[Dailydave] What Makes a Master Class?

Dave Aitel dave at immunityinc.com
Mon Jan 11 12:39:08 EST 2016 

So every year we update the INFILTRATE Master's Class and it's not just
about "exploitation". A master class should be about an exchange of
technique - a showing of how the future of exploitation is going to roll
out. This year, the Master Class is a combination of applied
cryptographic and mathematics techniques to exploitation.

For example, we all INTUITIVELY know server isolation is broken in
theory. But working with that in practice requires time and a particular
tested setup and it's best if someone with experience walks you through
the process. Below you can see a screenshot of one section of the Master
Class: Attacking Montgomery reduction done as part of a cryptographic
primitive to gather key data from an unprivileged process.

In the long term, it's about demonstrating the path to get from "I'm on
a box, and somewhere, possibly through a hypervisor or sandbox, is a
process doing cryptography that I want to tap."

TIMING ATTACK IMAGE


And of course, that's just the start of the class. The whole thing is
detailed below, or at this link if you want to sign up!
http://infiltratecon.org/training.html


        MASTER CLASS

Course Length: 4 Days

  * DAY 1
  * Academia vs Real World
  * How to Audit Cryptosystems
  * Introduction to Logic & Algebra
  * Symmetric Cryptography and related primitives
  * Statistical Cryptanalysis (differential, linear, etc)
  * Algebraic Cryptanalysis (SAT, F4)

  * DAY 2
  * Introduction to Algebraic Number Theory
  * Introduction to Elliptic Curves
  * Asymmetric Cryptography (RSA, ECDH, etc.)
  * Birthday Paradox based algorithms
  * Index Calculus
  * Side Channel Attacks(timing, cache)
  * Whitebox Cryptography

  * DAY 3
  * User Land vs Kernel Land
  * Introduction to the Kernel Land
  * Kernel Debugging Environment
  * Kernel Internals
  * Memory Models and the Address Space
  * Kernel Shellcodes
  * Taxonomy of Kernel Vulnerabilities
  * Arbitrary Kernel Read/Write

  * DAY 4
  * Kernel Heap Allocators (SLAB/SLUB)
  * Kernel Pool Overflows and Use-After-Free
  * Race Conditions
  * Logical and HW-related Bugs
  * Kernel and Hardware Protections
  * Bypassing Protections
  * The Future of Kernel Vulnerabilities
  *

Thanks!

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160111/abfb345d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rod_timing_attack.png
Type: image/png
Size: 29749 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160111/abfb345d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160111/abfb345d/attachment-0001.sig>

More information about the Dailydave mailing list