Infiltrate Security Conference OPEN CFP

OPEN CFP
This CFP is not yet open - Check back soon!

CAST YOUR VOTE NOW

Want to have a hand in selecting the presentations you hear at INFILTRATE 2018? It is simple, just log in and let your voice be heard!

Reviewers | 4 Likes
Penetration Test

For the last two years, the Ghost in the ShellCode Capture the Flag (CTF) has done something unique -- built a series of CTF challenges inside of a custom MMO. Given that many in security research got their start cracking ...

Reviewers | 3 Likes
Exploit Development

The dangers of symbolic links are well known on Unix-like operating systems. Through their misuse a privilege process can be tricked into writing files to a location under the attackers control leading to privilege escalation or disclosing sensitive information. On ...

Reviewers | 3 Likes
Penetration Test

Hacker conferences show off the cutting edge of digital attacks, yet rarely secure themselves against these same attacks. Such conferences offer a gathering place for exactly the type of individuals most capable (and eager) to exploit flaws in the systems ...

Reviewers | 2 Likes
Malware

Abstract: When comparing Microsoft and Apple, Cupertino emerges a winner in pretty much all categories - save for the sophistication of OS X malware. Simply put; while Window malware may leave us in awe (and have entire books dedicated to ...

Reviewers | 2 Likes
Exploit development

Your latest OS X 0day exploit got you root and now what? Apple (finally) introduced mandatory code signing for kernel extensions in Yosemite so there's a new obstacle to your beautiful kernel rootkit. Are you an OPSEC ninja or too ...

Reviewers | 2 Likes
Advance Persistence Threat

Corporations, governments, and everyday people are continuoulsy getting attribution wrong. The recent attack on Sony illustrated this best when researchers at a corporation publicly disputed the origination of an attack. So why are companies getting bad information, is it intentional, ...

Reviewers | 2 Likes
Penetration Test

Abstract: SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and ...

Reviewers | 2 Likes
Vulnerability Development

The Mozilla Firefox browser has a new garbage collection (GC) implementation for its Javascript engine (Spidermonkey) since version 32. This new GC algorithm has introduced significant changes to the way that Firefox's heap is organized. The GC heap is now ...

Reviewers | 2 Likes
Reverse Engineering

I'm working with Apple on a vulnerability I found in OS X 10.10 a while back, known to the public as rootpipe. Rootpipe is a local privilege escalation and affects all versions of OS X (at the time of writing) ...

Reviewers | 2 Likes
Bug Hunting

In this talk Ben Nagy delves into scaling out OSX fuzzfarms on commodity (i.e. non-Apple) hardware. Ben Nagy will demonstrate a fully working (non-hackingtosh) virtualisation of OSX on Linux using KVM and a better instrumentation harness for doing this kind ...

Reviewers | 2 Likes
Penetration Test

The goal of this talk is present a way to abuse a default feature of Cisco routers. The feature mentioned is the Embedded Packet Capture (EPC), described by the Cisco: "... a powerful troubleshooting and tracing tool. The feature allows ...

Reviewers | 1 Likes
Reverse Engineering

Exploit development is a complex and laborious process especially when dealing with various mitigation technologies in modern software and operating systems. Successful vulnerability research and exploit development requires a degree of automation in order to ensure reliability and timeliness of ...

Reviewers | 1 Likes
Privilege Escalation

As the barriers to hijacking the kernel and system processes continue to increase with technologies such as Protected Processes, Patchguard, User Mode/Kernel Mode Code Integrity, and Virtual Machine Sandboxes, the pressure on the components managing these boundaries increases -- any ...

Reviewers | 1 Likes
Vulnerability Research

Abstract LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since ...

Reviewers | 1 Likes
Exploit development

This talk serves to advance the research I published in Phrack 66 (2009) regarding the exploitation of memory corruption bugs utilizing the Objective-C runtime on Mac OS X. While the techniques in the paper are still functional to this day, ...

Reviewers | 1 Likes
SCADA

From buzzword to beachhead: Anything related to SCADA security is a hot topic, but SCADA systems actually represent a great way into otherwise secure companies. It is no secret that “SCADA” (term used in a generic sense to mean any ...

Reviewers | 1 Likes
Vulnerability Development

Memory corruption has plagued computers for decades. These software bugs can often be transformed into working cyber-attacks. High-level protections, such as anti-virus, have done little to stop the tide. Recent low-level protections such as non-executable memory and module randomization have ...

Reviewers | 1 Likes
Reverse Engineering

I propose presenting my work: Hardened Anti-Reverse Engineering System (HARES), a prototype anti-reverse engineering technique providing a method to seamlessly execute AES-encrypted applications with neither the key nor any decrypted instructions residing in accessible memory (even to a compromised kernel) ...

Reviewers | 1 Likes
Vulnerability Development

Fuzzing is undoubtedly one of the most popular methods for both attackers and defenders to find bugs in software. Recent advances in symbolic fuzzing, a technique that allows program logic to direct the fuzzing process, allow their operators to uncover ...

Reviewers | 0 Likes
Tools

== Abstract == This talk is going to be centered around Yasuo, an open-source vulnerable application scanner purely written in Ruby. We plan to release an updated version (v1.0) of Yasuo at INFILTRATE, with many new features and support for ...

Reviewers | 0 Likes
Penetration Test

License managers let software developers focus in software development of the main characteristics of the software they are producing, leaving the license management to third party software solutions. While this may look a great opportunity to save time developing you ...

Reviewers | 0 Likes
Penetration Test

This talk will show attendees multiple ways to use a device based on th BeagleBone Black to perform attacks. Topics will include injecting payloads by emulating an optionally write-protected USB mass storage device, rapidly executing commands on a target using ...

Reviewers | 0 Likes
Denial of Services

Through the last couple of years we were providing on-demand DDoS attacks on our customers' web sites. The ddos mitigation techniques that we encountered were diverse and many times the mitigation strategy was the sole reason of an epic fail, ...

Reviewers | 0 Likes
Data exfiltration

So, you owned a high target network or at least you did your OSINT homework and have a plan. But how do you get the yummy classified documents out from the target network and still flying under their radar? In ...

Reviewers | 0 Likes
Physical Security

While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited ...

Reviewers | 0 Likes
Zero-day Market

Trading vulnerability information or 0-day exploits is considered a risky ordeal. Players in the secretive 0-day market face some inherent obstacles related to time-sensitiveness of traded commodities, trust, price fairness, and possibility of defection. To alleviate some of these problems, ...

Reviewers | 0 Likes
Big Data

Abstract: While the industry’s “blue team” of defenders and analysts are racing to make security detections smart by harnessing the power of Big Data, the aim of this talk is to convey that the “red team” of attackers and penetration ...

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: