on just the ROP protections, but later expanded the study to include ...

Reviewers | 0 Likes
Wireless

With the growing need and advancement in technology, enterprises were in need of a unique kind of technology that can help them to spread to a wide range of communication spectrum with a more robust, reliable and secured stigma. Well, ...

Reviewers | 0 Likes
Security Testing

You have probably heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of the medical device industry as it relates to ...

Reviewers | 0 Likes
Social Engineering

As the number of online users grow, so will the number of online criminals. We have read in the newspapers about how people are being scammed and tricked into giving money to people who claimed to need help, claimed to ...

Reviewers | 0 Likes
Social engineering

The presentation will discuss cases studies about intense and offensive techniques used in different companies to execute social engineering attacks. Some of the techniques includes; pretexting, dropping media with malwares, dumpster diving, Facebook profiling. Also we will discuss how to ...

Reviewers | 0 Likes
APT

During this presentation the audience will be exposed several offensive Chinese Hacking tools taken from direct field experience and research...all will be in Mandarin Chinese but accompanied by Modern English translations....a clear delineation between Chinese Cyber Criminals and the People's ...

Reviewers | 0 Likes
Investment Banking

This presentation will discuss recent market and valuation trends of offensively-focused cyber companies. The audience will be exposed to an unvarnished look at the financial condition of the sector and its (in)ability to stand up to the inescapable recapitalization (re-tooling) ...

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: