So every year we update the INFILTRATE Master's Class and it's not just about "exploitation". A master class should be about an exchange of technique - a showing of how the future of exploitation is going to roll out. This year, the Master Class is a combination of applied cryptographic and mathematics techniques to exploitation.
For example, we all INTUITIVELY know server isolation is broken in theory. But working with that in practice requires time and a particular tested setup and it's best if someone with experience walks you through the process. Below you can see a screenshot of one section of the Master Class: Attacking Montgomery reduction done as part of a cryptographic primitive to gather key data from an unprivileged process. In the long term, it's about demonstrating the path to get from "I'm on a box, and somewhere, possibly through a hypervisor or sandbox, is a process doing cryptography that I want to tap." TIMING ATTACK IMAGE And of course, that's just the start of the class. The whole thing is detailed below, or at this link if you want to sign up! http://infiltratecon.org/training.html MASTER CLASS Course Length: 4 Days * DAY 1 * Academia vs Real World * How to Audit Cryptosystems * Introduction to Logic & Algebra * Symmetric Cryptography and related primitives * Statistical Cryptanalysis (differential, linear, etc) * Algebraic Cryptanalysis (SAT, F4) * DAY 2 * Introduction to Algebraic Number Theory * Introduction to Elliptic Curves * Asymmetric Cryptography (RSA, ECDH, etc.) * Birthday Paradox based algorithms * Index Calculus * Side Channel Attacks(timing, cache) * Whitebox Cryptography * DAY 3 * User Land vs Kernel Land * Introduction to the Kernel Land * Kernel Debugging Environment * Kernel Internals * Memory Models and the Address Space * Kernel Shellcodes * Taxonomy of Kernel Vulnerabilities * Arbitrary Kernel Read/Write * DAY 4 * Kernel Heap Allocators (SLAB/SLUB) * Kernel Pool Overflows and Use-After-Free * Race Conditions * Logical and HW-related Bugs * Kernel and Hardware Protections * Bypassing Protections * The Future of Kernel Vulnerabilities * Thanks! -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
