Infiltrate 2013: “Miami…Joeboy…Quick study”

Posted on May 25, 2013 by

0



Case turned on the tensor beside the Hosaka. The crisp circle of light fell directly on the Flatline’s construct. He slotted some ice, connnected the construct, and jacked in. It was exactly the sensation of someone reading over his shoulder.

He coughed. “Dix? McCoy? That you man?” His throat was tight.

“Hey, bro,” said a directionless voice.

“It’s Case, man. Remember?”

“Miami, joeboy, quick study.”

–Excerpt from Neuromancer 

Lawler had been telling me for years that Infiltrate was one of the best conferences in our industry. I believed him of course, and hanging out in Miami for a few weeks (where Immunity is based) couldn’t hurt…I

shirt

shirt

haven’t taken any “infosec” trainings in my career as an infosec professional (only tangentially related stuff: SAT Solvers, writing firmware, NT driver development, etc) and I’d always wanted to take the Master Class…but  I’d never had a chance to take it, let alone go to Infiltrate until this year. In a twist of events we were also accepted to speak at the conference, which was quite an honor considering the quality of folks scheduled to speak (and attend). Another huge draw for us was getting to hear from Stephen Watt first hand about his experiences surrounding the so-called “biggest credit card and identity theft case in human history“.

All other opinions aside, I thought Stephen Watt’s keynote was great: eloquent, strong, full of rectitude, biting wit and triumphant cynicism. Regardless of your opinion of the case or Stephen Watt himself, after hearing about his experiences first-hand you gain a great deal of respect for his strength and his ability to keep his keen sense of humor throughout the whole ordeal. It’s pretty cool that the Immunity folks scheduled him to speak. Definitely a highlight of the entire conference for us.

There were MANY other great talks as well (virtually all of them actually). The ones the stick out the most for me were Zhenhua Liu’s clever abuse of windows objects in his Win8 talk, how Nemo used dtrace in a bunch of different ways to turn OSX into his marionette, and “Jurassic Jar” (which was informative for those of us that know nothing about Java bugs other than seeing Meder’s talk “How to Milk A Horse”).

We also started publicly talking about some of the new work we’ve been doing this last year

Steve, Dave, Jasper

Steve, Dave, Jasper

developing our own hardware platform (with all the supportive stuff: firmware and software interface). The hardware platform is called “Osprey”. It is a low-power/low-cost wireless device that can be mesh-networked with other Osprey devices. The hardware platform is to be a fully fledged consumer/industry electronics device but the firmware can be repurposed to support a number of “researcher friendly” uses: USB device/host fuzzing, attack platform for low-power RF technologies, etc. We will share a bit more at NoSuchCon 2013 and even more later in the year, but it was neat to see what folks thought about it at Infiltrate.

All in all, it was a great conference. Immunity folks know how to throw a party (open bar, plenty of food, etc.)…As a speaker, getting picked up from the airport with a dedicated driver was a  nice touch. And having known nothing about the Fontaine Bleu, it was pretty cool to learn it’s pop-culture and historical significance.

Thanks again to Dave Aitel, Nico Waisman and the rest of the Immunity folks for having us.

We didn’t take many photos at Infiltrate, but there is a full un-annotated photo gallery over at SmugMug and there are some select photos below.