PHDays video



Fast Track

If You Find One, There are Probably More! A Detection Method of “Reproduced” Vulnerability

Author: Asuka Nakajima

In a software development process, it is common to reuse source code from other software products to reduce development costs. However, if a vulnerability lurks in the original source code, it will be copied to the developing product. The speaker propose an uncommon method to detect “reproduced” vulnerabilities in binary files, without going through the source code or symbol files.

  • Language
  • English

Asuka Nakajima is a researcher at NTT Secure Platform Laboratories. She studied at the Faculty of Environment and Information Studies at Keio University. Her research interests include reverse engineering and vulnerability discovery. She is a member of the executive committee of SECCON, the largest CTF organizer in Japan. She is also a founder of CTF for GIRLS, the first security community for woman in Japan.

Asuka Nakajima Asuka Nakajima

—No viruses? I wouldn't be so sure

Author: Olga Zinenko

Ural Security Systems Center (USSC) is performing an independent testing of mobile antiviruses for Android (including Dr.Web, Kaspersky, Norton, ESET). The fast track talk will present the current results of the research.

  • Language
  • Russian

Olga Zinenko is an analyst at Ural Security Systems Center (USSC). An author for the USSC blog that regularly posts surveys of amendments in the legislation. Holds a degree from Ural Federal University. Certified in CompTIA Security +.

Olga Zinenko Olga Zinenko

Pseudo-Security of NFC Services

Author: Lev Denisov

The Moscow public transport system is one of the largest in the world. More than five million passengers use the Troika card to pay fare for metro and ground transport. Due to new services, it is now possible to recharge the card via a cell phone with NFC. The speaker will discuss vulnerabilities that allow anyone to get access to card private data, clone the card, and use public transport for free.

  • Language
  • Russian

Lev Denisov is an expert in contactless payment technologies and automated fare collection (AFC) systems for public transit with more than 10 years of experience. He’s been involved in deployment of 50% of AFC and electronic contactless ticketing projects in Russia. He took part in first roll-outs of NFC payments and contactless payments with bank cards (PayPass, payWave). He is an evaluator and member of the OSPT Alliance. His team pioneered in the implementation of open security standards for contactless payments in public transport, as well as host card emulation for NFC payments. Speaks at specialized conferences, exhibitions, and forums (InfoSecurity Russia, UITP World Congress, Russian Public Transport Week).

Lev Denisov Lev Denisov

Brute-Forced in Sixty Seconds

Author: Nikolay Anisenya

The vast majority of users prefer dictionary passwords, modified according to certain rules, instead of randomly generated. Such rules can be found on the internet, but they are compiled semi-automatically or manually by using password hashes from leaked databases without considering some peculiarities (e.g. how such personal data as name and birth date are used in passwords). The moderator will describe a rule-based bruteforce attack, suggest a method of shortening a list of rules for attack optimization, and compare his approach with other existing solutions.

  • Language
  • Russian

Nikolay is a mobile application security specialist at Positive Technologies. He is a postgraduate of the Information Security and Cryptography Department at Tomsk State University. Graduated from the Faculty of Applied Mathematics and Cybernetics. Since 2011, he’s been participating in CTF contests as a member of SiBears.

Nikolay Anisenya Nikolay Anisenya

The City Never Sleeps

Authors: Denis Makrushin and Yuri Namestnikov

Among other things, security professionals rely on strict security policies of limiting internet access for applications to deter cybercriminals roaming through corporate infrastructure. Corporate protection is mostly based on the use of the whitelisting paradigm: to forbid everything that is not clearly permitted. However, when employees go to sleep, many dangers lurk within corporate networks. We will show you how cybercriminals manipulate Notepad, AutoCAD, Tomcat, and SQL Server.

  • Language
  • Russian

Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He specializes in analysis of possible threats and regularly speaks at international conferences on information security. Denis was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for resistance to DDoS attacks. He graduated from Moscow Engineering Physics Institute (MEPhI). Continues his research on protection against DDoS attacks as a part of his postgraduate course at MEPhI.

Yury Namestnikov started his career as a virus analyst at Kaspersky Lab in 2007. In July 2011, he joined the Global Research and Analysis Team (GReAT) and now specializes in analyzing advanced persistent threats, collecting and examining malware data. He is also involved in research into mobile threats and malware, exploit kits and web application security issues.

Denis Makrushin and Yuri Namestnikov Denis Makrushin and Yuri Namestnikov

How We Developed the Federal Standard of SSDL

Author: Alexander Barabanov

The speaker will talk about the national standard “Data Protection. Secure Software Development. General Requirements” being developed at the commission of the Russian Federal Service for Technical and Export Control. He will provide general information about the document and the basic requirements for secure software development.

  • Language
  • Russian

Alexander has a PhD in computer science. He is a specialist in IT security evaluation and certification, CISSP, CSSLP. Director of the Certification and Testing Department at Echelon (an information security system integrator). Associate Professor at the Information Security Department of Bauman Moscow State Technical University.

Alexander Barabanov Alexander Barabanov

KASan in a Bare-Metal Hypervisor

Author: Alexander Popov

This report discusses the successful experience of porting KASan (a dynamic memory error detector) to a bare-metal hypervisor. The speaker will tell how he managed to improve KASan over its implementation in the Linux kernel.

  • Language
  • Russian

Alexander is a system software developer (Linux kernel) at Positive Technologies.

Alexander Popov Alexander Popov

How I Became Paranoid in the World of Mobile Devices

Author: Elena Feldman

Nowadays people often debate on the security of mobile messengers. Many developers protect their apps with strong endpoint encryption and extra authentication. The presenter will illustrate the interception of private communications with further transmission of data to a remote server in the context of the popular Viber messenger, installed on a device without root permissions.

  • Language
  • Russian

A forensic expert at F-lab. Senior Lecturer at the Department of Computer Security and Applied Algebra of Chelyabinsk State University. Deputy CTO at ER-Telecom. Elena started her career in the telecom industry as a core engineer and network architect. Studies IoT and mobile devices information security.

Elena Feldman Elena Feldman

john-devkit: 100 Hash Types Later

Author: Aleksey Cherepanov

Speeds in hash cracking grow. The number of hashing algorithms grows. Work needed to maintain universal cracker grows too. The problem gave birth to john-devkit, an advanced code generator for the famous password cracker John the Ripper. More than 100 hash types are implemented within john-devkit. Its key aspects will be discussed: separation of algorithms, optimizations and output for different computing devices, simple intermediate representation of hashing algorithms, complexity of optimizations for humans and machines, bitslicing, comparison of speeds.

  • Language
  • Russian

Aleksey Cherepanov is a programmer fascinated by libre software, participant of GSoC 2012, contributor to John the Ripper, and the author of john-devkit.

Aleksey Cherepanov Aleksey Cherepanov

Engineering Systems and Development Errors as the Factor of Security Flaws

Author: Anton Zhbankov

This fast track will examine the relationship between IS incidents and IT problems, engineering and capital development, problems of operation and design. Protection against hackers as well as a detailed code review are very important. Still, if you forget about the rest, you will be acting just like the fairy tale pig who placed a steel door to the thatched hut.

  • Language
  • Russian

15 years of experience with expertise in datacenter virtualization and cloud computing. Certified as an EMC Cloud Architect Expert, an eight-time VMware vExpert, was also awarded the EMC Elect designation in 2015.

Anton Zhbankov Anton Zhbankov

Catch Me If You Can

Author: Nikolay Zdobnov

InfoWatch has been active in the market of DLP solutions for more than 12 years. There have been a number of interesting stories over this period: the disclosure of plans for further development of a whole region among competitors, pharmacy workers selling drugs, and corrupt practices within public institutions. The speaker will describe some tricks used by employees to sell out trade secrets at a higher price and make a tidy sum.

  • Language
  • Russian

Nikolay is the head of key account management at InfoWatch. He has over five years’ experience in IT and IS. He was engaged in the development of products for information security at Softline Trade, an international integration company. Cooperated with Aladdin Knowledge Systems, Check Point Software Technologies, and RSA Security.

Nikolay Zdobnov Nikolay Zdobnov

Realization of Self-Learning Techniques in WAF

Author: Vladimir Lepikhin

This fast track tutorial will focus on the benefits and drawbacks of a statistical-based approach for intrusion detection in web applications compared to signature-based systems. Attendees will learn whether this technique can eliminate false positives that are typical of signature-based threat detection.

  • Language
  • Russian

Vladimir coordinates network security matters at the training center Informzaschita. Participated in the production of many training courses. He specializes in security analysis and the detection of network attacks. Contributes to the development of authorized training programs on Positive Technologies products. Regularly speaks at information security forums.

Vladimir Lepikhin Vladimir Lepikhin

How to Start an Information Security Business

Author: Alexander Bondarenko

The speaker will introduce a short story of creating an IS company from the ground up, based in Russia, aimed at the international market.

  • Language
  • Russian

The head and founder of R-Vision.

Alexander Bondarenko Alexander Bondarenko

Flash is Dead. Flash Forever!

Author: Alexandra Svatikova

Participants will learn about critical security vulnerabilities in Odnoklassniki resulting from three errors in Flash applications and how these vulnerabilities were fixed.

  • Language
  • Russian

An application security expert at

Alexandra Svatikova Alexandra Svatikova

Static Code Analysis in the SSDL Context

Author: Ivan Yolkin

The fast track talk will present successful cases of implementation of Static Analysis Security Tool for QIWI and the difficulties that developers have faced. Whether to use a duct tape or code refactoring? A customer and a developer: what to do when opinions differ? The speaker shares his experience and tells how many lines of code he had to read and write before running the scanner. He will also provide an overview of vulnerabilities that were discovered and missed.

  • Language
  • Russian

An application security expert at QIWI, a web and mobile technologies researcher, and a full-stack developer who prefers to keep the code pure, comprehensible, and secure.

Ivan Yolkin Ivan Yolkin

Machine Learning Technique to Detect Generated Domain Names

Author: Alexander Kolokoltsev

This talk focuses on the machine learning techniques used to detect domain names generated by the domain generation algorithm (DGA). For solution, an n-gram analysis is suggested. The speaker will describe in detail a domain name analyzer that has 98.5% accuracy.

  • Language
  • Russian

Alexander Kolokoltsev, a specialist at Positive Research Center, specializes in the development of attack detection techniques. He is engaged in applying machine learning algorithms to DGA detection and developing malware classification based on the behavior analysis.

Alexander Kolokoltsev Alexander Kolokoltsev