Infiltrate Security Conference OPEN CFP

OPEN CFP
This CFP is not yet open - Check back soon!

CAST YOUR VOTE NOW

Want to have a hand in selecting the presentations you hear at INFILTRATE 2018? It is simple, just log in and let your voice be heard!

Reviewers | 20 Likes
Reverse Engineering

Interest in offensive research looking at antivirus software is at an all time high, and only growing - Joxean Koret and Elias Bachaalany recently published "The Antivirus Hacker's Handbook", Tavis Ormandy at Project Zero has been releasing vulnerabilities in Kaspersky, ...

Reviewers | 17 Likes
APT

Dropping a payload or malware onto a target is usually not an issue given the variety of vulnerable software in use. Your challenge is keeping the payload from working and spreading to unintended targets, eventually leading to malware reverse engineers ...

Reviewers | 17 Likes
APT

Every year, so many hacking incidents and cyber terrors happen in the South Korea. So, KrCERT/CC has analysis and profile about 500~1,000 incidents in every year. Among those incidents, there is some of attacks and cyber terrors to government agency ...

Reviewers | 14 Likes
Vulnerability Research

Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes and mitigations are implemented, vulnerabilities in increasingly obscure corners of Flash are coming to light. This presentation describes the attack ...

Reviewers | 13 Likes
Social Engineering

As we grow in security Social Engineering remains one of the most important threats for information security. We could build highly secure systems and still bypass them by relying on human stupidity. Because of this, I still perform research into ...

Reviewers | 10 Likes
Virtualization Research

Instead of simply emulating old and slow hardware, modern hypervisors use paravirtualized devices to provide guests access to virtual hardware. Bugs in the privileged backend components can allow an attacker to break out of a guest, making them quite an ...

Reviewers | 10 Likes
Penetration Test

The talk is about PowerMemory, a tool that provides a different approach to get credentials in Windows memory. An approach that gives the possibility to attack any system regardless of its architecture (x86, x64, nt5, nt6, nt10) and regardless of ...

Reviewers | 9 Likes
Reverse Engineering

At WWDC 2014, Apple introduced Swift, their revolutionary new programming language for the future. Swift promises unapologetic optimization, outstanding speed, and best-in-class language features. Swift is sleek, stunning, and already the most loved language on StackOverflow. Up until now, no ...

Reviewers | 8 Likes
Vulnerability Development

Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on ...

Reviewers | 7 Likes
Mobile Security

Remember that time when you were reversing an iOS or Android app and you thought to yourself “this doesn't feel very natural...”? When using existing tools you begin to lose sleep, food doesn't taste good anymore and life feels more ...

Reviewers | 7 Likes
Exploit Development

This presentation will be a deep-dive into Adobe Reader internals. The focus will be on how to develop reliable exploits by abusing Adobe Reader’s embedded XFA engine. Never heard of XFA before? XFA is Adobe’s XML Forms Architecture: You use ...

Reviewers | 6 Likes
Pentest, Red Team, Malware

How do you write malware that will go unnoticed when the defenders KNOW you are there. How about when there is not other traffic on the network other than you and the defenders? This talk goes through the techniques and ...

Reviewers | 6 Likes
Malware Offense

The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by ...

Reviewers | 5 Likes
Exploit Development

WoW64 is the facility to allow Windows 64bit OS run 32bit application seamless. Under Wow64 context, 64bit DLLs are invisible for 32bit application if 32bit code is running. But Windows 64bit OS setup a dedicated segment for 64bit code, and ...

Reviewers | 5 Likes
Mobile Security

The age of Android is upon us, and is taking no prisoners. More and more Android users flock to the Google Play Store and rummage through apps, searching for the new hotness to download and install on their devices. What ...

Reviewers | 5 Likes
Exploit Development

More and more embedded systems implement functionality to assure the integrity (and confidentiality) of all software executed after power-on reset. These implementations are often found to be logically flawed and can be bypassed (easily) after the vulnerability is identified. Other ...

Reviewers | 5 Likes
APT

Embedded, IOT, and ICS devices tend to be things we can pick up, see, and touch. They're designed for nontechnical users who think of them as immutable hardware devices. Even software security experts, at some point, consider hardware attacks out ...

Reviewers | 4 Likes
Exploit Development

DARPA's Cyber Grand Challenge is a contest to automate vulnerability discovery and patching. We participated in the qualifying event held this past June, and, well, we didn't qualify. Our loss is your gain: we can talk about our automated bug ...

Reviewers | 4 Likes
Binary Analysis

Generating crashing inputs for most targets isn’t particularly hard. In fact, often it’s annoyingly easy and, even with the assistance of automated crash prioritisation tools, the task of figuring out why an interesting crash has occurred, and what exploitation primitives ...

Reviewers | 4 Likes
Exploit Development

Control Flow Integrity (CFI) is a relatively new technique for preventing ROP and other code-reuse attacks. Unfortunately most implementations require compilation from source. However, it is possible to get a level of protection through other means! These techniques are inspired ...

Reviewers | 4 Likes
Penetration Testing

Drone systems are rapidly taking over markets around the world, and drone systems are also made and developed rapidly as well. However, its security aren't in the same way as you think. We can hack drones via a network and ...

Reviewers | 4 Likes
Exploit Development

SCADA system is a system which enable computers to control infrastructures, such as power plants and factories, instead of humans. Plus, SCADA system is different with usual Information Network System in some aspects. No need to considerate about security at ...

Reviewers | 3 Likes
APT

Based upon several recent information security exchanges with China's People's Liberation Army and China's Cyberspace Administration audience members will enjoy direct foreign-based experience from the cyber battlefield and frontier that is the People's Republic of China. Attendees can expect to ...

Reviewers | 3 Likes
Machine Learning, Vulnerabilities

With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known vulnerability detection techniques like static analysis, symbolic execution or fuzzing can be very costly to be used in a large ...

Reviewers | 3 Likes
Penetration Test

While the industry’s “blue team” of defenders and analysts are racing to make security detections smart by harnessing the power of Big Data, the aim of this talk is to convey that the “red team” of attackers and penetration testers ...

Reviewers | 3 Likes
Crypto attacks

Assessing the security of White-Box Cryptography (WBC) implementations often requires a powerful mix of reverse engineering and applied cryptanalysis skills. In this talk we break WBC implementations though novel techniques that *don't* require full deobfuscation or complex applied crypto, but ...

Reviewers | 2 Likes
APT

Heisenberg's Uncertainty principle tells us that in particle physics, the act of observing an event changes its behavior. This is true in computer systems as well, and can be used by an attacker to determine if they are being monitored ...

Reviewers | 2 Likes
Rootkit

Mutation and rootkits are two very powerful techniques commonly used by malware authors to maximize the lifespan of their malware by hindering the detection and analysis process. Many cases of mutation powered malware have been seen in the wild, however, ...

Reviewers | 2 Likes
Vulnerability Research

In the security market, there are different kind of network fuzzing frameworks available. Some fuzzers are blackbox while others are protocol aware. Even the ones that are made protocol aware, the fuzzer writer typically has to get the protocol specification ...

Reviewers | 2 Likes
Exploit Development

In this talk we will move through the past, the present and the future of hacking transportation systems, and how NFC technolgies are changing everything. We will then move a step forward looking for serious vulnerabilities you can found in ...

Reviewers | 2 Likes
Rootkit

Trusted computing architectures, such as Intel’s Trusted Execution Technology (TXT), form the cornerstone of trust for highly sensitive, highly secure systems, often protecting critical servers (e.g. running Xen, VMware ESXi, etc.). Previous work has examined several attacks that bypass TXT, ...

Reviewers | 1 Likes
APT

The Data Exfiltration Toolkit (DET) makes the process of exfiltrating data from networks simpler. It supports numerous protocols and techniques, and can use them simultaneously. Typically, depending on where you are located on a network, different types of traffic restrictions ...

Reviewers | 0 Likes
Physical Security

While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited ...

Reviewers | 0 Likes
Rootkits

Managed Code Rootkits (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a target network. While the concept isn’t new, practical tools for developing MCRs don’t currently exist. Erez Metula released ReFrameworker in ...

Reviewers | 0 Likes
CyberCrime

Abstract: The hardest part of cybercrime is the cashout. The strategy for cashing out needs to be easy enough to make it worth your while and safe enough to stay out of the klink. With more and more focus on ...

Reviewers | 0 Likes
Vulnerability Development

NoSQL Graph Databases have been an eternal part of the internal database network for companies. Visualising data on the go, Ease of understandability, Better analytics,Better database features has forced the companies to choose Graph Databases for data mapping deployed mainly ...

Reviewers | 0 Likes
Vulnerability Research

Fighting off attacks based on memory corruption vulnerabilities is hard and a lot of research was and is conducted in this area. In our recent work we take a different approach and looked into breaking the payload of an attack. ...

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: