Xipiter
  • Home
  • Training
    • Practical ARM Exploitation
    • Software Exploitation Via Hardware Exploitation
    • Practical Android Exploitation
    • Training Testimonials
    • 2018 Public Training Info
    • 2017 Public Training Info
    • 2016 EU Public Training Info
    • 2015 EU Public Training Info
  • Research
  • Products
    • Int3.cc
    • SyncStop / USB Condom
    • Tally / Osprey
  • Blog
  • Contact
  • About
TRAININGS
 Xipiter only delivers courses based on ORIGINAL CONTENT created from Xipiter's own research in-house and services.
Xipiter’s industry unique courses have been successfully delivered at the world's leading Information Security Conferences. 
They have also sold out 7 years in a row at Black Hat USA.  
These courses have also been taught globally to a range of clients:
from small development shops to large multinational companies and governmental organizations. 

(click each training title to get specific information about each offering)

don't  take  our  word  for  it,  See  our  training  testimonials  page



1. Software Exploitation Via Hardware Exploitation

This course teaches students how to reverse engineer and exploit software on embedded systems via hardware. It teaches all this against real-world Commercial Off The Shelf (COTS) products such as routers, game systems, and other appliances. 

Previous Classes: 
  • Black Hat Las Vegas 2014 (SOLD OUT)
  • 8-11 June 2015 / Portland, OR
  • Black Hat Las Vegas 2015 (SOLD OUT)​
  • 14-17 September 2015 / Den Haag, Netherlands (SOLD OUT)
  • ​11-14 April 2016 / Manhattan, NY (SOLD OUT)
  • Black Hat Las Vegas 2016 (SOLD OUT)
  • 27-30 September 2016 / Zurich, Switzerland
  • Black Hat Las Vegas 2017 (SOLD OUT)
  • 6-9 November 2017 / Manhattan, NY
  • 11-14 December 2017 / Hamburg, Germany
  • Black Hat Las Vegas 2018 (SOLD OUT)
  • 6-9 November 2018 / Manhattan, NY (SOLD OUT)
Next Classes:
  • To Be Announced (Sign up for our newsletter!)​
​​Visit SexViaHex.com for more photos of previous public trainings
Download an older Brochure for this course
File Size: 530 kb
File Type: pdf
Download File

Bundle Deal! Get a seat in both the "SexViahex" and "Android Exploitation"​classes for a discounted rate. 8 full days of training!
Get a Seat In Multiple classes For a discounted rate!
Contact us for private onsite version of this course. (10 students or more)

2. Practical ARM Exploitation

This course introduces students  "real world" exploitation scenarios  on ARM under the real-world circumstances in which the exploit developer will encounter (and have to circumvent)  modern exploitation protection mechanisms. View a more detailed explanation of the course goals, content, and syllabus on the "Practical ARM Exploitation" page.
Previous Classes: 
  • CanSecWest 2012 (SOLD OUT)
  • BlackHat Las Vegas 2012 (SOLD OUT)
  • Black Hat Las Vegas 2013 (SOLD OUT​)
  • 8-11 June 2015 / Portland, OR
  • Black Hat Las Vegas 2015 (SOLD OUT)
  • 21-24 September 2015 / Den Haag, Netherlands
  • ​18-21 April 2016 / Manhattan, NY 2016 (SOLD OUT)
  • Black Hat Las Vegas 2016 (SOLD OUT)
  • 3-6 October 2016 / Zurich, Switzerland
  • 13-16 November 2017 /  Manhattan, NY
  • 18-21 December 2017 / Hamburg, Germany
Next Classes:
  • To Be Announced (Sign up for our newsletter!)
Contact us for private onsite version of this course. (10 students or more)

3. Practical Android Exploitation (new!)

Xipiter co-authored the Android Hacker's Handbook , a leading text on Android security, reverse engineering, and development. The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others. 

Previous Classes:
  • Black Hat Las Vegas 2017 (SOLD OUT)​
  • 13-16 November 2017 /  Manhattan, NY
  • 18-21 December 2017 / Hamburg, Germany
  • Black Hat Las Vegas 2018 (SOLD OUT)
  • 13-16 November 2018 / Manhattan, NY

Next Classes:​​​
  • To Be Announced (Sign up for our newsletter!)
Xipiter custom print of the Android Hacker's Handbook
Xipiter custom printing of the Android Hacker's Handbook
Bundle Deal! Get a seat in both the "Android Exploitation" and "SexViahex" classes for a discounted rate. 8 full days of training!
join us in NYC and get two classes for one price
Contact us for private onsite version of this course. (10 students or more)

4. HackAWebcam Workshop (new!)

In 2016 the Senrio Research team (formerly Xipiter) published a vulnerability in a specific firmware component of a webcam. This vulnerability allowed a remote attacker to seize control of the camera remotely over the network. Through the responsible disclosure process, the Senrio team learned that the vulnerable firmware component was used by the manufacturer across MULTIPLE products: from NAS devices to DVRs. At the time, 120 products was the estimate of the total number of devices impacted by the vulnerability!
​
​In this HackAWebcam two-day workshop, we carve off the relevant bits of our longer "Software Exploitation Via Hardware Exploitation" course and show you how we found this (and other) vulnerabilities in IoT/embedded devices. In this course you'll learn:
  • Interfacing with low level hardware
  • Interactively communicating with hardware (via various interfaces: UART, JTAG, SPI, I2C, etc.)
  • Firmware extraction (in-circuit or "non-destructive" access to chips, destructive extraction of chips, JTAG, et al)
  • Firmware analysis (disassembly, decompression, binary analysis, et al)
  • Finding vulnerabilities with reverse engineering  (IDA, Capstone Engine, et al)
  • Exploitation of firmware vulnerabilities 
Picture
For more background on this course (including some introductory videos) visit HackAWebcam.com
This course has an intense focus on "results-oriented" vulnerability research.

This course culminates in participants developing an exploit and performing live remote exploitation of the webcam via the network!
Previous Classes:
  • 30 September - 1 October 2017 / San Francisco, CA
  • 10-11 November 2017 / Manhattan, NY
  • 15-16 December 2017 / Hamburg, Germany
​​
Next Classes:
  • To Be Announced (Sign up for our newsletter!)
Contact us for private onsite version of this course. (10 students or more)

5. Automation Exploitation 
Above are some of the devices used and discussed in this course.
​Automation-Exploitation.com is the third custom developed training by our research team. Unveiled on the "RiskyBiz" podcast, this course will officially debut in 2019 but had a sneak workshop here in 2016.

​​"Automation Exploitation" is meant to provide an introduction to the unique security challenges in the world of Automation. Participants will learn how attackers reverse engineer, tamper with, and exploit all parts of an industrial control network from PLCs (Programmable Logic Controllers) to workstations. And because Automotive technologies have their roots in Industrial Control and Building Automation (e.g. CAN bus),  this course will also include "Car Hacking" content. Participants will learn about threats to those systems, perform hand-on attacks themselves, and learn how insecure design patterns are found throughout the world of Automation (and automotive!). 

More details on future offerings of this course will be available in 2018 with the official launch of www.automation-exploitation.com
Next Classes:
This intense hands-on week-long training called "Automation Exploitation" had a sneak debut at the 2016 ICS Cyber Security Conference as a 1-day Workshop to accompany our "Researcher's Keynote" at the same conference. ICS Cyber Security Conference is the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. 

Read more about why we developed "Automation Exploitation" here.

WHERE  OUR  TRAININGs  HAve  BEEN  TAUGHT (PUBLICLY  &  PRIVATELY)... 

CONTACT US  FOR  PRIVATE VERSIONS OF ANY OF OUR COURSES!

Subscribe here to get Training Updates from Xipiter!
For up-to-date news on Xipiter register for our newsletters or download them. 
toll-free: 1.855.XIP.ITER main: 1.646.783.3999 fax: 1.917.746.9832 email: info (@) xipiter (dot.) com 
© Xipiter 2010-2020