News & Events

Security Innovation Experts Bring Exploit Expertise to Black Hat 2021 and DEF CON 29 for Fifth Year in a Row


WILMINGTON, MA – August 4, 2021 – Security Innovation, an authority in software security assessments and training, is delivering advanced training workshops and hands-on hacking at the Black Hat USA and DEF CON 29 conferences. Among the premier cybersecurity events in the world, these annual conferences convene the most innovative and creative researchers to explore new exploits, discuss trends and findings, and collaborate on pressing cybersecurity issues.

Offensive Mobile Reversing & Exploitation

The company’s Mobile Center-of-Excellence lead, Dinesh Shetty, returned to Black Hat USA 2021 and Black Hat Asia 2021 with an updated version of this popular course that includes expanded coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security.

House of Heap Workshop

The sold-out House of Heap Work workshop at DEF CON 29 is the result of over a year’s worth of research. This hands-on introduction to GLibC Malloc heap exploitation will help attendees learn how the allocator functions, understand heap specific vulnerability classes and gain root access with a variety of techniques.

“Heap exploitation is a subject that has evaded many people for years for one primary reason – they focus on the techniques instead of the allocator, said Maxwell Dulin, the Security Consultant at Security Innovation. “By learning with an allocator-first style, the techniques are easily understood and practical to use. I look forward to presenting this novel approach.”

Three Security Innovation engineers with deep expertise in Heap exploitation will join Maxwell to ensure students get the most tailored training possible:

  • James Dolan, Security Engineer
  • Nathan Kirkland, Security Researcher & Engineer
  • Zachary Minneker, Security Researcher & Engineer

DevOps CTF

Security Innovation is running one of the DEF CON CTF events again this year. InfiniCrate is the company’s latest cyber range, an ultra-realistic cloud storage repository built on AWS and inspired by vulnerabilities that the company’s Security Engineers have discovered in commercial engagements. Attendees will be tasked with exploiting CI/CD pipelines, hijacking AWS Lambda functions, and escalating privileges through AWS access controls.

Get Involved

Later this year, the company will make abridged versions of this training available to the public as webcasts and open-enrollment hacking events. To be notified, please visit our Web site.

ABOUT SECURITY INNOVATION
Security Innovation is a pioneer in software security and literally wrote the book on How to Break Software Security. Since 2002, organizations have relied on the company’s assessment and training solutions to secure software wherever it runs. Recognized 6x on the Gartner Magic Quadrant for computer-based security training, CMD+CTRL Training combines role-based courses with hands-on cyber ranges to build skills that stick. With over 3.5 million users, CMD+CTRL helps all software security stakeholders address the risk of today’s tech stacks – flawed design, defenseless code, expanded attack surface, and misconfigured deployments. For more information, visit securityinnovation.com or connect with us on LinkedIn or Twitter.

Media Contact:
Bre Quinn
Marketing Communications Director,
Security innovation
+1.978.578.1237
bquinn@securityinnovation.com