Thursday, January 22, 2015

INFILTRATE 2015 Training Redux: Let us info(s)t(r)ain you!

So as is tradition, we've completely overhauled our training curriculum for Infiltrate 2015. Here's a rundown of what the new options are, what they entail, and how they might suit you and your team.

Keep in mind, as always, we only run these courses once a year, and only during INFILTRATE.


4 days, Apr 20-23, $4,500 USD

Our flagship class is revamped for 2015 with the return of the Linux Kernel exploitation component. This section is taught by one of the authors of "Attacking the core", which set the industry standard for Kernel exploitation books. The class was rewritten to include new exploitation and bypass paradigms and will boost your Linux Kernel exploit skills into the modern era where SMEP is a thing, and NULL dereferences are (sort of, sometimes) VOID.

To prevent burnout and keep peak brain momentum we have made the masterclass 4 days long, as opposed to 5 days. This means you get an extra Friday to roam the beach and meditate on your newly acquired skills and whether to use them for good or evil (or some morally ambiguous combination of both).

For the first 2 days of masterclass you'll be running through the 2015 edition of the Immunity SMT class, which will be even more hands on and exercise oriented this year, to ensure you go home with practical and applicable SMT solving skills.

As with previous editions, the Immunity masterclass is intended for people that are already very comfortable with exploit development and general computer science theory. If you want to push further into the cutting edge of offensive theory and methodology, the Masterclass is for you.

Wide open to Interpretation 

4 days, Apr 20-23, $4,500 USD

New in the 2015 Infiltrate Training line up is the Wide open to Interpretation class. In this class we take two widely used interpreted serverside web application languages, and run through advanced exploitation and vulnerability analysis scenarios for both.

The idea behind the Wide Open class is to get the student thinking in terms of primitives and concepts that may translate into any interpreted language with exposed remote surface. For the first 2 days of the class we take a deep dive tour of PHP based exploitation, and for the second half of class we get into the nooks and crannies of Java based serverside exploitation.

We consider this class to be a great follow up to our Websploitation (AKA Webhacking) class. If you've taken our Webhacking class previously, you may want to consider signing up for the Wide Open class this year.

Click here for ring 0 

4 days, Apr 12-15, $4,500 USD

Another new addition to our training lineup for 2015 is the "click here for ring 0" course. This class is all about hands on exploitation and we consider it the follow up to our infamous (and now retired) "unethical hacking" class. 

In this class you will go through the process of writing a clientside exploit as well as a local privilege escalation attack against a modern Windows system. Thus providing you with the workflow and methodology used by many modern APT-style teams to gain access to your infrastructure.

If you are a penetration tester with a knack for exploit development interested in goal based hacking, then this is the class for you. It gets right to the point, and you'll walk out of it with practical exploit development skills you can start using immediately to build and improve your arsenal of clientside and privilege escalation attacks.

Wait, no Unethical Hacking this year? Serio?

Yep, serio. Even though we know people love the unethical class, and it always sells out, we wanted to rejuvenate our curriculum with a more refreshed and updated look at the modern vulnerability and exploitation landscape. Having said that, if you reeeeeaaaaallllly want to take the unethical class, we might consider flying out to your location to come teach it, provided you have a large enough group of students (20 minimum). If you're interested in setting something like that up, just contact us at admin (at) or give us a call at +1-786-220-0600 (ask for Dave, Dave loves phonecalls).


3 days, Apr 13-15, $3,300 USD

Our always popular webhacking class is back leaner and stronger than ever in the 2015 Websploitation curriculum. We've trimmed the fat to ensure you get the absolute most bang for buck in this 3 day hands on web application hacking class.

This class teaches you how to tackle many common web application attacks in a CTF style token grabbing format that builds a fun, friendly, yet competitive environment for the student.

The Websploitation class  is fantastic for both the modern penetration tester as well as the memory corruption dinosaur looking to refresh and update their Web 2.0 hacking ability.

If you've never taken one of our courses, and you want to get down to the hacking part of the puzzle without having to stare at a debugger for days, we highly recommend the Websploitation class as your introduction to the INFILTRATE training lineup.

Sold! I want to sign up! Now what?

Awesome. If you have any questions about group discounts, incentives and pricing feel free to contact us at admin (at), or give us a call at +1-786-220-0600.

For a more detailed overview of what is and isn't covered in each course, please visit us at:

Monday, January 12, 2015

Infiltrate 2015 - Free Ticket Challenge #1 (Solved)

Infiltrate 2015 is right around the corner! Only three short months until we can all enjoy two days of highly technical offense focused conference goodness in sunny South Beach.

As we get closer to the conference we decided to give away some free tickets to Infiltrate by way of puzzle challenges. And what better first challenge for a Miami Beach based con than a Cuban Number Station?

So we put out the following audio file for people to analyze and decode. Gaston, our winner, was the first to submit a correct solution, and an elegant one at that.

The audio consists of a female voice reading a list of numbers. The numbers represent nibbles of a PNG file. You could solve this by hand with Google translate, but this process is very error prone. If you miss one number you are basically up that one creek without a paddle.

Gaston produced this clever script to extract the bytes from the audio:

If everything adds up correctly you end up with the following image (md5: d4549b09612ade7e8459ddd7c16f95f7):

The final part of the first Infiltrate 2015 Ticket Challenge, was to extract the secret message embedded in this image. We used a very simple LSB steganographic algorithm hiding bits in RGB bytes. This graph from DFI News ( explains the algo in a nutshell:

Our winner then extracted the bits with the following script:

After extracting the bits you quickly discover that the secret message is:


I wonder who could have left that? All indicators currently point at Immunity's Lord of Attribution and Prime Minister of remote sensing, our very own CEO, Dave Aitel.

So that's it for the first Infiltrate 2015 Ticket Challenge, we plan on doing a few more, so stay tuned to your local number stations and congrats to Gaston for his free Infiltrate ticket!