PHDays video

POSITIVE HACK DAYS

Personal


ORGANIZER

Program

Building Honeypots to Monitor DDoS

Tech

Author: Terrence Gareau

This talk will outline how to use DDoS vulnerable services to develop a honeypot network that will extract valuable information from the Internet and produce a data feed that can be used to protect online assets with Kibana, Elasticsearch, Logstash, and AMQP. The speaker will open-source a monitoring system (a project his team has been developing for the last two years) for reflective DDoS statistics that are external to any specific network.

  • Language
  • English

Terrence Gareau is Chief Scientist at Nexusguard. Prior to joining Nexusguard, he was Principal Research Scientist at A10 Networks and Principal Security Architect and the founding member of the PLXsert for Prolexic Technologies. A recognized expert in DDoS attack mitigation, prevention, and recovery, he has shared his knowledge at such international conferences as DEF CON, Microsoft Digital Crimes Consortium, RSA Conference.

Terrence Gareau Terrence Gareau

MiTM Mobile

Hands-on Labs

Authors: Artur Garipov and Pavel Novikov

Many services are based on mobile technology security — from GSM/GPRS modems employed in ICS to two-factor authorization set up by a regular cell phone user to work with e-mail or bank cards.

The speakers will conduct a workshop on mobile traffic interception (USSD, SMS, GPRS) and subscriber cloning. Everyone is welcome to give it a try. The organizers will provide all necessary equipment except for laptops.

  • Language
  • Russian
Artur Garipov and Pavel Novikov Artur Garipov and Pavel Novikov

The Revenant

Business

Author: Andrey Masalovich

The whole range of means of information influence is used in both corporate communications marketing and astroturfing. The speaker will talk on how information attacks are developed, how to detect them at an early stage, and how to resist them. He will analyze the perception of information and the diffusion of information in social networks by using bots and trolls. The report also includes a quick social test of common participants of mass discussions.

  • Language
  • Russian

Andrey Masalovich is a member of the board of directors and the head of competitive intelligence group at DialogueScience. Runs several successful projects aimed at providing analytics for banks, business groups, large retail groups, and governmental organizations. The creator of the search engine Avalanche. He served as a lieutenant colonel of the Russian Federal Agency of Government Communications and Information. He has a PhD in physics and mathematics. A distinguished scientist, he was awarded a scholarship by the Russian Academy of Sciences in 1993. He has published works on data search and analysis. He conducted workshops in a number of universities in Russia and the US (Harvard, Stanford, Georgia Tech, Texas A&M). An expert for such organizations as RFBR, INTAS, ITC, APEC.

Andrey Masalovich Andrey Masalovich

Targeted Attacks: Be the First to Aim

Business

Author: Vladimir Ivanov and Sergey Gordeychik

An IT expert and a cybersecurity researcher will share their views on the problem of today's targeted attacks sponsored by governments and criminal groups. The speakers will discuss the effectiveness of existing approaches for the protection, methods of bypassing a sandbox, and whether IDS and AV are obsolete.

  • Language
  • Russian

Vladimir Ivanov
Graduated from the Faculty of Computational Mathematics and Cybernetics, Lomonosov Moscow State University. He has more than 10 years of experience in networks design and development of network protection systems in the world’s largest companies inside and outside Russia. 5 years of project and team lead experience. Vladimir is in charge of the efficiency, security, and performance of the network and services at Lamoda.

Sergey Gordeychik
Sergey is responsible for leading technological development at Kaspersky Lab. His professional interests include security assessment, incident response services, and research on vulnerabilities of banking, telecommunications, and industrial systems. Former CTO at Positive Technologies, Systems Architect and Trainer at the Informzaschita group of companies. Sergey has developed a number of training courses on wireless networks security and security assessment of web applications, etc.

Vladimir Ivanov and Sergey Gordeychik Vladimir Ivanov and Sergey Gordeychik

Waf.js: How to Protect Web Applications Using JavaScript

Tech

Authors: Denis Kolegov and Arseny Reutov

The speakers will demonstrate how client-side JavaScript injection may be used to detect and prevent various attacks, search for vulnerable client components, detect leakage of data about web app infrastructure, and find web bots and malicious tools. In addition, they will share their own injection detection methods that employ syntax analyzers without signatures or filtering regular expressions, and discuss implementation of client-side JS honeypot to capture SSRF, IDOR, command injection, and CSRF attacks.

  • Language
  • Russian

Denis Kolegov is a web application security researcher at Positive Technologies, PhD, associate professor of Information Security and Cryptography Department at Tomsk State University. He has spoken at numerous security conferences, including ZeroNights, Positive Hack Days, SibeCrypt, and Codefest. With a collaborative research regarding HTTP covert timing channels, he is listed in the Top 10 Web Hacking Techniques of 2014. Prior to joining Positive Technologies, Denis was a senior security engineer at F5 Networks.

Arseny Reutov is a web application security researcher at Positive Technologies. He has participated in various CTF contests and bug bounty programs and is acknowledged by Zend, Nokia, Yandex, Barracuda and others. He participates in such infosec conferences as ZeroNights and CONFidence as a speaker and Positive Hack Days as an organizer. With a collaborative research regarding bruteforce of PHPSESSID, he is listed in the Top 10 Web Hacking Techniques of 2012. He has been maintaining the web security blog raz0r.name since 2008.

Denis Kolegov and Arseny Reutov Denis Kolegov and Arseny Reutov

If You Find One, There are Probably More! A Detection Method of “Reproduced” Vulnerability

Fast Track

Author: Asuka Nakajima

In a software development process, it is common to reuse source code from other software products to reduce development costs. However, if a vulnerability lurks in the original source code, it will be copied to the developing product. The speaker propose an uncommon method to detect “reproduced” vulnerabilities in binary files, without going through the source code or symbol files.

  • Language
  • English

Asuka Nakajima is a researcher at NTT Secure Platform Laboratories. She studied at the Faculty of Environment and Information Studies at Keio University. Her research interests include reverse engineering and vulnerability discovery. She is a member of the executive committee of SECCON, the largest CTF organizer in Japan. She is also a founder of CTF for GIRLS, the first security community for woman in Japan.

Asuka Nakajima Asuka Nakajima

A Basic Course in Hacking Web Apps

Hands-on Labs

Author: Mikhail Firstov

The speaker will talk about the real-life cyberattacks on web applications (targeting both the server and client side) and provide the participants with a practical workshop to test their knowledge. This hands-on-lab is designed for both novices and experienced professionals.

  • Language
  • Russian
Mikhail Firstov Mikhail Firstov

—No viruses? I wouldn't be so sure

Fast Track

Author: Olga Zinenko

Ural Security Systems Center (USSC) is performing an independent testing of mobile antiviruses for Android (including Dr.Web, Kaspersky, Norton, ESET). The fast track talk will present the current results of the research.

  • Language
  • Russian

Olga Zinenko is an analyst at Ural Security Systems Center (USSC). An author for the USSC blog that regularly posts surveys of amendments in the legislation. Holds a degree from Ural Federal University. Certified in CompTIA Security +.

Olga Zinenko Olga Zinenko

Reverse Engineering of Binary Structures Using Kaitai Struct

Tech

Author: Mikhail Yakshin

The report will cover current approaches to reverse engineering of binary files: where to start, what's expected at the end, and what tools are typically used. The speaker will demonstrate Kaitai Struct, a new declarative language used to describe various binary data structures, collecting the results into ready-made libraries in supported languages such as C++, Java, JavaScript, Python, and Ruby. Some practical examples of reverse engineering will contribute to better understanding of this issue.

  • Language
  • Russian

Chief Linux developer for Whitebox Labs, a Swiss-based company that develops open-source hardware and software for managed ecosystems (i.e. reef aquariums, terrariums, aquaponics, hydroponics, etc.), reverse engineering third-party proprietary component communication protocols.

Mikhail Yakshin Mikhail Yakshin

Aspects of Insiders' Activity Within a Company

Business

Author: Sergii Kavun

This work describes the author's own insider detection methodology. The new technique represents mathematical tools applied to various security systems.

  • Language
  • Russian

Dr. Sergii Kavun got his PhD in computer science from the Kharkiv Military University (Ukraine) in 2000. He was awarded with a habilitation degree (Dr.Sc.) in Economics in 2014. He is an accredited specialist of Management of Information Security by standard ISO 17799:2005 (ISO 27002:2005). He has published manuscripts on the topic of information and economic security in strictly peered scientific journals. He is the editor-in-chief of several international journals: Information Security and Computer Fraud, American Journal of Information Systems, Journal of Computer Networks. He was also elected a program board member of organizing committees of the international conferences: Securіtatea іnformationala, European Intelligence and Security Informatics Conference, Information Security — Today and Tomorrow, IEEE International Conference on Intelligence and Security Informatics.

Sergii Kavun Sergii Kavun

Scalable and Effective Fuzzing of Google Chrome

Tech

Author: Max Moroz

The talk includes an overview of ClusterFuzz, Chrome’s distributed fuzzing system that finds security bugs in real time and provides reproducible test cases for every crash, and describes advantages of usage of different sanitizers and LibFuzzer (a library for guided fuzzing). It also covers detailed statistics of the types of bugs found in Chrome and provides an insight into the trials and tribulations of distributed fuzzing, including how you can run your own fuzzers on Google’s infrastructure and earn Chrome bounties for bugs your fuzzer finds.

  • Language
  • Russian

Max Moroz is an information security engineer at Google Chrome Security Team and a graduate of the Information Security Department of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute). He is also the founder of the CTF team named BalalaikaCr3w and an active participant in CTF competitions and bug bounty programs.

Max Moroz Max Moroz

Real and Formal Security: Born to Be Together

Business

Author: Mikhail Emelyannikov

Technical security, i.e. vulnerability analysis, penetration tests, implementation of safety tools, is often considered as real, practical security as opposed to formal security. The speaker will show that these two types of security complement each other and it is impossible to solve actual security problems by using only one of them. Even when solving technical problems, it is easier to use the language of formal safety in communication with top managers. The speaker will present various case studies on the issue.

  • Language
  • Russian

Mikhail Emelyannikov, a cofounder of the consulting agency Emelyannikov, Popova and Partners, possesses over 30 years’ experience in the security field. He specializes in solving complex problems of risk management in the IT environment, concerning legal, organizational, and technical issues. He regularly consults the largest international companies on compliance with the Russian laws. For years, he has been the member of expert groups, councils, commissions at the Federation Council, the Ministry of Telecom and Mass Communications, Roskomnadzor, the National Council for Financial Markets. He is the author of numerous publications in the mass media and has elaborated the first Russian training course on the protection of trade secrets and personal data.

Mikhail Emelyannikov Mikhail Emelyannikov

Pseudo-Security of NFC Services

Fast Track

Author: Lev Denisov

The Moscow public transport system is one of the largest in the world. More than five million passengers use the Troika card to pay fare for metro and ground transport. Due to new services, it is now possible to recharge the card via a cell phone with NFC. The speaker will discuss vulnerabilities that allow anyone to get access to card private data, clone the card, and use public transport for free.

  • Language
  • Russian

Lev Denisov is an expert in contactless payment technologies and automated fare collection (AFC) systems for public transit with more than 10 years of experience. He’s been involved in deployment of 50% of AFC and electronic contactless ticketing projects in Russia. He took part in first roll-outs of NFC payments and contactless payments with bank cards (PayPass, payWave). He is an evaluator and member of the OSPT Alliance. His team pioneered in the implementation of open security standards for contactless payments in public transport, as well as host card emulation for NFC payments. Speaks at specialized conferences, exhibitions, and forums (InfoSecurity Russia, UITP World Congress, Russian Public Transport Week).

Lev Denisov Lev Denisov

A Device Fingerprint as a Cure for Fraud. It All Depends on Dosage

Tech

Author: Evgeny Kolotinsky

A device fingerprint or browser fingerprint is a typical way of collecting data about a user or device for the purpose of identification on the internet. The speaker will illustrate the accuracy and reliability of the method. You will learn why TOR browser does not always help against tracking and that your web browsing is even less anonymous than you think. Users are being tracked by every website they visit, but it is not always intended for profit.

  • Language
  • Russian

The lead of the fraud prevention research group at Kaspersky Lab. He has worked in the company for more than 7 years. Engaged in the study of threats not related to viruses. Presented his reports at international conferences on information security.

Evgeny Kolotinsky Evgeny Kolotinsky

Brute-Forced in Sixty Seconds

Fast Track

Author: Nikolay Anisenya

The vast majority of users prefer dictionary passwords, modified according to certain rules, instead of randomly generated. Such rules can be found on the internet, but they are compiled semi-automatically or manually by using password hashes from leaked databases without considering some peculiarities (e.g. how such personal data as name and birth date are used in passwords). The moderator will describe a rule-based bruteforce attack, suggest a method of shortening a list of rules for attack optimization, and compare his approach with other existing solutions.

  • Language
  • Russian

Nikolay is a mobile application security specialist at Positive Technologies. He is a postgraduate of the Information Security and Cryptography Department at Tomsk State University. Graduated from the Faculty of Applied Mathematics and Cybernetics. Since 2011, he’s been participating in CTF contests as a member of SiBears.

Nikolay Anisenya Nikolay Anisenya

NFC: Naked Fried Chicken

Tech

Author: Matteo Beccaro

This talk is about transportation security, frauds, and technological failures with focus on a general methodology for professional and amateur pentesters. The speaker will cover some severe vulnerabilities in real-world transportation systems based on NFC technologies and introduce an open-source application designed to pentest such systems via a smartphone.

  • Language
  • English

Matteo Beccaro is a security researcher enrolled in Computer Engineering at the Polytechnic University of Turin. His research focuses on network protocols, NFC and EACS security. He is also the co-founder and CTO of Opposing Force, the first Italian company specialized in offensive physical security. He spoke at such international conferences as DEF CON 21, 30C3, Black Hat USA Arsenal 2014, DEF CON 22 Skytalks, Black Hat Europe 2014, Tetcon 2015, DEF CON 23, and ZeroNights 2015.

Matteo Beccaro Matteo Beccaro

How to Become the Sole Owner of Your PC

Tech

Author: Positive Research

The speakers will tell you about a no-frills way to disable Intel AMT and become the sole owner of your PC.

  • Language
  • Russian
Positive Research Positive Research

Andy, the Polluters, Rick Deckard, and Other Bounty Hunters

Business

Author: Alfonso de Gregorio

This talk is about the vulnerability supply chain, its participants, and ethical questions that arise in the business. The speaker will explain his approach to such issues from the point of view of a zero-day exploits broker and will cover ethical principles and standards set forth in the Code of Business Ethics that he adopted.

  • Language
  • English

Alfonso De Gregorio is a security technologist, the founder of BeeWise, a principal security researcher at secYOUre, and the director of Zeronomi.com (a premium zero-day exploit acquisition platform). He also served as the chief security architect at an HSM vendor, as an expert at European Commission, and a visiting scholar at the Computer Security and Industrial Cryptography (COSIC) research group. He has been a speaker at PHDays, CODE BLUE, HITB GSEC, HITBSecConf, ZeroNights, DeepSEC, AusCERT, and many other international security conferences.

Alfonso de Gregorio Alfonso de Gregorio

The City Never Sleeps

Fast Track

Authors: Denis Makrushin and Yuri Namestnikov

Among other things, security professionals rely on strict security policies of limiting internet access for applications to deter cybercriminals roaming through corporate infrastructure. Corporate protection is mostly based on the use of the whitelisting paradigm: to forbid everything that is not clearly permitted. However, when employees go to sleep, many dangers lurk within corporate networks. We will show you how cybercriminals manipulate Notepad, AutoCAD, Tomcat, and SQL Server.

  • Language
  • Russian

Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He specializes in analysis of possible threats and regularly speaks at international conferences on information security. Denis was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for resistance to DDoS attacks. He graduated from Moscow Engineering Physics Institute (MEPhI). Continues his research on protection against DDoS attacks as a part of his postgraduate course at MEPhI.

Yury Namestnikov started his career as a virus analyst at Kaspersky Lab in 2007. In July 2011, he joined the Global Research and Analysis Team (GReAT) and now specializes in analyzing advanced persistent threats, collecting and examining malware data. He is also involved in research into mobile threats and malware, exploit kits and web application security issues.

Denis Makrushin and Yuri Namestnikov Denis Makrushin and Yuri Namestnikov

How We Developed the Federal Standard of SSDL

Fast Track

Author: Alexander Barabanov

The speaker will talk about the national standard “Data Protection. Secure Software Development. General Requirements” being developed at the commission of the Russian Federal Service for Technical and Export Control. He will provide general information about the document and the basic requirements for secure software development.

  • Language
  • Russian

Alexander has a PhD in computer science. He is a specialist in IT security evaluation and certification, CISSP, CSSLP. Director of the Certification and Testing Department at Echelon (an information security system integrator). Associate Professor at the Information Security Department of Bauman Moscow State Technical University.

Alexander Barabanov Alexander Barabanov

Electronic Access Control Security

Hands-on Labs

Author: Matteo Beccaro

The workshop focuses on exploiting techniques of modern EAC systems. It is designed to introduce the most common access control technologies and provide details on their vulnerabilities and available attack methods. Attendees will test learned methods and win hardware gadgets offered by Opposing Force.

  • Language
  • English

Matteo Beccaro is a security researcher enrolled in Computer Engineering at the Polytechnic University of Turin. His research focuses on network protocols, NFC and EACS security. He is also the co-founder and CTO of Opposing Force, the first Italian company specialized in offensive physical security. He spoke at such international conferences as DEF CON 21, 30C3, Black Hat USA Arsenal 2014, DEF CON 22 Skytalks, Black Hat Europe 2014, Tetcon 2015, DEF CON 23, and ZeroNights 2015.

Matteo Beccaro Matteo Beccaro

Thanks SAP for the Vulnerabilities. Exploiting the Unexploitable

Tech

Authors: Dmitry Chastukhin and Dmitry Yudin

Blah blah blah SAP. Blah blah blah big companies. Blah blah blah hack multimillion-dollar systems. This is how typical SAP talks are started. But not this time. We are really missing hardcore exploitation stuff and unusual vulnerabilities. Now it's time for real SAP hardcore! The moderator will tell (and show) how, by using a chain of minor vulnerabilities in different SAP services, you can take complete control over an affected system.

  • Language
  • Russian

Dmitry Chastuhin, Director of the security consulting department at ERPScan. He is engaged in SAP security, particularly in web applications and Java, HANA, and mobile solutions. He has official acknowledgements from SAP for vulnerabilities he found. Dmitry is also a WEB 2.0 and social network security geek and is very active in bug bounty programs (he found several critical bugs in Google, Nokia, and Badoo). He is a contributor to the EAS-SEC project. He spoke at such conferences as Black Hat, Hack in the Box, DeepSec, and BruCON.

Dmitry Yudin, a security researcher at ERPScan. He is an exploit developer, bug hunter, and Linux fan.

Dmitry Chastukhin and Dmitry Yudin Dmitry Chastukhin and Dmitry Yudin

Security Automation Based on Artificial Intelligence

Tech

Author: Rahul Sasi

It is clear that traditional web application security scanners are incapable of finding logical security bugs. The speaker will show users how they can build tools that detect such bugs by using machine learning as a key ingredient. The talk is for cloud-based application security enthusiasts.

  • Language
  • English

Rahul Sasi has over seven years of experience in security, research, and product development. He has authored multiple security tools, advisories, and articles. He spoke at various security conferences: Black Hat, CanSecWest, CoCon, Ekoparty, HITB, HITCON, Nullcon. He is the founder and CTO of CloudSek, a risk assessment company. Prior to founding CloudSek he was a senior engineer at Citrix.

Rahul Sasi Rahul Sasi

DDoS Mitigation Workshop

Hands-on Labs

Author: Krassimir Tzvetanov

This DDoS mitigation hands-on lab focusing on such popular attacks as SYN flood, Sloworis, etc. will demonstrate how specific tools are used to execute the attacks. The attendees will have an opportunity to dissect pre-recorded traffic and to mitigate an attack on an nginx server.

  • Language
  • Russian

Krassimir Tzvetanov is Principal Security Engineer at A10 Networks. His primary focus is threat intelligence, software and systems security research, and security software development practices. He also runs the Product Security Incident Response Team (PSIRT). In his previous engagements with Cisco Systems, Yahoo!, and Google, he was focusing on threat intelligence, penetration testing, designing and securing the edge infrastructure of production networks. He was also a department lead for DefCon and an organizer of BayThreat.

Krassimir Tzvetanov Krassimir Tzvetanov

Exploiting Redundancy Properties of Malicious Infrastructure for Incident Detection

Tech

Author: John Bambenek

The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.

  • Language
  • English

John Bambenek is a manager of threat systems at Fidelis Cybersecurity and an incident handler with the Internet Storm Center. He has been engaged in security for 17 years researching security threats. He is a published author of several articles. He has participated in many incident investigations spanning the globe. He speaks at conferences around the world and runs several private intelligence groups focusing on takedowns and disruption of criminal entities.

John Bambenek John Bambenek

Copycat Effect: From Cyberforensics to a Street Robbery

Tech

Author: Sergey Golovanov

Everybody watches everybody. We got accustomed to cyberattacks financed by governments. The internet is overloaded with such examples and exploits. Intruders propelled by an itch for money find this information useful, of course. The report will cover methods cybercriminals adopted from different special forces departments. The speaker will also tell about new methods of hacking ATMs — and a lot more.

  • Language
  • Russian

Sergey is the principal security researcher at Kaspersky Lab. Conducts research into banking threats and cyberespionage. Sergey’s areas of expertise include embedded system security, cybercriminal groups, non-Windows threats (Mac OS, Unix OS), botnets.

Sergey Golovanov Sergey Golovanov

DNS as a Defense Vector

Tech

Author: Paul Vixie

DNS offers a commanding view of both the local and global internet, and provides unparalleled intelligence on cybercriminals and attack methods. This lecture will explain how DNS can be protected, and how it can be used to protect other connected targets. In his presentation, the speaker will provide an overview of cache poisoning, DNSSEC, DDoS, rate limiting, DNS firewalls with RPZ, and passive DNS monitoring.

  • Language
  • English

Dr. Paul Vixie is the CEO of Farsight Security. He is a former chairman of Internet Systems Consortium, President of MAPS, PAIX and MIBH. He served on the ARIN Board of Trustees and was a founding member of ICANN Root Server System Advisory Committee and ICANN Security and Stability Advisory Committee. Vixie has been contributing to internet protocols and UNIX systems as a protocol designer and software architect since 1980. He wrote Cron (for BSD and Linux), and is considered the primary author and technical architect of BIND 4.9 and BIND 8. He has authored or co-authored a dozen of RFCs, mostly on DNS and related topics. He earned his PhD from Keio University for work related to DNS and DNSSEC, and was named to the Internet Hall of Fame in 2014.

Paul Vixie Paul Vixie

Web Application Firewall Bypassing

Tech

Author: Khalil Bijjou

This workshop will teach you how to attack an application secured by a WAF. The moderator will describe WAF bypassing techniques and offer a systematic and practical approach on how to bypass web application firewalls based on these techniques. Even beginners are welcome! WAFNinja, a tool that helps to find multiple vulnerabilities in firewalls, will be introduced.

  • Language
  • English

Khalil Bijjou is an enthusiastic ethical hacker who is currently in the master's course of IT security. He works as a penetration tester for Deloitte Cyber Risk Services and performs security assessments for major companies. Khalil reached the 2nd place of the German Post IT Security Cup.

Khalil Bijjou Khalil Bijjou

EAST 4 SCADA

Hands-on Labs

Authors: Emil Oleynikov, Dmitry Kazakov, Yuriy Gurkin Assistants: Mikhail Kropachev, Andrey Makhnev, Dmitry Chulkov

The moderators will demonstrate the advantages of a free framework designed in Russia, an alternative to Canvas, Metasploit, Core Impact. Novices and experienced hackers will learn about vulnerabilities in SCADA systems and try to identify and exploit them. Various automated systems will be available for testing (ABB, Siemens, Rockwell, ICP DAS, etc.). Remember to bring along your own devices.

  • Language
  • Russian

Emil Oleynikov, an information security researcher, the lead developer of EAST Framework.
Yuriy Gurkin, the chief technology officer of GLEG, a promoter of EAST Framework.
Dmitry Kazakov, a SCADA/PLC consultant and security analyst.
Mikhail Kropachev, a SCADA/PLC security analyst.
Andrey Makhnev, a programmer and tester of EAST.
Dmitry Chulkov, a programmer and tester of EAST.

Emil Oleynikov, Dmitry Kazakov, Yuriy Gurkin Assistants: Mikhail Kropachev, Andrey Makhnev, Dmitry Chulkov Emil Oleynikov, Dmitry Kazakov, Yuriy Gurkin Assistants: Mikhail Kropachev, Andrey Makhnev, Dmitry Chulkov

Enterprise Forensics 101

Tech

Author: Mona Arkhipova

This report outlines the typical aspects of digital forensics within enterprise systems: from initial data collection to filling a report. The speaker will give a background about the accidental establishment of QIWI Forensic lab.

  • Language
  • Russian

The head of security monitoring (SOC + OPS), QIWI

Mona Arkhipova Mona Arkhipova

Wireless Hijack: From Quadrocopters to Computer Mouses

Tech

Author: Artur Garipov

The talk will focus on general aspects of SDR application for wireless traffic analysis. The speaker will demonstrate how to search and identify wireless devices, analyze and spoof protocols, take over wireless equipment and conduct a Mousejack attack.

  • Language
  • Russian

Artur Garipov is a network application security specialist at Positive Technologies. He researches security of wireless technologies and mobile systems. Organizer of the MiTM Mobile contest and workshop at PHDays V, VI.

Artur Garipov Artur Garipov

Face to Face: the Arbiters of Security

Moderator: Dmitry Gusev, InfoTeCS

Organizations of different types see information security from different standpoints: regulators set rules and requirements; companies ensure the safety and uninterrupted performance of their internal processes and at the same time seek to follow those requirements. Ideologists who create IT ecosystems and develop security solutions see the problems and possible solutions in their own way. How do representatives of these spheres see information security pressing issues? Are they able to solve these problems by themselves using their own tools? Would it be reasonable to join efforts? What IS solutions do developers offer and what is the role of government regulation? These issues will be discussed by the section’s attendees: representatives of government and business, developers of information security tools, CIO and CISO of large companies.

Participants:

  • Natalya Kaspersky, InfoWatch
  • Boris Simis, Positive Technologies
  • Oleg Bosenko, Rosneft
  • Evgeny Kraynov, Federal Financial Monitoring Service
  • Kirill Alifanov, E.ON Russia
  • Sergey Ryzhykov, 1C Bitrix
  • Ilya Fedorushkin, Tizen
  • Representative of the Federal Service for Technical and Export Control of Russia
  • Representative of the Ministry of Telecom and Mass Communications of Russia

  • Language
  • Russian

KASan in a Bare-Metal Hypervisor

Fast Track

Author: Alexander Popov

This report discusses the successful experience of porting KASan (a dynamic memory error detector) to a bare-metal hypervisor. The speaker will tell how he managed to improve KASan over its implementation in the Linux kernel.

  • Language
  • Russian

Alexander is a system software developer (Linux kernel) at Positive Technologies.

Alexander Popov Alexander Popov

Privacy and Security in the Internet of Things

Dev

Author: Jeff Katz

Cisco predicts there will be 25 billion devices connected to the internet this year, and double that number by 2020. If you are planning to develop and launch an IoT product, you might be wondering what could happen one day if the FSB comes knocking on your door. The security of your customers should be considered right from the start, and not as an afterthought. This session highlights how it is possible to leverage the benefits of IoT without sacrificing personal rights of your clients. The presentation will draw on real-world examples of connected services with privacy and security designed-in from the start.

  • Language
  • English

Jeff Katz has extensive experience in professional software and hardware development across a wide range of environments and languages in a large problem space, including physical access control, financial services, e-commerce, home entertainment and vehicles. He is currently focusing on the Internet of Things. As a technologist, architect, full-stack software, hardware and RF engineer, Jeff enjoys getting his hands dirty throughout the entire process and derives satisfaction from building and leading amazing teams and from working with great people on real and interesting problems.

Jeff Katz Jeff Katz

How I Became Paranoid in the World of Mobile Devices

Fast Track

Author: Elena Feldman

Nowadays people often debate on the security of mobile messengers. Many developers protect their apps with strong endpoint encryption and extra authentication. The presenter will illustrate the interception of private communications with further transmission of data to a remote server in the context of the popular Viber messenger, installed on a device without root permissions.

  • Language
  • Russian

A forensic expert at F-lab. Senior Lecturer at the Department of Computer Security and Applied Algebra of Chelyabinsk State University. Deputy CTO at ER-Telecom. Elena started her career in the telecom industry as a core engineer and network architect. Studies IoT and mobile devices information security.

Elena Feldman Elena Feldman

Very Mighty eXtension for debugging

Tech

Author: Artem Shishkin

This talk will show how to develop a hypervisor-based debugging facility: how to apply existing hardware features for debugging, how to maintain integrity of a debuggee, how to make this stuff interactive and how to adopt Intel specific peculiarities. The speaker will also cover OS integration and will tell how to build a hypervisor debugger into firmware. Real-world cases of using a hypervisor-based debugger will prove that Virtual Machine Extensions are indeed a Very Mighty eXtension for debugging.

  • Language
  • Russian

Artem Shishkin is a virtualization specialist and reverse engineer. An author of research papers including "Intel SMEP overview and partial bypass on Windows 8", "Stars aligner's how-to: kernel pool spraying and VMware CVE-2013-1406", and "Microsoft Windows 8.1 kernel patch protection analysis". Engaged in low-level programming and developing reverse engineering tools. Previously spoke at Positive Hack Days and ZeroNights.

Artem Shishkin Artem Shishkin

Exploiting Chrome on a Nexus Phone

Tech

Author: Guang Gong

The speaker will tell how to pwn a Nexus device with a single vulnerability. He will also talk about how to get an RCE permission by using a V8 vulnerability and then demonstrate breaking Chrome's sandbox without exploiting any security flaws.

  • Language
  • English

Guang Gong is a security researcher of the Mobile Safe Team of Qihoo 360. His research interests included Windows rootkits, virtualization and cloud computing. He is currently focuses on mobile security, especially on hunting and exploiting Android’s vulnerabilities. He has spoken at several security conferences such as Black Hat, CanSecWest, PacSec, SysCan360. He is the winner of Pwn2Own 2015, Pwn0Rama 2016 (the category of mobile devices), and Pwn2Own 2016 (the target: Chrome).

Guang Gong Guang Gong

Magic box or: A Story about White Hat ATM Hackers

Tech

Authors: Olga Kochetova and Alexey Osipov

The report focuses on the most common methods of hacking and protecting ATMs. The speaker continues the topic of her previous presentations with a more in-depth analysis of technical details. The emphasis will be on vulnerabilities in an ATM infrastructure and the security of communication with a processing center.

  • Language
  • Russian

Olga Kochetova
Olga is a senior specialist of penetration testing department at Kaspersky Lab, the author of many articles and webinars devoted to ATM insecurity. Participated in international conferences: Black Hat, Hack in Paris, Positive Hack Days, Security Analyst Summit. She is also the author of security advisories on various vulnerabilities in ATMs and software of popular vendors.

Alexey Osipov
Alexey is the lead expert of penetration testing department at Kaspersky Lab. He is the author of techniques and utilities for exploiting vulnerabilities in XML. Participated in international conferences: Black Hat, Chaos Communication Congress, Hack in Paris, NoSuchCon, Positive Hack Days. The author of security advisories on various vulnerabilities in ATMs and software of popular vendors.

Olga Kochetova and Alexey Osipov Olga Kochetova and Alexey Osipov

john-devkit: 100 Hash Types Later

Fast Track

Author: Aleksey Cherepanov

Speeds in hash cracking grow. The number of hashing algorithms grows. Work needed to maintain universal cracker grows too. The problem gave birth to john-devkit, an advanced code generator for the famous password cracker John the Ripper. More than 100 hash types are implemented within john-devkit. Its key aspects will be discussed: separation of algorithms, optimizations and output for different computing devices, simple intermediate representation of hashing algorithms, complexity of optimizations for humans and machines, bitslicing, comparison of speeds.

  • Language
  • Russian

Aleksey Cherepanov is a programmer fascinated by libre software, participant of GSoC 2012, contributor to John the Ripper, and the author of john-devkit.

Aleksey Cherepanov Aleksey Cherepanov

Mobile Communications are Insecure. Evidence-Based Arguments

Tech

Authors: Sergey Puzankov and Dmitry Kurbatov

Any mobile operator’s networks contain vulnerabilities inherited from obsolete technologies. The report reveals the security level of mobile carriers based on data gathered during the investigation of real-life networks.

  • Language
  • Russian

Sergey Puzankov
Being an expert at Positive Technologies, he is engaged in the research of attacks against mobile operators’ networks, as well as the development of SS7 Scanner and SS7 Attack Discovery. The author of several publications on SS7 security.

Dmitry Kurbatov
He has 9 years of experience in information security of corporate networks, business applications, and telecommunication equipment. An expert at Positive Technologies and the Positive Research center. Participates in organizing the Positive Hack Days forum. Dmitry has published many articles on information security.

Sergey Puzankov and Dmitry Kurbatov Sergey Puzankov and Dmitry Kurbatov

Memory Protection Based Anti-Cheat for Computer Games

Tech

Authors: Roman Kazantsev, Maxim Vafin, and Andrey Somsikov

Customer services with cheat technologies for multiplayer online games is continuously developed because cheat makers do a profitable business specializing in a wide range of games. The speakers will suggest their anti-cheat technique that relies on software obfuscation and protects against code injection cheats that can analyze memory data and collect statistics about players. The talk will be supported by a real case study of Unreal Tournament 4.

  • Language
  • Russian

Roman Kazantsev is a software engineer at Intel Corporation. With seven-year professional experience, he is currently occupied with delivering cryptographic solutions and expertise for content protection across all the Intel platforms. His professional interests are cryptography, software security, and computer science.

Maxim Vafin is a software engineer at Intel Corporation. He specializes in computer game security and software protection against reverse engineering.

Andrey Somsikov is a software engineer and security researcher at Intel Corporation. His professional interests are software security, cryptography, and computer science.

Roman Kazantsev, Maxim Vafin, and Andrey Somsikov Roman Kazantsev, Maxim Vafin, and Andrey Somsikov

The CPU Does Not Matter. A Simple Analysis of Binary Files Using IDAPython

Hands-on Labs

Author: Anton Dorfman

This hands-on lab will focus on approaches to automation of a preliminary analysis of binary files. Participants will learn what information can be obtained with IDA Pro, leaving processor architecture features aside. The moderator will also pay attention to fixing IDA's improper recognitions. Practical tasks and their solutions will be given.

  • Language
  • Russian

Anton Dorfman is a Candidate of Technical Sciences, researcher, reverser, and assembly language fan. He is a leading expert of the application analysis team at Positive Technologies. Anton is interested in automating any reverse engineering tasks. He was the third in the contest Best Reverser at PHDays 2012. Spoke at HITB, PHDays, and Zeronights. The author of over 50 scientific publications on computer security.

Anton Dorfman Anton Dorfman

Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation

Tech

Author: Babak Javadi

For over 100 years, the modern pin tumbler lock has been used as the gold standard of physical security. Unique designs have come and gone over the years, but only the pin tumbler lock has remained constant. Almost just as constant is a neat hack-turned-standard feature that is commonly referred to as Master Keying. Master Keying allows the use of "unique" permissions-based mechanical keys in large systems and remains in use in large business and government installations in every country in the world. Unfortunately, the oldest authentication system in the world still in wide use today is vulnerable to what many consider to be the original privilege escalation attack, predating digital computer systems completely. Known by a handful of locksmiths for decades and first publicly disclosed in 2003, this un-patched vulnerability remains one of the most dangerous and under-protected physical security weaknesses still present today. This talk will discuss a highly optimized attack method against common master keyed systems as it applies to modern locks, and will cover a couple of options for mitigating and defending against the attack.

  • Language
  • English

Babak Javadi is a hardware hacker with a wayward spirit. His first foray into the world of physical security was in the third grade, where he received detention for describing to another student in words alone how to disassemble the doorknob on the classroom door. After years of immersion in electronics and computer hardware hacking, he found his passion in the puzzling and mysterious world of high security locks and safes. In 2006 Babak co-founded the US division of The Open Organisation of Lockpickers, otherwise known as TOOOL, where he continues to serve on the Board of Directors as President. In the same year, he founded the CORE Group, a multi-disciplined security research and consulting firm. He has recently re-embraced the beauty of the baud and resumed hardware hacking with a vengeance, currently working on leading research from access controls to alarms.

Babak Javadi Babak Javadi

From Cyber Offense to Cyber Arms Control: Developing Cybersecurity Norms

Business

Author: Jan Neutze

Increasingly, nation states use the internet to advance intelligence or even military operations: espionage, reconnaissance, and even sabotage. The targets of these operations, whether intentional or not, are often civilians. As the pace of activity in cyberspace increases, so does the likelihood of one state misinterpreting the actions of another. Moreover, the risk of a cyber-arms race cannot be discounted. It would be naïve to hope that states should fully pull back their military operations from the internet. Nevertheless, just as there are universally accepted norms of behavior in other realms of conflict, it is no less important to establish norms for cybersecurity. These norms should not only strengthen cybersecurity but also preserve the freedoms of a globally connected society. In an effort to encourage the international community to reverse the trend of militarizing cyberspace, a robust international debate has emerged discussing ways to reduce cybersecurity conflict by proposing a framework for cybersecurity norms. This discussion will focus on Microsoft’s approach to cybersecurity norms.

  • Language
  • English

Jan Neutze is Director of Cybersecurity Policy at Microsoft responsible for cybersecurity policy matters in Europe, Middle East, and Africa.

Jan Neutze Jan Neutze

Why We Hack: The Truth

Moderator: Boris Simis, Positive Technologies

Participants will explain why they prefer to study information security and how they estimate the value of their work. Speakers will also discuss how to efficiently attract new researchers (bounty programs, outsourcing, development of an IS department). They will try to describe an image of a future IS researcher.

Participants:

  • Timur Yunusov, Positive Technologies
  • Dmitry Evteev, HeadLight Security
  • Nikita Kislitsin, Group-IB
  • Omar Ganiev, IncSecurity
  • Representative of Digital Security

  • Language
  • Russian

Crowdsourced Malware Triage

Hands-on Labs

Author: Sergey Frankoff and Sean Wilson

Malware triage is a process of quickly analyzing potentially malicious files or URLs. It is an important function in any mature incident response program. But what if you don’t have an incident response program? What if you are just setting one up? What if you don’t have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need. In this workshop, participants will work through the triage using only free online tools. The moderator will provide an introduction and demo of each tool.

  • Language
  • English

Sergey Frankoff
A malware researcher and the director of threat intelligence at Sentrant. Prior to joining Sentrant, worked as an incident responder and a security analyst. A strong believer in taking an open community approach to combating cybercrimes. Contributes to open source tools and tries to publish as much as possible. A co-founder of Open Analysis, a group of malware researchers and incident responders who produce open tools and services to assist with malware analysis.

Sean Wilson
A researcher at PhishMe with experience in malware analysis, incident response, and reverse engineering. He is an active contributor to open-source security tools. A co-founder of Open Analysis, a collective of malware researchers and incident responders who produce open tools and services to assist with malware analysis. In his free time, Sean loves fly fishing.

Sergey Frankoff and Sean Wilson Sergey Frankoff and Sean Wilson

Groundbait: Analysis of a Surveillance Toolkit

Tech

Author: Anton Cherepanov

Operation “Groundbait” (Russian: Prikormka) is an ongoing cybersurveillance that took place in Ukraine. The group behind this operation has been launching targeted attacks to spy on individuals with a political motive. The group is active since 2008. The talk will uncover details about the attack campaigns and provide a technical analysis of the used malicious toolkit. The speaker will share clues uncovered during his research that may point to the origin of the attackers.

  • Language
  • Russian

Anton Cherepanov graduated from South Ural State University. Works at ESET as a malware researcher. Specializes in IT security, reverse engineering and malware analysis automation. Spoke at CARO Workshop, Virus Bulletin, and ZeroNights.

Anton Cherepanov Anton Cherepanov

A Riddle Wrapped in a Mystery, or Vulnerabilities in Medical and Industrial Software

Tech

Authors: Emil Oleynikov and Yuriy Gurkin

Both medical and SCADA systems can be operated, configured, and monitored via remote control. They are often connected to the internet. The speaker will provide an overview of vulnerabilities in application-specific software used in medicine and industrial production. The vulnerabilities were discovered using EAST (exploits and security tools), a framework similar to Metasploit. EAST automates vulnerability scanning and demonstrates possible risks.

  • Language
  • Russian

Emil Oleynikov, an information security researcher, the lead developer of EAST Framework.
Yuriy Gurkin, the chief technology officer of GLEG, a promoter of EAST Framework.

Emil Oleynikov and Yuriy Gurkin Emil Oleynikov and Yuriy Gurkin

Fear and Loathing in Telecoms

Tech

Author: Ilya Safronov

The report will provide information on various schemes used by attackers to enrich themselves at the expense of telecom operators. The speaker will cover manipulations with numbers, interconnection settings, billing, and switch configuration. The principles of SIM box operation and traffic looping will be also discussed.

  • Language
  • Russian

Ilya Safronov is an IS specialist, previously worked in the network security department at Positive Technologies and was a security assessment expert at Group-IB. The author of several articles on information security. He has participated in a number of telecommunications projects and research programs.

Ilya Safronov Ilya Safronov

Experts Don’t Need No Education. Information Security and Other Pseudosciences

Moderator: Boris Simis

Representatives of different information security schools with diverse views on professional education will consider the benefits and flaws of their educational approaches, evaluate recent graduates, and try to define what young specialists should study to adapt to our fast-paced world.

  • Language
  • Russian

Defense and Offense Technologies in 2016: Which Side will Make a Breakthrough?

Moderator: Alexey Kachalin

Leading experts from PT Expert Security Center cover the most important events in the world of security and analyze how these events affected their day-to-day practice. What is the probability of detecting newfound vulnerabilities during penetration testing? What changes have taken place in hackers' tactics? The speaker will answer these questions using examples of incident investigation.

  • Language
  • Russian

Engineering Systems and Development Errors as the Factor of Security Flaws

Fast Track

Author: Anton Zhbankov

This fast track will examine the relationship between IS incidents and IT problems, engineering and capital development, problems of operation and design. Protection against hackers as well as a detailed code review are very important. Still, if you forget about the rest, you will be acting just like the fairy tale pig who placed a steel door to the thatched hut.

  • Language
  • Russian

15 years of experience with expertise in datacenter virtualization and cloud computing. Certified as an EMC Cloud Architect Expert, an eight-time VMware vExpert, was also awarded the EMC Elect designation in 2015.

Anton Zhbankov Anton Zhbankov

Catch Me If You Can

Fast Track

Author: Nikolay Zdobnov

InfoWatch has been active in the market of DLP solutions for more than 12 years. There have been a number of interesting stories over this period: the disclosure of plans for further development of a whole region among competitors, pharmacy workers selling drugs, and corrupt practices within public institutions. The speaker will describe some tricks used by employees to sell out trade secrets at a higher price and make a tidy sum.

  • Language
  • Russian

Nikolay is the head of key account management at InfoWatch. He has over five years’ experience in IT and IS. He was engaged in the development of products for information security at Softline Trade, an international integration company. Cooperated with Aladdin Knowledge Systems, Check Point Software Technologies, and RSA Security.

Nikolay Zdobnov Nikolay Zdobnov

Time is Not on Your Side: Exploiting Browser-Based Timing Attacks

Tech

Author: Tom Van Goethem

This talk introduces a new threat: browser-based timing attacks that can be used to extract sensitive information from trusted websites. In a classic example of a timing attack, the attacker retrieves the secret key from a cryptosystem, such as RSA, by measuring the time that is required to encrypt several inputs. To investigate potential consequences, several popular web services were analyzed (email applications, social networks, financial websites) and the research revealed that these new attacks can be exploited in every service, posing an imminent threat to our online security and privacy. The speaker will demonstrate the harmful consequences by discussing several real-world scenarios.

  • Language
  • English

Tom Van Goethem is a PhD student at the University of Leuven (Belgium), where he has a (not so secret) love affair with research on security and privacy in the context of the Web. As a result of his security research, Tom exposed fundamental flaws in DDoS protection mechanisms, the security seal ecosystem, and several widely used services and web applications, such as WordPress.

Tom Van Goethem Tom Van Goethem

Fingerprinting and Attacking a Healthcare Infrastructure

Tech

Author: Anirudh Duggal

There has been a recent spike in the number of attacks on healthcare intuitions, the most serious being the ransomware attacks. The attacks go beyond phishing victims and shutting down the entire infrastructure. The speaker will focus on how to fingerprint hospitals and healthcare institutions and how to defend a system against such attacks.

  • Language
  • English

Anirudh Duggal is a cybersecurity enthusiast who works at Philips Healthcare on securing medical devices, mobile apps, hardened systems, web services, and healthcare infrastructure. He previously worked at Infosys in the cloud security department. Founded a website on security challenges in the healthcare industry (hospitalsecurityproject.com). Presented solutions and systems at Microsoft Imagine Cup as a national finalist. Took an active part in Null and SecurityXploded. Speaker at Cocon, HITCON, Ground Zero and the forthcoming Nullcon 2016.

Anirudh Duggal Anirudh Duggal

SDR and Others of That Ilk

Hands-on Labs

Authors: Artur Garipov and Pavel Novikov

The hands-on lab is built around wireless technologies. The participants will find out how to intercept and analyze data transmitted wirelessly using SDR (software-defined radio) and other devices. Please bring your own SDR.

  • Language
  • Russian
Artur Garipov and Pavel Novikov Artur Garipov and Pavel Novikov

Industrial System Security: It's Time to Take Action

Moderator: Ivan Melekhin

It is well proved by notorious incidents that cyber threats to industrial systems are as relevant as ever. Facilitated by Industry 4.0, integration with industrial processes makes cyber systems more vulnerable and exposed to attacks. The modern concept of manufacturing development implies new transparency requirements, horizontal and vertical integration of all industrial control elements within one or several enterprises. Only strong protection can guarantee a desired level of IT penetration.
Industrial security is one of the most difficult sectors to implement security solutions because of restrictions driven by the continuity of technological processes, possible attacks on information and physical objects, prohibited interference with technological processes, and specific equipment. Yet, there are solutions to this problem. While existing technologies are adjusted, new solutions, technologies, and products are elaborated and tested onsite. Our guests from leading manufacturing companies and automated information system developers will share their experience while discussing industrial system security.

  • Language
  • Russian

SSDL: One Day in the Life of a Developer

Dev

Author: Valery Boronin

Source code analysis at an implementation phase of an SDL/SSDL: how to make the process easier for a developer? How to implement analysis tools in a way that minimizes resources needed to fix errors? In some cases, the best decision is not to use a user interface. Attendees will watch Man—Machine interaction via source code.

  • Language
  • Russian

An expert in secure development at Positive Technologies, the head of the Research and Development center in Novosibirsk. Created the R&D center for Kaspersky Lab in Novosibirsk, where he promoted new areas: DLP, encryption, and incident management. Has more than 20 years of experience in software development. Participated in Russian and foreign conferences (DLP Russia). He is the author of many articles and a course devoted to information security and IT management.

Valery Boronin Valery Boronin

Realization of Self-Learning Techniques in WAF

Fast Track

Author: Vladimir Lepikhin

This fast track tutorial will focus on the benefits and drawbacks of a statistical-based approach for intrusion detection in web applications compared to signature-based systems. Attendees will learn whether this technique can eliminate false positives that are typical of signature-based threat detection.

  • Language
  • Russian

Vladimir coordinates network security matters at the training center Informzaschita. Participated in the production of many training courses. He specializes in security analysis and the detection of network attacks. Contributes to the development of authorized training programs on Positive Technologies products. Regularly speaks at information security forums.

Vladimir Lepikhin Vladimir Lepikhin

How to Start an Information Security Business

Fast Track

Author: Alexander Bondarenko

The speaker will introduce a short story of creating an IS company from the ground up, based in Russia, aimed at the international market.

  • Language
  • Russian

The head and founder of R-Vision.

Alexander Bondarenko Alexander Bondarenko

Application security? Firewall it!

Author: Eldar Beybutov

  • Language
  • Russian
Eldar Beybutov Eldar Beybutov

SIEM, or not SIEM, That is the Question

Moderator: Alexey Lukatsky

What tasks can be solved by a SIEM system and what does it actually do? Is there a future for this type of systems? The real state of things in the SIEM segment both in Russia and abroad, and difficulties surrounding SIEM employment.

  • Language
  • Russian

Flash is Dead. Flash Forever!

Fast Track

Author: Alexandra Svatikova

Participants will learn about critical security vulnerabilities in Odnoklassniki resulting from three errors in Flash applications and how these vulnerabilities were fixed.

  • Language
  • Russian

An application security expert at OK.ru.

Alexandra Svatikova Alexandra Svatikova

Another Round of the Standoff: IS Services as a Response to New Threats and Challenges

Information security measures more and more often include employment of services from specialized vendors. What threats require prompt involvement of experts? How do IS services work and what are the advantages of the combination of cutting-edge technological solutions and deep expertise? Leading companies in the industry and users of their services will discuss these issues during the round-table talk.

  • Language
  • Russian

Lightning Talk

Moderator: Andrey Petukhov and Evgeny Minkovsky

Attendees will have an opportunity to tell briefly about their research, about a new vulnerability or a problem in security algorithms, to speak on a new concept for a security analysis tool or a plan to conduct a large-scale study. Share your ideas and find people who think the same.

  • Language
  • Russian

Static Code Analysis in the SSDL Context

Fast Track

Author: Ivan Yolkin

The fast track talk will present successful cases of implementation of Static Analysis Security Tool for QIWI and the difficulties that developers have faced. Whether to use a duct tape or code refactoring? A customer and a developer: what to do when opinions differ? The speaker shares his experience and tells how many lines of code he had to read and write before running the scanner. He will also provide an overview of vulnerabilities that were discovered and missed.

  • Language
  • Russian

An application security expert at QIWI, a web and mobile technologies researcher, and a full-stack developer who prefers to keep the code pure, comprehensible, and secure.

Ivan Yolkin Ivan Yolkin

Machine Learning Technique to Detect Generated Domain Names

Fast Track

Author: Alexander Kolokoltsev

This talk focuses on the machine learning techniques used to detect domain names generated by the domain generation algorithm (DGA). For solution, an n-gram analysis is suggested. The speaker will describe in detail a domain name analyzer that has 98.5% accuracy.

  • Language
  • Russian

Alexander Kolokoltsev, a specialist at Positive Research Center, specializes in the development of attack detection techniques. He is engaged in applying machine learning algorithms to DGA detection and developing malware classification based on the behavior analysis.

Alexander Kolokoltsev Alexander Kolokoltsev

How to Exploit Certifi-Gate, in Theory and Practice

Tech

Author: Dan Koretsky

Millions of Android devices have vulnerabilities that grant root privileges. The speaker will talk about technical reasons for security concerns (collisions of hash functions, inter-process communication abuse, mishandling of application certificates). This lecture will include a demonstration of an attack against an actual device and provide participants with recommendations on reducing potential risks. The participants will discover the reason for which vulnerabilities cannot be totally eliminated and learn about Google Play attacks.

  • Language
  • Russian

With over 8 years of experience in security and low-level research in both Windows and Linux/Android environments, Dan brings deep knowledge of cyber attacks and the information security situation in the mobile and PC worlds. Dan started working in a start-up company before he finished high-school, during which he studied for a bachelor’s degree in computer science. After that, he served for over 5 years in the Israeli army, performing a wide variety of research and development tasks. He works in Check Point as a senior security researcher for mobile products.

Dan Koretsky Dan Koretsky

Invited Talk

Author: Dave Monnier

  • Language
  • English

Team Cymru Fellow and the Director of Sales and Marketing at Team Cymru, a specialized Internet security research firm based in Lake Mary, Florida, USA. Team Cymru specializes in understanding the economic aspects of online crime, and Dave excels at describing the complex nature of the underground economy to both executives and technologists alike. Understanding that real-world security involves both technology and business considerations, Dave helps organizations to fully consider their security and policy decisions in real-world terms. Dave has traveled the world presenting security ideas and solving organizations’ hardest problems. With over seventeen years of experience in a wide-range of technologies, Dave brings a wealth of knowledge and understanding to every situation. Dave began his career performing UNIX and Linux administration in academic and high performance computing environments where he helped to build some of the most powerful computational systems of their day. Subsequent to systems administration, Dave moved into Internet security, having served as a Lead Security Engineer for a Big Ten university and later helped to launch the Research and Education Networking ISAC, part of the formal U.S. ISAC community. Dave joined Team Cymru in 2007 where he has served as their Senior Engineer and later as a Security Evangelist. In 2010, Dave was granted the title of Team Cymru Fellow, a highest honor of Team Cymru. Dave has managed multiple teams as part of Team Cymru ranging from engineering, outreach, threat intelligence, sales, and marketing.

Dave Monnier Dave Monnier

Innovations in Information Security

Author: Dmitriy Romanchenko, IBS

Dmitry Romanchenko (IBS) will talk on the possibilities of implementation of the convergent platform Skala-R as an industrial computing platform, a secure database machine, or as a platform for the deployment of enterprise applications..

  • Language
  • Russian
Dmitriy Romanchenko, IBS Dmitriy Romanchenko, IBS

SPONSORS
MEDIA PARTNERS
FORUM'S FRIENDS
Copyright © 2022 Positive Technologies