Infiltrate Security Conference OPEN CFP

OPEN CFP
This CFP is not yet open - Check back soon!

CAST YOUR VOTE NOW

Want to have a hand in selecting the presentations you hear at INFILTRATE 2018? It is simple, just log in and let your voice be heard!

43 Reviewers | 7 Mean
Vulnerability Research

The Component Object Model has been part of Windows for over 20 years, in that time it’s gained new abilities such as remoting with DCOM, service component model with COM+ and forms the bedrock of the WinRT library which is ...

42 Reviewers | 7 Mean
Vulnerability Research

Program Analysis is often hampered when source code is not available. Many static program analysis tools depend on the availability of source code and cannot operate on binaries. One solution to this problem is Intermediate Languages that allow advanced analysis, ...

29 Reviewers | 7 Mean
Vulnerability Development

Whether you are looking for vulns, or handling vulns reported by others, at some point you're going to have a repro that crashes an application and you're going to want to know as much as possible about the bug it's ...

20 Reviewers | 7 Mean
Vulnerability Research

While the majority of baseband vendors use lightweight real-time operating systems there's a chipset vendor with substantial market share in China that uses a POSIX compliant operating system. In recent years, Android smartphones using this chipset have also seen increased ...

62 Reviewers | 6 Mean
Exploit Development

Long gone are the days of trivially exploiting services to gain root; these days, multiple exploits are typically strung together to form an exploit chain. If sections of the chain fail, an attacker is left with a situation where they ...

51 Reviewers | 6 Mean
Vulnerability Development

Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you've never heard of any vulnerability in its code ...

61 Reviewers | 6 Mean
Vulnerability Development

Memory corruption exploits are requiring greater and greater investment in time and effort to bypass the latest mitigations in applications like Chrome and the underlying operating system. When combined with the competition of everyone in the world running a fuzzer, ...

66 Reviewers | 6 Mean
Vulnerability Research

Achieving a successful remote compromise of a modern Apple iOS device has become in recent years particularly challenging for an adversary, thanks to all the good work done by Apple. Nevertheless in this talk we will describe our ideas and ...

48 Reviewers | 6 Mean
Exploit Development

The jemalloc allocator has been adopted as the default libc malloc(3) implementation on Android since version 5.0, and is being used up to the latest one (7.0 - Nougat). We have previously analyzed in depth memory corruption attacks against jemalloc ...

44 Reviewers | 6 Mean
Vulnerability Research

In this talk we focus on challenges that Fried Apple team solved in a process of making untethered 9.0-9.3.x jailbreak. We will reveal the internal structure of modern jailbreaks, including low level details such as achieving jailbreak persistence, creating a ...

33 Reviewers | 6 Mean
Mitigation Bypass, Payload Development

Metasploit Windows x86/x86_64 shellcodes have been defeated by EMET and other techniques not only in exploit deployment but through using these shellcodes in non-exploitation situations (e.g. binary executable shellcode wrappers, PowerShell deployment, and MS Office macros,). This talk describes taking ...

25 Reviewers | 6 Mean
Penetration Testing

Windows 10 and Server 2016 immediately provide defensive technologies that can be used to secure endpoints within your domain. Both operating systems allow administrators granular control over how to best administer and defend their network, and in the opinion of ...

38 Reviewers | 5 Mean
Vulnerability Research

Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from your smartphone to the printer that is in your office. IEEE 802.11 standard has many versions and 3rd party extensions ...

43 Reviewers | 5 Mean
Exploit Research

Software-Defined Networking (SDN) is an emerging paradigm to support and optimize virtualization communication systems. Numerous research development approaches utilize SDN as a catalyst to enhance network management between computing systems and to identify common network security attacks. A major concern ...

12 Reviewers | 6 Mean
Exploit Development

The problems of shellcode generation and of memory corruption exploit development share a birthday. In brief, memory corruption exploits must trick a program into executing machine code ("shellcode") provided as input. Each individual exploit scenario may place constraints upon the ...

33 Reviewers | 4 Mean
Penetration Testing

Every company, big and small, is hopping on the SIEM bandwagon. And while they are being sold a solution to help secure their networks the reality is that these systems practice poor security, are generally implemented by people with little ...

32 Reviewers | 4 Mean
Vulnerability Research

With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current ...

34 Reviewers | 4 Mean
APT

Lateral movement over Named Pipes is a great method to evade defenders and it was being used in many well-known APTs such as Duqu, Regin, APT28 and many more. With malware-less running in-memory and encrypted named pipes running over default ...

33 Reviewers | 4 Mean
Vulnerability Development

Security companies are increasing their focus on behavior based detection to convict malicious software but thanks to Microsoft's Kernel Patch Protection (a.k.a. PatchGuard) vendors must rely on user-mode hooks in order to capture behavior telemetry. User-mode hooking is dead. At ...

32 Reviewers | 4 Mean
Vulnerability Development

Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet our ...

42 Reviewers | 4 Mean
Exploit Research

Many can identify the soft, fallible bundle of meat and love that is a human. Humans can be found in their natural habitat milling around at the fuzzy edges of unsuspecting computer systems. Let’s go on a safari through benefits ...

28 Reviewers | 4 Mean
Exploit Research

An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent ...

23 Reviewers | 4 Mean
Exploit Research

The cloud is new to many including red teams and the traditionally post exploitation and other common TTP are sometime inapplicable or different due to lack of domain environment and limited surface. The Microsoft Cloud & Enterprise red team will ...

12 Reviewers | 4 Mean
Penetration Test

Recently, the use of mobile payment services (like Apply Pay and PayPal) has been increasingly popular over time. Being closely related to financial transactions, those systems are often required to be highly secure in order to defend against possible security ...

10 Reviewers | 4 Mean
Vulnerability Development

SMT solvers are nifty, and pretty easy to apply to simple or repetitive binary analysis problems. Implementing instruction semantics for a specific branch structure, or the subset of arithmetic operations used by a specific obfuscation pass has a pretty low ...

53 Reviewers | 3 Mean
Penetration Testing

Recently Indian government launched a mega scheme 'Jan Dhan Yojana'. On the inaugural day 15 Millions of bank accounts were opened across the country. To cope up with such an increasing customers, Indian banks have come up with a self ...

28 Reviewers | 3 Mean
Penetration Testing

Graph databases are an "emerging" technology useful in the field of cybersecurity, especially in the detection of new threats based on the correlation of diverse sources of information. However, insufficient attention has been spent in terms of its security. In ...

20 Reviewers | 3 Mean
Vulnerability Research

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. Earlier this month I released an open-source scanner that takes an alternative ...

16 Reviewers | 3 Mean
Penetration Test

Internet of things is surrounding us. Is it secure? Or does its security stand on (deemed) invisibility? SDR (Software-defined radio) and GNU Radio can answer these questions. In this presentation, we will play some modern wireless devices. They have similar ...

34 Reviewers | 2 Mean
Virtual Hacking

Platform accessibility, programming frameworks, hardware sprawl, and yes....the porn industry are driving how quickly virtual reality is being brought in to several aspects of our lives. Interfaces for integrated technology controls are the next frontier, and driving the defense of ...

15 Reviewers | 2 Mean
Vulnerability Development

Your webapp is probably dumping ERRORs and FATALs to your logs & you’re ignoring them unless your site is down & your pager is going off. Does anyone ever do anything with them outside of running some tail –f’s to ...

15 Reviewers | 2 Mean
OSINT

Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. But those attacks are only as good as the information used to create them. This presentation will arm you with the latest open-source intelligence ...

24 Reviewers | 1 Mean
Defense

Code signing is a powerful method to ensure only validated code will be executed. Using this technique in Windows and Linux with real world use cases, this talk demonstrates how to catch any type of exploitation resulting in code execution ...

25 Reviewers | 1 Mean
APT

Patchwork is a highly successful nation state targeted attack operation, which infected approximately 2,500 high-value targets such as governments, worldwide. It is the first targeted threat captured using a commercial cyber deception platform. In this talk, we will share how ...

25 Reviewers | 1 Mean
APT

Cybercrime is risky business but it’s also big business. Lloyd’s of London estimates the cost of cybercrime to businesses at $400B annually. Why is cybercrime such a massive business? This session will take you into the Threat Actors Studio and ...

20 Reviewers | 0 Mean
Exploit Development

In this talk we will review security of IoT devices from the hacker's standpoint and cover common developers' mistakes and ways these bugs may be exploited. The talk will include the analysis and examples of ramifications of poor architectural solutions, ...

20 Reviewers | 0 Mean
Vulnerability Research

Today all companies who are concerned about their security use IDS/IPS solutions. But do such systems really make hackers' life harder? In this talk we will try to find the answer considering the modern IDS/IPS bypass techniques. Also we will ...

12 Reviewers | 0 Mean
Penetration Test

Ever wondered how bad, piracy affects the rightful owners of the stuff that you are downloading? Entertainment industry suffers huge losses because of piracy. Obviously, it is impossible to estimate the value of piracy industry, nevertheless, this industry is estimated ...

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: