• United States




Learning offensive hacking at Infiltrate

Apr 04, 20163 mins
Data and Information SecuritySecurity

Offensive hackers from around the world will meet for two days in Miami to share their expertise and technical know-how

beach bag with hat and flip flops
Credit: Thinkstock

As I look out my window on this snowy Sunday, April 3, 2016 in Massachusetts, I can think of nothing more exciting than my pending trip to Miami to cover this year’s Infiltrate security conference April 7-8 at the Fontainbleau Hotel.

The greatest challenge for me was narrowing down the speakers that I could cover, and this week I deliver you some fresh and important skills that you can use in offensive hacking. 

Following the opening remarks of Dave Aitel, this year’s keynote speaker, Nate Fick, CEO at Endgame, will address the crowd before Omer Coskun talks about “Why nation state malwares target Telco Networks.” Given the recent debates of encryption, this presentation is timely and critical for so many security professionals.

Coskun will discuss recent research in malware. The “analysis of state-sponsored malwares like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar.”

Recently added to the presenter lineup was Principal Cyber Adviser at Office of the Secretary of Defense Lisa Wiswell who will talk about “Hack the Pentagon,” and the announcement from the Secretary of Defense that they will launch a pilot program of the first bug bounty program in the federal government. For researchers in the offensive security field, the growing popularity of bug bounty programs provides opportunities for you to demonstrate your own expertise. Perhaps you might even be a presenter at next year’s Infiltrate conference.

In addition to the two days packed with talks from experts in the field, students are also able to attend training courses ranging from two- to four-day courses that cover topics from Java to “Web Hacking Language Review.”

The four-day course, “Wide Open to Interpretation,” will cover auditing and exploiting vulnerabilities in both PHP and Java with an intensive two days on each. To determine which classes are right for your level of expertise, prerequisite evaluation tests are available. If you are interested in any of the trainings offered yet are unsure of which ones would be best suited for you, you can email for more information.

The conference isn’t all about learning, though. Hackers who want to challenge their physical skills can compete in the Brazilian Jiu Jitsu challenge on April 6. For sure, I will not be participating in the physical game of chess described as “A near infinite exchange of moves and counter-moves interwoven with a deep endgame-focused strategy focused on submitting your opponent.”

I will, however, report on any impressive demonstrations of strength and wit from those who are brave enough to partake in this challenge.

If you will be attending the conference, seek me out and let me know what you find most valuable as a security newb so that I can cover the topics of greatest value to those new to offensive hacking. 

For those unable to attend, fear not my dear readers. I will not let you down. Check out the conference schedule, then send me a comment, message, or tweet to let me know what you would attend if you could. I will get there and report back to you through the week. 

Enjoy the extended winter for those who also are looking at snow right now. Tuesday I’m off to the sunny warmth of Miami!


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author