TRAININGS
Xipiter only delivers courses based on ORIGINAL CONTENT created from Xipiter's own research in-house and services.
Xipiter’s industry unique courses have been successfully delivered at the world's leading Information Security Conferences.
They have also sold out 7 years in a row at Black Hat USA.
These courses have also been taught globally to a range of clients:
from small development shops to large multinational companies and governmental organizations.
(click each training title to get specific information about each offering)
Xipiter’s industry unique courses have been successfully delivered at the world's leading Information Security Conferences.
They have also sold out 7 years in a row at Black Hat USA.
These courses have also been taught globally to a range of clients:
from small development shops to large multinational companies and governmental organizations.
(click each training title to get specific information about each offering)
don't take our word for it, See our training testimonials page
1. Software Exploitation Via Hardware Exploitation This course teaches students how to reverse engineer and exploit software on embedded systems via hardware. It teaches all this against real-world Commercial Off The Shelf (COTS) products such as routers, game systems, and other appliances. Previous Classes:
Next Classes:
|
Visit SexViaHex.com for more photos of previous public trainings
![]()
|
Bundle Deal! Get a seat in both the "SexViahex" and "Android Exploitation"classes for a discounted rate. 8 full days of training!
Contact us for private onsite version of this course. (10 students or more)
2. Practical ARM Exploitation
This course introduces students "real world" exploitation scenarios on ARM under the real-world circumstances in which the exploit developer will encounter (and have to circumvent) modern exploitation protection mechanisms. View a more detailed explanation of the course goals, content, and syllabus on the "Practical ARM Exploitation" page. Previous Classes:
Next Classes:
|
|
Contact us for private onsite version of this course. (10 students or more)
3. Practical Android Exploitation (new!)
Xipiter co-authored the Android Hacker's Handbook , a leading text on Android security, reverse engineering, and development. The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others. Previous Classes:
Next Classes:
|
Bundle Deal! Get a seat in both the "Android Exploitation" and "SexViahex" classes for a discounted rate. 8 full days of training!
Contact us for private onsite version of this course. (10 students or more)
4. HackAWebcam Workshop (new!)
In 2016 the Senrio Research team (formerly Xipiter) published a vulnerability in a specific firmware component of a webcam. This vulnerability allowed a remote attacker to seize control of the camera remotely over the network. Through the responsible disclosure process, the Senrio team learned that the vulnerable firmware component was used by the manufacturer across MULTIPLE products: from NAS devices to DVRs. At the time, 120 products was the estimate of the total number of devices impacted by the vulnerability! In this HackAWebcam two-day workshop, we carve off the relevant bits of our longer "Software Exploitation Via Hardware Exploitation" course and show you how we found this (and other) vulnerabilities in IoT/embedded devices. In this course you'll learn:
|
For more background on this course (including some introductory videos) visit HackAWebcam.com
This course has an intense focus on "results-oriented" vulnerability research.
This course culminates in participants developing an exploit and performing live remote exploitation of the webcam via the network! |
Previous Classes:
Next Classes:
- 30 September - 1 October 2017 / San Francisco, CA
- 10-11 November 2017 / Manhattan, NY
- 15-16 December 2017 / Hamburg, Germany
Next Classes:
- To Be Announced (Sign up for our newsletter!)
Contact us for private onsite version of this course. (10 students or more)
5. Automation Exploitation
Above are some of the devices used and discussed in this course.
|
Automation-Exploitation.com is the third custom developed training by our research team. Unveiled on the "RiskyBiz" podcast, this course will officially debut in 2019 but had a sneak workshop here in 2016.
"Automation Exploitation" is meant to provide an introduction to the unique security challenges in the world of Automation. Participants will learn how attackers reverse engineer, tamper with, and exploit all parts of an industrial control network from PLCs (Programmable Logic Controllers) to workstations. And because Automotive technologies have their roots in Industrial Control and Building Automation (e.g. CAN bus), this course will also include "Car Hacking" content. Participants will learn about threats to those systems, perform hand-on attacks themselves, and learn how insecure design patterns are found throughout the world of Automation (and automotive!). More details on future offerings of this course will be available in 2018 with the official launch of www.automation-exploitation.com |
Next Classes:
This intense hands-on week-long training called "Automation Exploitation" had a sneak debut at the 2016 ICS Cyber Security Conference as a 1-day Workshop to accompany our "Researcher's Keynote" at the same conference. ICS Cyber Security Conference is the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military.
Read more about why we developed "Automation Exploitation" here.
This intense hands-on week-long training called "Automation Exploitation" had a sneak debut at the 2016 ICS Cyber Security Conference as a 1-day Workshop to accompany our "Researcher's Keynote" at the same conference. ICS Cyber Security Conference is the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military.
Read more about why we developed "Automation Exploitation" here.
WHERE OUR TRAININGs HAve BEEN TAUGHT (PUBLICLY & PRIVATELY)...
CONTACT US FOR PRIVATE VERSIONS OF ANY OF OUR COURSES!
Subscribe here to get Training Updates from Xipiter!
|