Cast your vote for the talks you want to see at INFILTRATE 2018.
As of today, 6 December 2017, I count 26 presentations.
The titles alone are enough to sell the conference:
- Energy Larceny-Breaking into a solar power plant
- Chainspotting: Building Exploit Chains with Logic Bugs
- Back To The Future – Going Back In Time To Abuse Android's JIT
- Windows Offender: Attacking The Windows Defender Emulator
- Bypassing Mitigations by Attacking JIT Server in Microsoft Edge
- A year of inadvertent macOS bugs
- L'art de l’Évasion: Modern VMWare Exploitation techniques
- Unboxing your VirtualBoxes: A close look at a desktop hypervisor
- Fuzzing the ‘Unfuzzable’
- How to become a Penetration tester – an attempt to guide the next generation of hackers
- Parasite OS
- Detecting Reverse Engineering with Canaries
- Discovering & exploiting a Cisco ASA pre-auth RCE vulnerability
- Synthetic Reality; Breaking macOS One Click at a Time
- Dissecting QNX – Analyzing & Breaking QNX Exploit Mitigations and Secure Random Number Generators
- Malware tradecrafts and nasty secrets of evading to escalating
- Sandbox evasion using VBA Referencing
- Exploits in Wetware
- How to escalate privileges to SYSTEM in Windows 10
- Pack your Android: Everything you need to know about Android Boxing
- How to hide your browser 0-days
- So you think IoT DDoS botnets are dangerous – Bypassing ISP and Enterprise Anti-DDoS with 90's techn
- Making love to Enterprise Software
- I Did it Thrawn’s Way- Spiels and the Symbiosis of Red Teaming & Threat Intelligence Analysis
- Digital Vengeance: Exploiting Notorious C&C Toolkits
- Advanced Social Engineering and OSINT for Penetration Testing
Another example of open sharing as opposed to the hoard and privilege approach of the defensive cybersecurity community. White hats are fortunate to only be a decade behind. Consider it the paranoia penalty. Fear of sharing knowledge harms you more than anyone else.
Speaking of sharing, the archives for INFILTRATE 2011 through INFILTRATE 2017 are online.
May not be true for any particular exploit, but given the lagging nature of cyberdefense, not to mention shoddy patch application, any technique less than ten years old is likely still viable. Remember SQL injection turned 17 this year and remains the #1 threat to websites.
Vote on your favorite papers for INFILTRATE 2018 – OPEN CFP
and let’s see some great tweet coverage for the conference!
INFILTRATE Security Conference, April 26 & 27 2018, @Fountainbleau Hotel
INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
Registration: infiltrate@immunityincdotcom
Twitter: @InfiltrateCon.
Enjoy!