Infiltrate Security Conference OPEN CFP

OPEN CFP
This CFP closes in 2 days

CAST YOUR VOTE NOW

Want to have a hand in selecting the presentations you hear at INFILTRATE 2018? It is simple, just log in and let your voice be heard!

49 Reviewers | 7 Mean
SCADA hacking

With the advent of renewable energy in the recent years, the need for scaling up the energy production for the masses has seen a rise. This calls for automation and computer systems integration. This translates to systems such as SCADA ...

36 Reviewers | 7 Mean
Baseband exploitation

Mobile devices have become quite complicated in the past 10 years. Today they feature a number of embedded chips which are tasked with handling things such as Wifi, Bluetooth and cellular communications. These chips run firmware with which a malicious ...

18 Reviewers | 6 Mean
Heap exploitation

Android's libc allocator uses one of two malloc implementations: dlmalloc or jemalloc. This talk explores the technical details of these malloc implementations with a deep dive into the pertinent details of each of them, with the goal of understanding exactly ...

309 Reviewers | 5 Mean
Implants

Meet Parasite OS - a concept and project to create a rogue pseudo operating system on top of the host operating system. Once inside, defensive tools try to detect malicious code by monitoring operating system resources utilization (i.e. ElJefe). Run ...

90 Reviewers | 5 Mean
Exploit Development

On the shoulders of giants, this presentation will take a deep dive into the Dalvik Virtual Machine's JIT implementation and how it can be used and abused to execute shellcode. We will additionally take a cursory look at the JIT ...

57 Reviewers | 5 Mean
Vulnerability Research

Last year at Infiltrate, we celebrated the advantages of logic bugs over memory corruptions and showcased a nice and shiny bug in Chrome on Android from Mobile Pwn2Own 2016. But did we overstate the merits of this bug class? After ...

86 Reviewers | 4 Mean
Vulnerability research

Windows Defender’s malware emulator presents an incredibly attractive attack surface - a remotely reachable, unsandboxed, SYSTEM-privileged, Turing Complete runtime; where a single exploit can provide initial RCE, privilege escalation, and antivirus bypass. As demonstrated by Tavis Ormandy (Project Zero issues ...

62 Reviewers | 4 Mean
Vulnerability Research

Unless one has been living under an infosec rock, it's common knowledge that macOS is rather insecure. But is it so insecure that critical security bugs inadvertently appear during OS spelunking sessions? Unfortunately yes! In this talk, we'll cumulatively discuss ...

60 Reviewers | 4 Mean
Vulnerability research

Virtual machines play a crucial role in modern computing. They are often used to isolate multiple customers with instances on the same physical server. Virtual machines are also used by researchers and security practitioners to isolate potentially harmful code for ...

61 Reviewers | 4 Mean
Vulnerability research

Desktop virtualization solutions like Oracle VirtualBox are extremely useful for software development, kernel debugging and security research. Theyare also often used to isolate potentially malicious or vulnerable code, and thus present interesting targets for exploitation. In VirtualBox, beside the obvious ...

54 Reviewers | 4 Mean
Vulnerability research

American Fuzzy Lop (AFL) revolutionized fuzzing. It’s easily the best thing out there for quickly performing cutting-edge automated vulnerability analysis on command line applications. But what about the situations where accessing the logic you want to fuzz via command line ...

19 Reviewers | 5 Mean
Mitigation bypass

The sandbox, last line of defense for many networks, isn't what it used to be. In our talk, we show how attackers can bypass sandbox security, inserting malicious code on servers without getting flagged, by taking advantage of basic rules ...

238 Reviewers | 3 Mean
Pentest

Penetration Testers (aka.Ethical hackers) come from different backgrounds: developers, database, system, or network administrators, etc. In this talk we will discuss how the decisions you are making today may influence your area of expertise. In this talk we will cover ...

70 Reviewers | 3 Mean
Reverse Engineer

Reverse engineering software is commonly done and has various goals such as finding vulnerabilities, learning about security mechanisms and countermeasures, and for general understanding and information extraction. Obviously all software will be reverse engineered at some point but you will ...

61 Reviewers | 3 Mean
Exploit Development

In 2017, we released tools [1] and published a series of 8 blog posts [2] on Cisco ASA internals. This talk is about the journey of how we discovered a remote pre-authentication vulnerability in Cisco ASA firewalls in the AnyConnect ...

112 Reviewers | 3 Mean
Exploit Development

With the Windows 10 Creators Update, to the shock and horror of exploit writers everywhere, Microsoft introduced Arbitrary Code Guard (ACG). ACG’s goal is to make it impossible to allocate new executable memory or modify existing executable memory in the ...

59 Reviewers | 3 Mean
Vulnerability research

Stressers/Booter services is providing "DDoS as A Service" and they are getting more and more powerfull, measured in amount of traffic, but the current resources they use could be improved, and optimized, and perform a much more dangerous and advanced ...

42 Reviewers | 3 Mean
Vulnerability Research

QNX is a proprietary, real-time operating system used in many sensitive and critical embedded devices in different industry verticals from networking and automotive equipment to military and industrial control systems. While some prior security research has discussed QNX, mainly as ...

29 Reviewers | 3 Mean
Implant methodology

This​ ​ talk​ ​ will​ ​ provide​ ​ insights​ ​ into​ ​ different​ ​ techniques​ ​ uncovered​ ​ by​ ​ a ​ ​ study​ ​ of​ ​ more​ ​ than​ ​ 300 unique​ ​ malware​ ​ samples​ ​ and​ ​ ...

114 Reviewers | 2 Mean
Social Engineering

How the Defcon 2017 SE CTF experience can help organizations defend against social engineering. Robert discusses his third place experience at the Defcon 2017 SE CTF and how his efforts clearly show how easy it is to get sensitive information ...

107 Reviewers | 2 Mean
Vulnerability Research

Attackers hope getting administrator privileges always. If they had get it, they can do anything. Therefore, they try to get administrator privileges in various ways, such as account stealing, privilege escalation, UAC bypass. I gave a presentation in BSidesLV 2017 ...

52 Reviewers | 2 Mean
Mobile Research

Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers and protectors. This additional step just before publishing the app adds complexity for Android Bouncers and various static, and dynamic code analysis tools. Along with ...

52 Reviewers | 2 Mean
Vulnerability Development

Zero-day exploits targeting browsers are usually very short-lived. These zero-days are actively gathered and analyzed by security researchers. Whenever a new 0-day becomes known by the security industry, protections against the exploit are shared, AV/IDS signatures are made, patches are ...

47 Reviewers | 2 Mean
Vulnerability Research

In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless local security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel ...

32 Reviewers | 2 Mean
Penetration Testing

Every year thousands of organizations are compromised by targeted attacks. In many cases the attacks are labeled as advanced and persistent which suggests a high level of sophistication in the attack and tools used. Many times, this title is leveraged ...

45 Reviewers | 1 Mean
Penetration Test

0days for enterprise software, to be made available for Metasploit - So much money is spent on SIEMs, Firewalls, Intrusion Detection Systems, and more soft- and hardware which is intended to make enterprise environments more secure, protecting them against the ...

41 Reviewers | 1 Mean
Red Teaming

In recent years, ‘red teaming’ has become a market buzzword often prompting corporate excitement and weaving an image of ‘pentesting’ in a red cape. This is unacceptable. The essence of red teaming is a healthy mix of ‘gegenspiel’ (Adversarial Thinking) ...

452 Reviewers | 0 Mean
Pentesting

Today, we keep hearing about massive data breaches and companies being hacked. While some of the bigger breaches do not have a Social Engineering angle, many do and do not even know it! The presentation will provide attendees with advanced ...

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are:

  • A trip to Miami Beach during the non-gates-of-hell hot season
  • A stay at one of the premier luxury resorts in the area
  • A no-bullshit environment where you don't have to be apologetic about
  • Ability to participate in the 1st ever profit sharing conference