WILMINGTON, Mass., Aug. 04, 2021 (GLOBE NEWSWIRE) -- Security Innovation, an authority in software security assessments and training, is delivering advanced training workshops and hands-on hacking at the Black Hat USA and DEF CON 29 conferences. Among the premier cybersecurity events in the world, these annual conferences convene the most innovative and creative researchers to explore new exploits, discuss trends and findings, and collaborate on pressing cyber security issues.



Offensive Mobile Reversing & Exploitation

The company’s Mobile Center-of-Excellence lead, Dinesh Shetty, returned to Black Hat USA 2021 and Black Hat Asia 2021 with an updated version of this popular course that includes expanded coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security.

House of Heap Workshop

The sold out House of Heap Work workshop at DEF CON 29 is the results of over a year’s worth of research. This hands-on introduction to GLibC Malloc heap exploitation will help attendees learn how the allocator functions, understand heap specific vulnerability classes, and gain root access with a variety of techniques.

“Heap exploitation is a subject that has evaded many people for years for one primary reason - they focus on the techniques instead of the allocator, said Maxwell Dulin, Security Consultant at Security Innovation. “By learning with an allocator-first style, the techniques are easily understood and practical to use. I look forward to presenting this novel approach.”

Three Security Innovation engineers with deep expertise in Heap exploitation will join Maxwell to ensure students get the most tailored training possible:

James Dolan, Security Engineer

Nathan Kirkland, Security Researcher & Engineer

Zachary Minneker, Security Researcher & Engineer



DevOps CTF

Security Innovation is running one of the DEF CON CTF events again this year. InfiniCrate is the company’s latest cyber range, an ultra-realistic cloud storage repository built on AWS and inspired by vulnerabilities that the company’s Security Engineers have discovered in commercial engagements. Attendees will be tasked with exploiting CI/CD pipelines, hijacking AWS Lambda functions, and escalating privileges through AWS access controls.

Get Involved

The company will make abridged versions of this training available to the public as webcasts and open-enrollment hacking events later this year. To be notified, please visit our Web site.

