POSITIVE HACK DAYS



ORGANIZER

Program


Download the full program in PDF.

Levels.

Download all presentations.


The program of the PHD forum is created to cover the most wide spread issues in the information security field. We try to take into account preferences of various representatives of the industry to develop a program that would interest everyone from a developer to a CIO.

The program of the Positive Hack Days forum consists of two large blocks, which include both theory and practice - the conference and the contests.

Conference

  • Business seminars and round tables involve the leading experts of the market which bring up the most interesting issues in information security field.
  • Technical seminars are seminars aimed at a more specialized audience and address practical issues of the information security field. The seminars are conducted by the most prominent experts.
  • Master classes provide an opportunity to get practical experience in real-time solving information security problems of various complexity levels from outstanding local and international specialists.

Contests

  • CTF contest is an international information protection contests conducted according to the CTF (Capture The Flag) game principles.
  • Theme contests cover various information security issues which give the participants an opportunity to demonstrate their skills of protecting and hacking information resources.


Download the full program in PDF.

Levels.

Download all presentations.

Responsiveness and Responsibility

Author: Marc "van Hauser" Heuse

  • Language
  • English

Marc "van Hauser" Heuse has performed security research since 1993, found vulnerabilities in numerous products and is the author of various famous security and pentest tools like hydra, amap, thc-ipv6, THC-Scan, SuSEFirewall and many more.
In 1995 he founded the renowned security research group "The Hacker's Choice", which was the first group to, e.g., crack A5 GSM in 2006 within a minute. Since 1997 he works as a security consultant in one of the top-5 enterprise consultant companies, since 2007 works as an independent security consultant.

Berlin, Germany

Marc "van Hauser" Heuse Marc "van Hauser" Heuse

If You Can Write a Webserver, You Can Write a Thumb Drive

Author: Travis Goodspeed

Think back to that moment when you first realized a bit of ASCII and a socket were all that it took to make an HTTP server in your favorite scripting language.  Using the open source Facedancer framework, emulators have been written in userland Python for Mass Storage, Human Interface, FTDI, and Device Firmware Update protocols. The sockets work a bit differently, and the protocols aren't ASCII, but the principles and the libraries are no more difficult than HTTP.
Practical examples of this technique include a tool for catching firmware updates by impersonating the DFU protocol and a prototype of a hard disk that actively defends itself against forensics tools and imaging.

  • Language
  • English

Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. His recent hacks include the Facedancer project for emulating USB devices, the GoodFET project for exposing embedded buses to host control, and the Packet-in-Packet attack for remotely injecting PHY-layer radio frames without a software bug. In his spare time, he is attempting to add USB Host support to the Elektronika BK.

Travis Goodspeed Travis Goodspeed

Cyber War of a Chinese Hacker, Black Economy, and Trojan Tool

Author: Tao Wan

In the past, Chinese hackers have been spurred into action by geopolitical controversies. But today many of the China hackers are turning away from the darker side of the security field and instead looking for opportunities in building legitimate businesses. China's billion-plus population means that proportionally, there are a lot of hackers in China. China also has an active cyber police system, but the country is large. Nonetheless, you can't say enforcement is non-existent in China.
What happened to China hackers in the last ten years? Who are they and what do they want? Eagle Wan, the leader of the China Eagle Union will give you the truth.

  • Language
  • English

Founder of Intelligence Defense Friends Laboratory (China Eagle Union), IBM GCG Cloud Tiger Team Security Managing Consultant.
In 1993 finished the Beijing Jiaotong University with a bachelor's degree in economics.
Has more than 20 years' information security experience, worked for PricewaterhouseCoopers, CA Technologies and IBM.
In 2001 founded the China Eagle Union hacker group.
Now works for an operator of a community cloud to support Chinese NGOs and open source for hacker culture.

Beijing, China

Tao Wan Tao Wan

Faster Secure Software Development with Continuous Deployment

Author: Nick Galbreath

Why don't developers care about security issues? Why isn't security training effective? Why do basic application security problems continue to exist? One reason is that long release cycles disenfranchise developers from caring or even knowing about security or operational issues. Continuous Deployment helps address this by small, but frequent, changes to the production environment. At first, this would seem less stable and less secure; however, continuous deployment is a lot more than "pushing code". When done well, it can be transformative to your software lifecycle and change your security group from a reactive organization into an "in-house security consultancy" that developers come to for questions and assistance. This session will discuss how to get started with continuous deployment and the tools and process needed to make it a security success.

  • Language
  • English

Nick Galbreath is the Vice President of Engineering at IPONWEB, based in Moscow, Russia, which handles tens of billions of online advertising transactions per day. Prior to this, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, authentication and other enterprise features. Prior to Etsy, Nick has held leadership positions in a number of social and e-commerce companies, including Right Media, Upromise, Friendster, and OpenMarket. He is the author of "Cryptography for Internet and Database Applications", several patents, and has spoken at Black Hat, Defcon, RSA, Microsoft and OWASP events.

Tokyo, Japan

Nick Galbreath Nick Galbreath

SCADA Strangelove: How to Build Your Own Stuxnet

Author: Positive Technologies

A lot of time has passed since the Stuxnet incident. While one is looking for lacking elements of the cyberweapon evolution, Positive Technologies experts want to get a glimpse of the future. The near future where to create a full-fledged SCADA worm one will only need up-to-date Metasploit and a little skill of VBScript programming.
Based on the research regarding the security of Siemens SIMATIC (TIA Portal/ WinCC /S7 PLC) series, the talk will cover the vulnerabilities which can be used to hack into ICS. The speakers will also demonstrate the ways of the worm propagation and its malicious impact on the system, ranging from the network level (S7/Profinet) to the web control interfaces, to the WinCC project files.
Information on new vulnerabilities in Siemens SIMATIC series will be presented, as well as tools which can be used to analyze security and to find new vulnerabilities in ICSs.

  • Language
  • Russian

ICS Security Team of Positive Technologies (www.ptsecurity.com).

Positive Technologies Positive Technologies

Catching the Uncatchable: Investigating Malicious Activity Incidents in Corporate Networks

Authors: Fyodor Yarochkin, Vladimir Kropotov, Vitaliy Chetvertakov

Vladimir, Fyodor and Vitaliy spend their daily time as security analysts detecting malicious activity outbreaks in large corporate networks. In this presentation they summarize their experience in detecting large, cross-continental mass-infection activities. The presentation will cover both, financially-oriented online crime activities as well as targeted attacks, which recently gained larger exposure due to some high profile network compromises (e. g., recent New York Times compromise incident). The presenters will thoroughly discuss mechanisms of malware dissimulation, primary attack and spreading vectors and attack details, specific to each particular campaign observed. Fyodor will also demonstrate a novel approach of detecting targeted attack compromises within enterprise networks through methods of statistical traffic analysis.

  • Language
  • Russian

Fyodor Yarochkin is a Security Analyst at P1 Security, Academia Sinica.
Vladimir Kropotov is an information security analyst and independent researcher.
Vitaliy Chetvertakov is a security analyst and independent researcher.

Fyodor Yarochkin, Vladimir Kropotov, Vitaliy Chetvertakov Fyodor Yarochkin, Vladimir Kropotov, Vitaliy Chetvertakov

Lockpicking & Physical Security

Authors: Deviant Ollam, Babak Javadi, Keith Howell

Physical security is an oft-overlooked component of data and system security in the technology world.  While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions.  You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Discussion as well as direct example will be used to demonstrate the grave failings of low-grade hardware... much of which can be opened by audience members with no prior training. What features to look for in locks and safes will be covered, and how to invest in systems that are easiest to manage in large environments will be discussed.

  • Language
  • English

While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also
member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Babak Javadi is a hardware hacker with a wayward sprit. His first foray into the world of physical security was in the third grade, where he received detention for describing to another student in words alone how to disassemble the doorknob on the classroom door. After years of immersion in electronics and computer hardware hacking, he found his passion in the puzzling and mysterious world of high security locks and safes. After serving as a driving force within the locksport community for almost a decade and helping found the US division of The Open Organisation of Lockpickers, he has recently re-embraced the beauty of the baud and resumed hardware hacking with a vengeance. He currently serves as the President of the US group of The Open Organisation of Lockpickers (TOOOL) and is the founder of The CORE Group, a security research and consulting firm.

Trained as an Electronics Engineer by the British Army, Keith Howell became interested in computers and began his learning path with a TRS-80 and has owned most Intel based processors since then. After joining UUNET Technologies in 1995, he started to get interested in the security of networks and computers and in 1998 joined the UUNET InfoSec team.

Deviant Ollam, Babak Javadi,  Keith Howell Deviant Ollam, Babak Javadi, Keith Howell

Underground Market 101: Pricing Stats and Schemas

Author: Max Goncharov

Online fraud has long since moved from being a mere hobby to a means for cybercriminals to earn a living. Daily we see lots of activity in social networks, blogs and forums, but this is the part of the internet visible to everyone.
There is another side to the internet however — its criminal underbelly — and here, just like on the blogs and forums, communication is key. In this talk we will cover the principles of underground information exchange, ways to secure money/goods in underground transactions and basic cyber hierarchy.
The speaker will also talk about underground products and services. Crypt services, DDoS attacks, traffic resale, bulletproof servers, SMS fraud, spam services and credit card hijack — these topics will be covered with pricing comparisons shown over the last 2 or 3 years. The speaker will go through the typical pricing steps of a criminals attack — from buying software, all the way to monetizing the volumes of infected victims.

  • Language
  • English

Senior Threat Analyst at Trend Micro, responsible for security consulting to business partners (internal, external), creation of security frameworks, designing technical security architecture, overseeing the build out of an enterprise incident response process, and creation of the enterprise risk management program.
Spoke at various conferences and training seminars (BlackHat, DeepSec, VB, APWG, etc.) on the topic of cybercrime and related issues, such as cyberterrorism, cybersecurity and underground economy.

Munich, Germany

Max Goncharov Max Goncharov

Attack Prelude: OSINT Practice and Automation

Author: Vladimir Styran

Collecting and analyzing public information on the target, aka Open Source Intelligence (OSINT), is a mandatory stage of a modern pentest. The value of such analysis is difficult to overestimate, however, only few people treat it with due attention. Some even skip this stage and start vulnerability scanning right away. It is a mistake, because collecting information on systems and personnel in the area of testing usually plays a crucial role in security audit and is essential for success of an audit conducted with the use of social engineering techniques.

  • Language
  • Russian

Lead Consultant at BMS Consulting, head of information security testing section, former IT auditor, security specialist in the real sector and IT security implementor. Focuses on psychological aspects of Information security and human element of security systems. Cofounder of the Ukrainian Information Security Group (UISG). Blogger, podcaster, speaker and organizer of professional conferences. Holder of CISSP, CISA and other qualifications.

Kiev, Ukraine

Vladimir Styran Vladimir Styran

Abusing Browser User Interfaces for Fun and Profit

Author: Rosario Valotta

As social engineering has become the dominant method of malware distribution, browser makers started designing more robust and recognizable UIs in order to help end users make aware choices while surfing the Web. In this process, creating trusted notification mechanisms played a crucial role: nowadays any modern browser is able to identify potentially dangerous or sensitive action requested by a webpage (file downloading, plugin installation, granting privileges to websites) and prompt a dialog box or a notification bar to require explicit confirmation from the user.
Even though these improvements led to a greater degree of assurance, the notification mechanisms are far from being 100% safe: in this presentation the speaker will show how notification bars in major browsers (Chrome 24, IE9, IE10) can be abused with little (or even no) social engineering, leading to users security compromise and even to conducting trivial code execution on the victim's machine.

  • Language
  • English

Rosario Valotta is an IT security professional with over 12 years’ experience. He has been actively finding vulnerabilities and exploits since 2007 and has released a bunch of advisories and new attack techniques, including:
- Nduja Fuzzer: an innovative fuzzer leveraging on DOM Levels 2 and 3 APIs that proved to be effective in discovering several 0-day vulnerabilities in major browsers
- Cookiejacking, a new attack technique to steal any cookie on Internet Explorer (presented at HITB2011AMS and Swiss Cyber Storm 2011)
- Nduja connection, the first cross webmail XSS worm
- Memova exploit, affecting over 40 million users worldwide
- Outlook web access for Exchange CSRF vulnerability
- Information gathering through Windows Media Player vulnerabilities
The complete list is on the blog: http://sites.google.com/site/tentacoloviola/.

Rosario Valotta Rosario Valotta

Attacks Modeling, Security Metrics Calculation and Visualization in Perspective SIEM Systems

Author: Igor Kotenko

The report covers current research in the field of SIEM systems. The speaker will present new approach to analytical modeling of attacks and defense mechanisms based on the graphs of attacks and services relations, on security metrics calculation, and also on visualization of events and security metrics in promising SIEM systems. The author will outline the ways of practical application of the presented approach. The report includes aspects of software implementation for a new generation SIEM system, developed as a part of the integrated project of the Seventh Framework Programme (FP7).

  • Language
  • Russian

Igor Kotenko is a Professor, Doctor of Technical Sciences, and Head of the SPIIRAS Laboratory of Information Security Issues.
He graduated with honors from the A. F. Mozhaisky Military Space Academy and the Military Academy of Communications. He has authored over 120 publications in peer-reviewed publications including 12 books and monographs. He has participated in various projects on developing new computer security technologies, including: project management in cooperation with the US Air Force Office of Scientific Research under the mediation of the European Office for Aerospace Research and Development; project management of framework programs of the European FP7 and FP6; projects commissioned by HP, Intel, F-Secure, etc. These projects resulted in development of innovative methods for detecting network intrusions, modeling of network attacks, network security assessment, development of security protocols, verification of security policies, etc.

Saint-Petersburg, Russia

Igor Kotenko Igor Kotenko

Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox

Authors: Dmitry Nedospasov, Thorsten Schröder

In the world of embedded security, off-the-shelf solutions often fall short of what is necessary to perform hardware analysis. Common issues include coping with overwhelming amounts data and timing. Generic microcontroller-based tools usually lack performance where as high-end protocol analyzers usually offer great performance, but support only a handful of protocols. At the heart of most high-end tools for hardware debugging and analysis lies an FPGA, so why not build your tools around them?

  • Language
  • English

Dmitry Nedospasov is a PhD student and researcher in the field of IC security at the Security in Telecommunications (SecT) research group at the Berlin University of Technology (TU Berlin) and the Telekom Innovation Laboratories. Dmitry's research interests include hardware and IC reverse-engineering as well as physical attacks against ICs and embedded systems. His academic research focuses on developing new and novel techniques for semi and fully-invasive IC analysis. Most recently, Dmitry was involved in identifying vulnerabilities in the most wide-spread Physically Unclonable Function (PUF) schemes.

Berlin, Germany

Thorsten Schröder has been active as a technical consultant in the field of applied IT-Security for many years. His areas of expertise lie in the verification of software in either source or binary form. More recently, Thorsten's research has resulted in several open source hardware projects, most notably the "Keykeriki", an RF-analysis tool for sniffing and attacking 2.4GHz based radio devices such as wireless keyboards. Thorsten has also been involved in several software reverse-engineering projects such as the CCC's analysis of the German Federal Trojan known as "0zapftis". Thorsten is the co-founder of the Swiss modzero AG, established in 2011, as well as the German branch, modzero GmbH, established in January 2013.

Berlin, Germany

Dmitry Nedospasov,  Thorsten Schröder Dmitry Nedospasov, Thorsten Schröder

Windows File Uploading Out of the Box

Author: Vyacheslav Yegoshin

The report will cover file uploading methods at the post exploitation stage using only out-of-the-box tools in Microsoft Windows environments, as well as security (antiviruses, firewalls, proxies, NATs) bypassing methods and nonstandard situations hindering exploitation.

  • Language
  • Russian

Worked as a maintenance engineer and system administrator at Kaspersky Lab. Now is a specialist of the Penetration Testing Team at Positive Technologies.

Moscow, Russia

Vyacheslav Yegoshin Vyacheslav Yegoshin

Honeypot that Can Bite: Reverse Penetration

Author: Alexey Sintsov

This talk will consider the concept of aggressive honeypot, the main idea of which is that defense can be aggressive, and the options how it may work. The speaker will touch upon such topics as de-anonymizing attackers, filtering and detecting non-bot attacks, determining the attacker’s technical skill level, getting control of the attacker.
Alexey Sintsov will try to answer such questions as who can use these techniques, why they are useful, and how effective it can be. The audience will have a chance to take a look into real experiment, real samples of attacks, and results from the realization of this idea. The speaker will also discuss some more interesting things such as whether one can exploit vulnerabilities of third-party services or only client-side vulnerabilities (all of them can be leveraged, and the audience will be shown how it can be done with real examples).

  • Language
  • Russian

Alexey graduated from Saint-Petersburg State Polytechnic University with a degree in Information Security of Computer Systems department (Russia). Since 2001 he has been working on practical questions in the field of security analysis and searching for vulnerabilities and exploit development. Now he works for Nokia as a Senior Security Engineer and also doing column in the ][akep magazine. Alexey is a co-founder of first Russian DEF CON group — DCG#7812, and is also a co-organizer of the Zeronights conference. Some fruits of his labor can be found here: http://www.exploit-db.com/author/?a=549.

Berlin, Germany

Alexey Sintsov Alexey Sintsov

Five Nightmares for a Telecom

Author: Dmitry Kurbatov

Five Nightmares for a Telecom are five stories on how to intrude into an operator’s network and perform an attack against packet services, how to gain control of the infrastructure, make money with VoIP and self-service portals. Some attacks already have precedents in the past, and others are just a fancy, which we hope will not become a reality.

  • Language
  • Russian

Dmitry Kurbatov is an information security specialist at Positive Technologies, the Department for Network Devices Security Analysis of the Positive Research Center.

Dmitry Kurbatov Dmitry Kurbatov

Vulnerabilities of Android Cryptographic Applications

Author: Pyotr Khenkin

The report will cover the most well-known mobile applications for Android (with the focus on the USA market), which deal with user information — text encoders, user credentials storages, messengers. The results of the performed research show that none of the considered applications complies with the stated characteristics. They include both indirect and direct security threats, which allow accessing confidential data.

  • Language
  • Russian

System analyst at JSC Advanced Monitoring. Graduated from the Academy of Federal Security Service of Russia, has a wide experience in the cryptographic research of algorithms and their implementation in various operating systems. His area of interest also includes information system security analysis and software research in terms of information security.

Moscow, Russia

Pyotr Khenkin Pyotr Khenkin

Bitcoin: Lights and Shadows of Virtual Money

Author: Antonio Teti

For several decades, electronic money has been an illusion chased by all those who believed in the possibility of creating an instrument that can produce momentous upheavals in the field of economics and finance. We have come to the initial phase of this monetary revolution, but the consequences arising from use on a global scale could be particularly dangerous....
Born a few years ago, is being heralded as a Bitcoin virtual currency whose success is surrounded by numerous oddities. The first is its creator: Satoshi Nakamoto. In an article published in October 2011 by The New Yorker, journalist Joshua Davis, who for years have started searching for the elusive inventor of Bitcoin, asserts that "Satoshi Nakamoto" is nothing more than just a pseudonym behind which lurks a group consisting of hundreds of experts in cryptography, peer-to-peer systems and techniques for transaction banking network. Since bitcoins are routed through a peer-to-peer, it remains impossible to trace the movements of electronic money and to disclose the identity of those who carry out transactions.

  • Language
  • English

Head of IT Technical Support at the Gabriele D’Annunzio University of Chieti-Pescara, Antonio Teti provides wide-ranging services of design and consultancy in the ICT sector. Former head of the ECDL/EUCIP (European Certification of Informatics Professionals) Centre of competence at the same university, Antonio provides high-level training in the IT sector. He is a professional member of the Association for Computing Machinery, the New York Academy of Sciences and the Italian Association for Information Technology and Automatic Calculation. A knight of the Order of Merit of the Italian Republic, Antonio Teti was awarded the title of Fellow of the Pontificia Accademia Tiberina and received the “Guglielmo Marconi” Scientific Academic Award of Honour. The author of many publications, Antonio’s most popular books have been adopted by various Italian universities, such as: EUCIP – Il manuale per l’informatico professionista (2005); Business and Information System Analyst – Il manuale per il Manager IT (2007); Network Manager – Il manuale per l’Amministratore di Reti e Sistemi (2007); Management dei servizi IT: dal modello ITIL all’ISO/IEC 20000 (2008); Manuale di investigazione criminale (2008); Sistemi Informativi per la sanità - ECDL Health (2009); and Il futuro dell'Information & Communication Technology – Tecnologie, timori e scenari futuri della global network revolution (2009).

Antonio Teti  Antonio Teti

Peculiarities of the National Hunt

Author: Aleksander Gostev

Answering the question "Who?" is more important for victims of a cyber-attack, than its technical details. Detecting attack sources is mainly based on artifacts in program code or control servers. How do security companies distinguish Chinese attacks from others? Why Red October is created by the Russians? What is the difference between the Persian Gulf and the Arabian one? The talk is based on real investigations by Global Research and Analysis Team of Kaspersky Lab.

  • Language
  • Russian

Chief Security Expert, Global Research and Analysis Team, Kaspersky Lab

Aleksander Gostev Aleksander Gostev

Find Them, Bind Them – Industrial Control Systems (ICS) on the Internet

Authors: Johannes Klick, Daniel Marzin

People involved: Jan-Ole Malchow, Robert Fehrmann, Sascha Zinke, Prof. Dr. Roth

Many industrial control systems are remotely administrated and can be found on the Internet via search engines like SHODAN.
The authors of the research can show the distribution of SCADA/PLC systems over the world with their Industrial Risk Assessment Map (IRAM) using SHODAN. IRAM also shows vulnerabilities and possible exploits.
The speakers will compare the first results of their own SCADACS Search Engine (SSE) with SHODAN.
They are also going to discuss what happens if you combine IRAM, SSE and exploits into one application.

  • Language
  • English

Johannes Klick is a co-founder and Project Manager of the project SCADA and Computer Security Group (SCADACS). Having obtained a Bachelor of Science degree from the Freie Universität Berlin, he went on to achieve his Master of Science degree, focusing on IT and ICS security. Previously, he lectured on Computer Science at his alma mater, and worked as a software engineer and tester at Innominate Security Technologies AG. He is also a winner of a scholarship from the Friedrich Naumann Foundation for Freedom.

Berlin, Germany

Daniel Marzin is a co-founder and Reverse Engineer of SCADA and Computer Security Group (SCADACS). He is a Bachelor of Science of the Freie Universität Berlin, and is studying to achieve his Master of Science degree. Previously, he worked as a software developer at ImmobilienScout 24 and took an internship at Beta Systems Software.

Berlin, Germany

Johannes Klick, Daniel Marzin Johannes Klick, Daniel Marzin

Protecting Organizations from Security Breaches by Persistent Threats, with Examples from RSA

Author: Michel Oosterhof

Each enterprise is serious about protecting its resources, brand and intellectual property. Despite this, incidents happen because attackers also have huge resources to develop the means and methods of attack. The author of the report knows this first hand, because RSA is constantly under the gun attacks. As part of the report, the speaker would like to share his experience and expertise in the prevention, detection and minimize the effects of high profile APT-attacks on corporate and government infrastructure. Based on some use cases (Lockheed Martin and others) he will talk about Cyber Kill Chain concept, discuss typical patterns of attack and methods of reducing the risks associated with industrial espionage and cyber attacks. Also the speaker shares some cases and techniques based on his own experience on running internal EMC CIRC (Critical Incident Response Center).

  • Language
  • English

Michel Oosterhof (CISSP, CISM, CISA, GCIH), is a Senior Systems Engineer with RSA, The Security Division of EMC. He specializes in security analytics and network security monitoring, specifically RSA Security Analytics (formerly RSA NetWitness), and works with a wide variety of customers across Northern and Eastern Europe. His main areas of expertise include security information and event management, network security monitoring, network forensics and incident response. Before joining RSA, he worked for more than ten years at IBM, in various security roles at the Outsourcing, Global Services and Software departments.

Michel Oosterhof Michel Oosterhof

Are ICS Models Needed to Ensure Information Security of Industrial Systems?

Author: Ruslan Stefanov

Specialists face a serious problem while ensuring information security of technological systems — a complete technical audit or testing and implementing of IS components are rarely possible in a production system because operators try to avoid its failures. The speaker will touch upon the problems that occur while simulating threats and testing security solutions: impossibility of threat simulating in production ICSs, problems with software updating, and compatibility of IS solutions with ICSs. He will describe the main approaches to ICS modeling, which allow solving the above mentioned problems, and will provide a short overview of the results obtained during creation of models in Russia and other countries.

  • Language
  • Russian

Ruslan Stefanov graduated from the Moscow Institute of Physics and Technology, worked as an engineer in such companies as Siemens, Alfa Capital, Alfa Bank, Optima. Now he is the Head of the ICS Department at ELVIS-PLUS.

Zelenograd, Moscow, Russia

Ruslan Stefanov Ruslan Stefanov

To Watch or to Be Watched? Turning Your Surveillance Camera Against You

Authors: Sergey Shekyan, Artem Harutyunyan

Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of January 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the similar hardware and firmware setup. Moreover, there are even other devices (such as Internet TV boxes) that use the similar firmware.
Interestingly enough those cameras have little or no emphasis on security. In particular, the web based administration interfaces can be considered as a textbook example of an insecure web application. This easily leads to an exposure of not only sensitive personal information (such as wireless network, FTP, and even email access credentials), but also provides an eye to an inside of your house. Last but not least it can be used to alter the video stream with an external stream or a still picture.

  • Language
  • English

Sergey Shekyan is a Senior Software Engineer for Qualys, where he is focused on development of the company’s on demand web application vulnerability scanning service.
As a side interest, Sergey enjoys researching Application Layer DoS attacks and trying to fix Web browsers. Sergey holds both Masters and BS Degrees in Computer Engineering from the State Engineering University of Armenia. Sergey presented at BlackHat, H2HC, and other security conferences. Blog at http://shekyan.com.

Redwood City, CA, USA

Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analyzing large volumes of data.
Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid computing systems. Artem holds a PhD from State Engineering University of Armenia.

Redwood City, CA, USA

Sergey Shekyan, Artem Harutyunyan Sergey Shekyan, Artem Harutyunyan

Lie to Me: Bypassing Modern Web Application Firewalls

Author: Vladimir Vorontsov

The report considers analysis of modern Web Application Firewalls. The author provides comparison of attack detection algorithms and discusses their advantages and disadvantages. The talk includes examples of bypassing protection mechanisms. The author points out the necessity of discovering a universal method of masquerading for vectors of various attacks via WAFs for different algorithms.

  • Language
  • Russian

Vladimir Vorontsov is the founder, head and leading expert of the company ONsec. He is engaged in researche in the field of web application security since 2004. The author of many studies in the field of web application security. Awarded by Google for identifying vulnerabilities of their browser Chrome; by the company Yandex for achievements in the competition "Vulnerability Scan Month”; by Trustwave for the achievements in ModSecurity SQLi Challenge, "1C Bitrix" for successful participation in the competition for the circumvention of proactive protection. At the present time he is actively engaged in the development of self-learning systems for detecting attacks on Web applications and heuristic analysis.

Vladimir Vorontsov Vladimir Vorontsov

Evading Deep Inspection for Fun and Shell

Author: Olli-Pekka "Opi" Niemi

The Evader was released at Black Hat 2012. It is a freely available test and research tool for measuring middle-box security device’s protocol analysis capabilities. The Evader is an excellent tool for anyone doing defensive security to find weaknesses in defenses and it is suitable for penetration tests and security audits. In the presentation the speaker will go into technical details of the Evader and evasions and disclose evasions that still work with most of today’s security boxes.

  • Language
  • English

Olli-Pekka "Opi" Niemi has been working in the area of Internet security since 1996. He has been doing offensive security as a penetration tester and defensive security as system administrator. Since December 2000, he has been working for Stonesoft R&D developing intrusion prevention systems. He is currently heading Stonesoft’s Vulnerability Analysis Group (VAG). His main R&D interests are analyzing network based threats as well as evasion research. In his free time the family comes first, but he also enjoys fishing, horseback riding and playing the piano. Opi has been giving presentations in various conferences such as T2, DeepSec and SIGCOMM.

Olli-Pekka "Opi" Niemi Olli-Pekka "Opi" Niemi

Java Everyday. System Analysis of Java 0-day Exploits

Author: Boris Ryutin

Co-author: Alisa Shevchenko

The report will cover the results of the system analysis of all zero-day vulnerabilities found in Java in 2012 and 2013 (CVE-2013-1493, CVE-2013-0431, CVE-2013-0422, CVE-2012-5076, CVE-2012-4681, CVE-2012-1723, CVE-2012-1507). The aim of the research was to find out regularities pointing out the same resource or the same method of vulnerability data search.

  • Language
  • Russian

Boris Ryutin graduated from the Faculty of Aircraft and Rocket Engineering, BSTU "Voenmekh" in 2009 (speciality "Flight Dynamics and Aircraft Traffic Control"). He is an analytical engineer at Esage Lab, a regular author of the "Hacker" magazine. Teaches malware code analysis. He was awarded by Yandex for achievements in the Bug Bounty Program.

Kolomna, Russia

Boris Ryutin Boris Ryutin, Alisa Shevchenko

Attack Modeling. Artificial Intelligence Against Natural Errors

Author: Yevgeny Tumoyan

Co-author: Darya Kavchuk

The talk covers the problem of attack modeling and the prospect of solving the problem in relation to security and risk assessment. The speaker will discuss main existing attack models and modeling tools, and also the problems of their implementation in the practical assessment of computer system security.
The talk considers the possibilities of applying artificial intelligence for computer attack modeling. The author of the research will present and analyze a new attack model based on neuron nets.

  • Language
  • Russian

Yevgeny Tumoyan is a Master of Science, associate professor of the IT Security Department of the Southern Federal University, senior staff scientist of the Southern Russain Scientific and Educational Center for Information Security of the Southern Federal Univarsity.

Taganrog, Russia

Darya Kavchuk is a graduate student of the Southern Federal University (Taganrog, Russia).

Yevgeny Tumoyan Yevgeny Tumoyan, Darya Kavchuk

HOWTO. High Packet Rate on x86-64: Clearing the Bar of 14.88 Mpps

Author: Alexander Lyamin

Since new tools like netmap и PF_RING DNA became available for intruders, attacks leveraging multiple packets of minimum size have been gaining greater popularity. What is the mechanism of such attacks and which vulnerabilities in the design of modern server platforms do they exploit? What to oppose them by, having a vanilla Linux kernel and standard Intel equipment in hand? How, with usual equipment, to reach the maximum packet rate for a 10GbE environment — 14.88 Mpps? What restrictions such a solution will have and how to overcome them?

  • Language
  • Russian

Alexander Lyamin is the head of the Highload Lab. Previously he managed projects in the company Astrum Online Entertainment, dealt with web applications' platform IT-architecture, advised groups of external developers, launched a number of Russian Internet service providers (Comstar, Teleport-TP, Cityline), and worked on the creation of the first Russian multiservice ATM-network at Moscow State University. His research projects include Mirnet, Net Surveyor, IPv6 testing ground, RFBR IP QoS research grants, and participating in the development of ReiserFS (DARPA grant).

Alexander Lyamin Alexander Lyamin

DIY Industrial IPS

Author: Dmitry Dudov

As ICS moves into TCP/IP, its security becomes a vital issue. Many protocols designed to control and monitor critical processes do not employ encryption or authentication system. This makes it easy for an attacker to hijack sessions, modify data and inject malicious packets. Security related solutions for protocols are entering the market. Are they really effective? And if not, is it possible to perform all the necessary functions using standard network equipment?

The speaker will examine attack scenarios at the application level and their impact, taking Modbus (Modbus TCP) as an example. He will demonstrate how to develop and test the signatures employed by most of the current intrusion prevention systems. In conclusion, the speaker will compare the final set of signatures for Modbus TCP security with the set from the leading information security vendors.

  • Language
  • Russian

Dmitry Dudov has been engaged in information security since 2008. He has taken part in several projects related to the security of information systems, including creation of a complex protection system for the IT infrastructure of an international oil transport company, as well as a protection system for the technological networks of a large electric power holding company in Russia. Now he is a leading SCADA security engineer at AMT Group.

Dmitry Dudov Dmitry Dudov

Who's Looking at You, Kid?

Author: Jeff Katz, aestetix

Do you carry a cell phone, an RFID badge, or do anything that could be tracked? Did you ever think about how that data could be used? This talk will explore findings from the OpenBeacon project, a real time location aware tracking system the speakers have deployed at several conferences. Jeff Katz and aestetix will show demos of visuals they have created, teach the technology behind their infrastructure, and show how easily an innocent gadget can be turned into a powerful tool.

  • Language
  • English

aestetix has been involved in the OpenBeacon project since 2008, when he joined the deployment at The Last HOPE conference in New York City. Since then, he has been involved in several deployments, as well as working in privacy and names issues within NSTIC, an online identity organization.

Jeff Katz has been involved in the OpenBeacon project since 2011, when he joined to aid the deployment at BruCon in Brussels. He is a full-stack guy, but his main contributions for OpenBeacon are the development of new hardware platforms and visualization software.

Jeff Katz,  aestetix Jeff Katz, aestetix

SAP Attacks Methodology

Authors: Dmitry Gutsko, Oleg Klyuchnikov

The report will cover methods of conducting typical attacks against SAP systems and necessary tools. These methods have been successfully tested on real systems. They use both well-known and absolutely new hacking mechanisms. The report will touch upon such topics as direct database access, password hijacking via a network, hash hacking, bypassing clients security, bypassing systems security, hiding evidence of presence in a system, hacking with the transport directory. Moreover, it will expose new attack methods that have not been published yet.
The report is primarily aimed at SAP technical specialists and information security specialists.

  • Language
  • Russian

Dmitry Gutsko and Oleg Klyuchnikov are information security experts at Positive Technologies.

Dmitry Gutsko, Oleg Klyuchnikov Dmitry Gutsko, Oleg Klyuchnikov

(In)security of Appliances

Author: Alexander Antukh

It is not news that software can be insecure. Numerous security advisories posted each day illustrate this fact.
But for security software this picture ought to be different. Its purpose is to offer secure access to our network, it protects us from malware threats, protects our emails and our crown jewels.
Such systems are supposed to be designed and developed with security in mind and should not be filled with vulnerabilities.
Let us take you on a journey into the mists of security products. Follow us while we unveil the mystery and demonstrate how security products suddenly can become the weakest link in your defense; how attackers can abuse security products in order to gain access to your network and your crown jewels.
Whilst this journey, the speaker will disclose some impressive vulnerabilities in products by F5 Networks, Symantec, and others.

  • Language
  • Russian

Alexander Antukh is a graduate of the Bauman Moscow State Technical University, works as an information security expert at the company "Monitor Bezopasnosty". Previously worked as a Malware Analyst and Vulnerability Researcher at Kaspersky Lab. Organized Defcon Moscow (DCG #4919).

Alexander Antukh Alexander Antukh

Industrial Protocols for Pentesters

Authors: Alexander Timorin, Dmitry Yefanov

The report includes a general overview of the current situation with SCADA — the largest vendors, vulnerability statistics. The analysis of the main industrial protocols (Modbus, DNP3, S7, PROFINET) is described in details. Some interesting features and vulnerabilities of the protocols are analyzed from the point of view of a pentester. The authors of the report will speak about a protocol analysis technology and about used tools. They will also demonstrate software, developed in the course of their researches.

  • Language
  • Russian

Alexander Timorin graduated from the Mathematics and Mechanics Department of the Ural State University in 2004 (specializing in System Programming). He was engaged in the development of applications for Oracle, of the web configurator of an IP telephony system, and of IBM WebSphere. Now he is the Lead Specialist of the Security Assessment Department at Positive Technologies.

Moscow, Russia

Dmitry Yefanov graduated from the Institute of Cryptography, Communications and Informatics, Academy of Federal Security Service of Russia in 2006 (specializing in Information Security). Now he is the Head of the Network Application Security Analysis Team at Positive Technologies.

Moscow, Russia

Alexander Timorin, Dmitry Yefanov Alexander Timorin, Dmitry Yefanov

One More Weakness in Modern Client-Server Applications

Author: Anton Sapozhnikov

The speaker will present a post-exploitation technique which allows you to hack your favorite application server and get sensitive information through pwned client and at the same time bypass firewall restrictions, leave no trace in logs and bypass many-factor authentication to exfiltrate a lot of private data.
Did you hear about modern techniques utilized by Caberp or Zeus to hijack banking apps and bypass two-factor authentications and other security features? The speaker will raise them to the level of enterprise applications such as Oracle DBMS or similar.

  • Language
  • Russian

Anton Sapozhnikov has more than 6 years of experience in penetration testing. He worked with many companies from Fortune Global 500 list. In his spare time he participates in CTFs with More Smocked Leet Chicken.

Moscow, Russia

Anton Sapozhnikov Anton Sapozhnikov

Building a GRC System for SAP

Author: Alexey Yudin

The report will cover the issue of GRC systems. The speaker will describe the solutions existing on the market and explain why they are hardly suited for business. He will use the SAP ERP system to exemplify creation of a self-developed GRC system. The author will touch upon such processes as access control and fraud management, as well as segregation of duties by means of SAP, will consider typical fraud schemes and their detection methods in terms of SAP HCM and SAP MM.

  • Language
  • Russian

Alexey Yudin is the Head of the Database and Business Applications Security Department at Positive Technologies.

Alexey Yudin Alexey Yudin


Download the full program in PDF.

Levels.

Download all presentations.

Cyberwar. Yesterday, Today and Tomorrow

Moderator: Andrey Manoilo

The cyberwar stepped out from fiction into the real world long ago. What is in store for us today and tomorrow? What scenarios will cyberwars develop according to? Is cyberweapon a storm in social networks or a weapon of mass destruction? What is cyberweapon potential of different countries? Who will win?

Participants:

  • Alexander Gostev, Chief Security Expert at Kaspersky Lab, with the report "The Hunt for Red October". Presentation;
  • Yevgeny Venedictov, deputy coordinator of the Moscow City Department of the Political Party LDPR;
  • Andrey Manoilo, Moscow State University, with the report "Information and Psychological Warfare: International Conflicts of the New Generation";
  • Marianna Kochubey, CIS Anti-Terrorism Center;
  • Alisa Shevchenko, Research Director, Tsifrovoye Oruzhie i Zashchita.

  • Language
  • Russian

Subdean of the Faculty of Political Science of Moscow State University, Editor-in-Сhief of the scientific and political magazine "Mir i Politika" (The World and Politics, mir-politika.ru); Doctor of Political Science, Professor. Area of interest: international relations, international conflicts, information wars, psychological operations. Primary publications in relation to information wars: State information politics under the conditions of information–psychological war (M., 2003), Operations of information and psychological warfare (M., 2004; co-author).

Moscow, Russia

ICS Security – an Oxymoron or the Task of the Decade?

Author: Garald Bandurin

Currently information security industry community is getting more and more interested in ICS/SCADA security. There are several reasons for this: increase in automation of processes, growth in the number of attacks and incidents, and clearly defined interest of the government. However, brief experience in the sphere of ICS systems security gained by information security specialists does not allow us to distinguish marketing tricks from real threats and to realize that well-known approaches and solutions are hidden behind new terms. Where is the line between ICS systems security and general IT security? What are the features of industrial systems — the object to be protected? What methods can be used, and what solutions should be adapted or developed from scratch?

Moderator: Garald Bandurin, CIO at RusHydro.

Participants:

  • Sergey Mikhailin, Head of Automation Systems Department at Siemens LLC;
  • Igor Kalaida, CEO at LLC RISMCS;
  • Andrey Dukhvalov, Technology Development Specialist at Kaspersky Lab;
  • Sergey Gordeychik, CEO at Positive Technologies.

  • Language
  • Russian

Garald Bandurin is the CIO at the RusHydro company.

Garald Bandurin Garald Bandurin

Is SDLC a Whim, a Vagary of Fashion, or Regulatory Bodies' Requirement?

Author: Alexey Lukatsky

The SDLC issue stormed into the information security industry of Russia like special forces into an at-fault company — quickly, unexpectedly, and irrevocably. Today many of us speak about secured development, static and dynamic analysis, and developers training. Some touch upon this issue because it has become very topical. Some deal with it because it has been included into the regulative documents of FSTEK or because of serious concern about their software security and resistance to targeted or random attacks. What is a correct systems development life cycle (SDLC)? What components is it composed of? How to automate this task? What rocks are hidden? What are the best practices of the world's famous companies? All these questions will be covered by the specialists of the companies known in Russia and other countries.

Participants:

  • Anton Karpov, the Head of Information Security Service of Yandex;
  • Denis Baranov, Positive Technologies;
  • Alexey Lukatsky, security consultant at Cisco;
  • Rustem Khairetdinov, Appercut Security, CEO.

  • Language
  • Russian

Alexey Lukatsky is an information security business consultant at Cisco. He participates in the development and examination of legal acts in the field of information security and personal data. He published more than 600 articles and 5 books on information security. He is the author of many courses on information security, including “Measurement of IS efficiency”, “Threat modeling”, “Management of IS incidents”, “How to connect security and business”, “The secrets of personal data laws”, etc.

Alexey Lukatsky Alexey Lukatsky

The Certified and the Protected, or From Theory to Practice

Author: Vitaly Lyutikov

Section

Modern information technology and information security systems need constant updating: new features are required, vulnerabilities and threats are discovered, software and hardware errors are fixed, knowledge databases are updated. In case of state IT systems and personal data processing systems, their use is complicated by the laws of the Russian Federation related to certified means of information protection. So practical updating of such information protection systems becomes problematic. Do the existing schemes of certification and distribution of information protection systems allow solving this problem? Are the developers of information protection systems and testing laboratories ready to it? What does international experience give evidence of? All these questions will be discussed at a round table meeting with the representatives of regulating bodies, leading international companies engaged in development of information protection systems, testing laboratories, information technology and information security integrators.

Moderator: V. Lyutikov, Head of Administration of the FSTEK of Russia

Speakers:

  • D. Gusev, Deputy Director General at Infotecs;
  • D. Kuznetsov, Deputy CTO at Positive Technologies;
  • I. Trifalenkov, Head of the Information Security Department, the Information Society project, Rostelecom OJSC;
  • M. Kader, Honored System Engineer at Cisco;
  • A. Sidak, Deputy Information Security Chairman at the Information Security Center (CBI)."

  • Language
  • Russian

Vitaly Lyutikov is the Head of the Administration of The Federal Service for Technical and Export Control (FSTEK of Russia).

Vitaly Lyutikov Vitaly Lyutikov

The Role of the Young of Today on the Information Security Market of Russia

Author: Alexey Lukatsky

The information security industry will very soon undergo major transformations, which will radically change the views of many specialists of the field. Stuxnet, Duqu, Flame, Red October, Wikileaks, Moonlight Maze, Aurora…. Attacks become more and more sophisticated, while protection techniques remain the same. Same people who have given so many years to serve their country, same documents that have not been amended since the '90s…. Decrease in education quality, focus on red tape security…. Under such conditions, young people feel they are not wanted. They do not understand what they can do for their homeland. It is natural that many undergraduates wish to use their knowledge to earn money, which leads them to criminal business, to cybercrime. How to fight against this problem? How to find a use for young people’s skills and knowledge? These matters will be discussed at the round table, to which representatives of the main IT companies of the country are invited.

The moderator is Alexey Lukatsky, an information security business consultant at Cisco.

Participants:

  • Ruslan Gattarov, a member of the Federation Council;
  • Representatives of the Ministry of Communications and Mass Media, FSB’s Information security center, Security Council, Positive Technologies, Defcon Russia and ruCTF.

  • Language
  • Russian

Alexey Lukatsky is an information security business consultant at Cisco. He participates in the development and examination of legal acts in the field of information security and personal data. He published more than 600 articles and 5 books on information security. He is the author of many courses on information security, including “Measurement of IS efficiency”, “Threat modeling”, “Management of IS incidents”, “How to connect security and business”, “The secrets of personal data laws”, etc.

Alexey Lukatsky Alexey Lukatsky

Information Security Market: Trends, Questions, and Answers

Author: Veniamin Levtsov

Section

As part of the section, the leading vendors of the information security market will represent their products and solutions:

  • "Protection From External Threats in the Virtual Environment: Key Features and Approaches to Implementation", Veniamin Levtsov, Global Business Development Director at Kaspersky Lab;
  • "RSA Security Analytics: New Approach to Information Security Monitoring", Michel Oosterhof, Senior Systems Engineer with RSA, the Security Division of EMC;
  • "Marketing and Security Realities, or Why Networks Can Still Be Hacked", Mikhail Romanov, Director of Business Development in Russia, CIS and Baltic States at Stonesoft;
  • "Not All of Us Will Pass Away, but All Will Change. How Should an Information Security Integrator Change in Terms of IT Market Development?", Roman Kobtsev, Director of the Business Development and Marketing Department at ELVIS-PLUS;
  • "Cisco's Unknown Product, Which Allows You to be Timely Notified about Vulnerabilities in Your Very Own Systems", Alexey Lukatsky, information security business consultant at Cisco.

  • Language
  • Russian

Global Business Development Director at Kaspersky Lab

Veniamin Levtsov Veniamin Levtsov

Information Security in Italy According to the Authority for the Communications

Author: Filippo Lucci

The talk covers the peculiarities of applying local and international information security laws in the field of telecommunications. Filippo Lucci will share the experience of the Regional Committee for Communications (Co.Re.Com.) of the Italian region Abruzzo.

  • Language
  • English

President of the Abruzzo Regional Committee for Communications

Filippo Lucci Filippo Lucci

Inspections of Regulatory Bodies

Moderator: Andrey Fedichev

Section

Inspections of regulatory bodies leave a trail of myths behind them, people tell all sorts of tales about them. What really happens when the zero hour comes? How to prepare yourself for such inspections and how to use their results to improve security?

Participants:

  • Dmitry Kuznetsov, Deputy CTO at Positive Technologies;
  • Yevgeny Kraynov, Head of the Information Security Department, Rosfinmonitoring.

  • Language
  • Russian

Andrey Fedichev is deputy head of administration in Federal Service for Technical and Export Control (FSTEK of Russia).

Banking Applications and Cybercrimes: Which will Win?

Author: Artyom Sychev

Section

Leading experts from different countries will discuss bank security problems and offer their solution strategies as part of the section. Topics for discussion: peculiar features of bank fraud in Russia and its prevention, core banking and remote banking security. A contest will be held at the end of the meeting. Its participants will need to hack the remote banking system of a simulated bank and withdraw its monetary funds. The system has been created specifically for the contest. It contains real vulnerabilities and flaws detected by the specialists of Positive Technologies in the course of pentesting and monitoring compliance with PCI DSS and STO BR.

Participants:

  • Dmitry Kuznetsov, Deputy CTO at Positive Technologies;
  • Andrey Khokhlov, Deputy Head of the Product Development Department at BSS;
  • Eric Anklesaria, Partner, Ernst & Young. Presentation;
  • Team Lead of Analytics Group Security Assessment Division Positive Technologies. Presentation.

  • Language
  • Russian

Artyom Sychev is the Deputy Director of the Security and Information Protection Department, Bank of Russia. He was born in Moscow in 1969 and has over 15 years’ experience in the field of banking systems’ information security. Since 1999 he has held a candidature in technical sciences (with a thesis on firewalls). He took an active part in the development of a set of documents on the standardization of information security for the Bank of Russia. Associate Professor of Bauman Moscow State Technical University, a prize-winner of the professional award of the IS "Silver Dagger." He is a board member of the inter-regional public organization Association of managers of information security services.

Artyom Sychev Artyom Sychev

Better to See Once

Author: Andrey Abramov

Based on the best materials of the Positive Hack Days III forum, this presentation will offer participants the cutting edge feats of hacking and the most relevant studies in the information security field.

Participants:

  • Andrey Bezborodov;
  • Alexander Raspopov (Positive Technologies) with a talk on DVRs.

  • Language
  • Russian

Head of the Department of Advanced Developments, Positive Technologies

Andrey Abramov Andrey Abramov

Cybercriminals vs Cybersleuths: What to Do to Win

Author: Ruslan Stoyanov

The report touches upon the main stereotypes of the society related to cybercriminals and cybercrimes, as well as upon true stories such as how to find oneself in the dock due to paranoia. The specialist of Kaspersky Lab will draw a parallel between traditional criminal investigation and computer forensics, will cover the peculiarities of search and capture of cybercriminals, and will tell how to stay unnoticed in the global network in terms of rapid IT development.

  • Language
  • Russian

Ruslan Stoyanov is the Head of Investigation Unit at Kaspersky Lab.

Moscow, Russia

Ruslan Stoyanov Ruslan Stoyanov

Software Development Life Cycle with a Tinge of Application Security

Author: Mushtaq Ahmed

Security flaws can be found in different parts of an application, infrastructure or in business process flow. Business process security flaws can be menacing to the business in multiple ways and the report focuses on multiple areas of application security and business process flaws which lead the business to bleed. The report will discuss ways to distinguish between a business security flaw or a business strategy. Old flaws might still prevail in todays advanced software’s and systems can become the Achilles heel for the business. The report addresses the issue of how integrating security in SDLC can help plug the security flaws and improve a company’s security posture for an in-house software development organization. The report will also look at in-house vs. outsourced development and the clients concerns. The speaker will offer a checklist for outsource software development.

  • Language
  • English

Mushtaq Ahmed is working for Emirates Airlines in the IT Security and Risk Management Department with over a decade of IT experience specializing in the field of application vulnerability management. This includes assessment of e-commerce applications, critical tier business applications, secure code reviews, application security architecture and complete pre-production review process and leading the security engineering domain. Prior to joining Emirates Group, Mushtaq was working with DELL International's global development center in Hyderabad, India. He was responsible for leading security code requirements compliance, verification and approvals for 2,000 software engineers. He was a key member in implementing one of the world's largest security development lifecycle programs. He worked for blue chip companies such as DELL and GE at lead capacities, and brings with him a wealth of information security expertise which encompasses end to end application security life cycle management. He has a master's degree in Computer Applications from Andhra University and also has a master's degree in Business Administration from the esteemed IIM Calcutta adding to the industry renowned certifications such as CSSLP, CEH, CCNA, and Certified Web Method Developer. He is an all-rounder security professional with holistic hands-on information security and risk management experience.

UAE

Mushtaq Ahmed Mushtaq Ahmed

Is it Possible to Protect Secrets in Russian Court?

Author: Mikhail Yemelyannikov

The report considers the Trade Secret Law requirements and certain judgments delivered by Russian courts of different jurisdictions — from district courts through to the Constitutional Court. The judgments show how taking certain measures stipulated by law or failure in taking them led to restoration of rights, denial of such restoration or to initiation of various punitive proceedings.

  • Language
  • Russian

Mikhail Yemelyannikov was born in Moscow in 1955. In 1977 he graduated from the Technical Department of the Higher School of the KGB (now the Institute of Cryptography, Communication, and Informatics of the FSB Academy) specializing in applied mathematics. From 1977 to 1998 he served in the General Staff of the Armed Forces of the USSR and the Armed Forces of the Russian Federation starting as a department officer over to the deputy head of a separate directorate. He was engaged in, what it is now called, information security, namely, in secrets protection using legal, organizational, and technical measures. Mikhail Emelyannikov was a Board Member of the Training and Methodological Association of Universities in Russia occupied with information security education. He was responsible for information security in Svyazinvest from 1999 to 2006 holding the position of the division head of the management company security department, and then the position of the security deputy director general in Svyazintek, the company’s system integrator. He was a member of steering committees that were occupied with development of integrated billing and ERP systems of the holding. From March 2007 to February 2011 he worked in Informzaschita (business development director is his latest position). He was a chairman of the program committee of the international exhibition and conference Infosecurity Russia in 2005—2009, Infobez Expo in 2010, a chairman of the program committee of the international exhibition and conference Security and Trust when using Infocommunication Networks and Systems from 2005 to 2008. He was the first in Russia who developed such training courses as Implementation of the Commercial Secret Mode in a Company and Personal Data Protection. Now he is a managing partner of a consulting agency named Emelyannikov, Popova and Partners, and an expert in information and business security.

Mikhail Yemelyannikov Mikhail Yemelyannikov


Download the full program in PDF.

Levels.

Download all presentations.

Android Application Security

Author: Artem Chaikin

The hands-on lab will help the participants to master the main techniques of application security analysis and Google Android forensics. The hands-on lab will incorporate the demonstration of typical vulnerabilities, which the experts of Positive Technologies detect in the course of security analysis, including vulnerabilities in Chrome for Android fixed by Google recently and 0-day vulnerabilities.

  • Language
  • Russian

Artem Chaikin is the Lead Specialist of the Web Applications Security Analysis Team at Positive Technologies.

Moscow, Russia

Artem Chaikin Artem Chaikin

Sqlmap — Under the Hood

Author: Miroslav Štampar

The speaker will present in-depth analysis of capabilities and inner workings of sqlmap. Features, resulted from years and years of hard work and careful listening to the requests of a large user's community, often taken for granted and/or hidden from a plain sight, will all be presented at one place.

  • Language
  • English

Miroslav Štampar is a professional software developer and security researcher, born 1982 in Vukovar, Croatia. Achieved a Master's Degree in Computer Science at the Faculty of Electrical Engineering and Computing (FER) at the University of Zagreb, Croatia in 2005. Currently a PhD student there with majors in security and parallelization. Earned a prestige Microsoft Certified Solution Developer for Microsoft .NET certificate in 2007, and from that time he has been working for AVL (www.avl.com), the world's largest privately owned and independent company for the development of powertrain systems with internal combustion engines, as well as instrumentation and test systems. To satisfy his urge toward security related subjects, he is one of the developers at the widely used open source project for automated detection and exploitation of SQL injection flaws called sqlmap (www.sqlmap.org), constantly developing and improving it since December of 2009.

Zagreb, Croatia

Miroslav Štampar Miroslav Štampar

How to Develop a Secure Web Application and Stay in Mind?

Author: Vladimir Kochetkov

This hands-on lab covers issues of ensuring web application security throughout the whole development cycle. It touches upon hands-on approaches to detection and elimination of code vulnerabilities. Such approaches comply with the recommendations of Microsoft Security Development Lifecycle. Web application developers and researchers, who want to gain experience in secure code construction and in security analysis of projects by means of white-box testing, are invited to participate in the lab. It is based on Microsoft ASP.NET (Web Pages, Web Forms, MVC, Entity Framework, SignalR), however, it hardly focuses on environment features, so developers and researchers specializing in other web technology stacks may be also interested in it. Each vulnerability class is exemplified by zero-day vulnerabilities in well-known products, web engines and vulnerable web applications specially developed for training.
In the course of the practical part, the author will demonstrate the most interesting attacks as well as all considered practices and techniques of code handling.

  • Language
  • Russian

An expert of Positive Research Center (Positive Technologies), member of the PHDays HackQuest developers team. Specializes in web application source code analysis and Microsoft technologies security research, develops automation tools for web application security analysis, contributes to the project of development of the Nemerle programming language.

Rostov-on-Don (Russia)

Vladimir Kochetkov Vladimir Kochetkov

Cyber Forensics: Basics

Author: Alexander Sverdlov

Network Forensics Labs
- network forensics with xplico — demo, lab
- network forensics with NetworkMiner
- some challenges for all attendees

Memory Forensics Labs
- live memory forensics — using DumpIT and Memorize by Mandiant
- memory forensics from a cold computer (after being shut down)
- Labs
  
Disk image forensics with OSForensics (the free version)
  - demo, LAB - Challenge

  • Language
  • English

Alexander Sverdlov is a professional security consultant and trainer. He created and presented the 5-day “Computer Crime and Fraud Prevention” course for Moneybookers (Skrill) and a custom course for ING Insurance Bulgaria. Participated in IT security audits, managed vulnerability reporting and remediation for Microsoft Windows servers, Unix servers and Database servers while working for HP Global Delivery Center EOOD.
Alexander is a CEH, CHFI, MCSE and MCTS certified specialist and the author of numerous articles on information security. All his knowledge on the sphere comes from self-motivated training.

Sofia, Bulgaria

Alexander Sverdlov Alexander Sverdlov

SAP Attacks Workshop

Author: Vyacheslav Mavlyanov

SAP ABAP attack implementation - Detecting available SAP services (by IP range) - Connecting to Oracle without authentication - Brute force of service users’ passwords in Oracle - Detecting accounts (method from the CEH course) - Password hijacking via Wireshark - Brute force of passwords from USR02 - Running OS level programs - RFC connections analysis (credentials storage) Exploiting SAP NetWeaver 7.0 vulnerabilities - Detecting running Java services - Obtaining information by analyzing logs in a SAP Java applet (without authorization) - Obtaining and analyzing logs as an authorized user with minimum privileges (Java) - HTTP request forgery in SAP Java services - Obtaining OS access by exploiting vulnerabilities in services - Analyzing Java Secure Storage Exploiting transport system vulnerabilities - Peculiarities of the landscape of SAP and transport subsystem - Creating administrative user via transport request forgery

  • Language
  • Russian

Vyacheslav Mavlyanov is a Lead Information Security Expert of the Database and Business Applications Security Department at Positive Technologies.

Moscow, Russia

Vyacheslav Mavlyanov Vyacheslav Mavlyanov

Shellcode Mastering

Author: Anton Dorfman

The hands-on lab will focus on the fundamentals of shellcode writing specifically for x86 processors, as well as main problems that arise in the course of shellcode creation and problem-solving techniques. The emphasis will be on creating minimum size shellcodes. An example of shellcode optimization will be provided. The participants of the hands-on lab will have a chance to put the acquired knowledge into practice by optimizing a shellcode piece themselves.

  • Language
  • Russian

Anton Dorfman is a researcher, reverser and assembly language fan. He was born in Togliatti in 1978, graduated from the Samara State Technical University with honors in 1999. He has lectured in his alma mater since 2001, performs practical and scientific research in the field of software information security, has published more than 50 papers, is one of few Russian lecturers on reverse engineering who authored the course himself.
Anton Dorfman successfully defended his master's thesis on computer viruses and the ways they affect victims (on the basis of reversing top 500 viruses), and also on techniques of their detection and modeling their behaviors via an original mathematical instrument. He currently works on his PhD thesis on the topic of the basics of the theory of viruses and binary vulnerabilities.
He has been an organizer and playing coach of SSTU student CTF teams since 2009. Teams' achievements: 1st (Magic Hat) and 3rd (0DEADBEEFh) places in the regional competition Volga CTF 2011, 2nd place in Volga CTF 2012, 11th place in the international competition iCTF 2011 (4th result among the Russian teams) together with the team Koibasta, 22nd place in RuCTFE 2012. Also, Anton was the third in the contest Best Reverser at PHDays 2012.

Samara, Russia

Anton Dorfman Anton Dorfman

Windows Kernel Boot Camp

Author: Artem Shishkin

Training plan
- General training (adjusting your OS and debugging tools settings)
- Weapon usage guide (developing WinDBG skills)
- Terrain orientation (kernel information collecting)
- Know your enemy (OS kernel protection mechanisms)
- Combat tactics (exploitation peculiarities)
- Exercises (an example of exploitation of a kernel component vulnerability)

  • Language
  • Russian

Artem Shishkin is an Information Security Specialist at Positive Technologies. Having started from system programming and obtaining the certificate MCTS: Windows Internals, he still focuses on Windows OS research, its internal mechanisms and vulnerabilities. Artem admires the kernel, pool corruptions, and synchronization. Doesn't like Intel SMEP, tries to avoid it.

Moscow, Russia

Artem Shishkin Artem Shishkin

Internet Competitive Intelligence

Author: Andrey Masalovich

By using practical examples, participants of the lab will acquire the skills of using analytical technologies in solving real problems of competitive intelligence, including methods for rapidly detecting confidential information leaks, fast-detection of open partitions on servers, methods of penetration on the FTP server without hacking protection; password leak-detection techniques; methods of access to confidential documents via bypassing DLP; means of penetrating into sections behind 403 error messages. Techniques are demonstrated on examples of portals of certainly well-protected companies (such as the leaders of the IT and IS markets, large state organisations, intelligence services, etc.).

  • Language
  • Russian

Andrey Masalovich has a Ph.D. in Physics and Mathematics, he is a member of the Board of directors of "DialogueScience", and head of the Competitive Intelligence sector of the Academy of Information Systems. He has supervised a number of successful projects in the analytical equipment of banks, financial-industrial groups, major network of trade retailers and government organizations. In the past he was a FAPSI Colonel, Commander of the Order "Star of the Glory of the Fatherland", winner of the scholarship of Sciences "Outstanding Scientist of Russia" (1993). Author of numerous publications on the problems of search and analysis of data. Conducted seminars in several universities in Russia (Academy of National Economy, Moscow State University, MAI) and in the USA (Harvard, Stanford University, Georgia Institute of Technology, Texas A&M University).
An expert for  RFBR, INTAS, ITC UN, APEC.

Moscow, Russia

Andrey Masalovich Andrey Masalovich

RFID Workshop

Author: Nahuel Grisolía

Enter the world of the NFC technology (Near Field Communication), focusing on high frequency RFID. Also, the low frequency band will be reviewed because of its well-known use in individual physical access to buildings.
The range of topics will vary from the use of traditional NFC 13.56 MHz readers, their API and proprietary software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other RFID uses and practical ideas.
Part of the lab will focus on NXP MIFARE Classic technology, used worldwide for micropayments, building physical security and public transport.
At the end, some case studies will be considered, using different methodologies and lessons learned related to reverse and social engineering.

  • Language
  • English

Nahuel Grisolía is 27 years old. He works for an insurance company in Argentina and also runs his own enterprise, Cinta Infinita, doing penetration testing, training courses and security research.
He has delivered trainings in a number of conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), etc.
In the research field, he specializes in Web application security and hardware hacking. He has discovered vulnerabilities in McAfee Ironmail, VMWare and Manage Engine Service Desk Plus, and also in free software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket.
Currently, he is half of an Information Systems Engineer and holds a CEH and a private pilot certification.

Nahuel Grisolía Nahuel Grisolía

Analyzing $natch

Author: Sergey Shcherbel

Following the $natch competition, this hands-on lab will consider vulnerabilities of PHDays iBank 2.0 in details. The participants of the lab will learn how to exploit the vulnerabilities and replicate the success of the competitors.

  • Language
  • Russian

Sergey Scherbel is a security expert with the company Positive Technologies. Hу specializes in application security, penetration testing, analysis of web applications and source code. Sergey is a member of the development PHDays CTF team.

Sergey Shcherbel Sergey Shcherbel


Download the full program in PDF.

Levels.

Download all presentations.

Playing with In-Flight Entertainment Systems

Authors: Mr. Anonymous and Mr. Bnonymous

How does the Internet work on a plane? What a strange movie box is in the chair in front of you? Can we play with it for fun and profit? How to steer an aircraft via network? Wanna know? The speakers can help! Stop. Not about the last one. We do not know yet.

  • Language
  • English

"We do not forgive. We do not forget. Expect us."

Mr. Anonymous and Mr. Bnonymous Mr. Anonymous and Mr. Bnonymous

A Dozen of Ways to Overcome DLP Systems

Authors: Alexander Kuznetsov, Alexander Tovstolip

The report addresses stealing documents from a user’s computer protected by a DLP system. Main ways of causing data leakage are covered; the speaker will tell about the possibility of implementation of these ways for various DLP systems (from the upper-right Gartner quadrant). Additionally, the speaker will outline the basic techniques of disabling a DLP agent on a working machine and will present videos demonstrating the most successful techniques. The audience will learn about new 0-day vulnerabilities and useful tools.

  • Language
  • Russian

Alexander Kuznetsov graduated from the St. Petersburg State Polytechnic University with a degree in applied mathematics. He has been in the business of information security since 2006. Currently heads the department of information systems security at the Scientific and Technological Center "Vulcan."

Moscow, Russia

Alexander Tovstolip graduated from the Bauman Moscow State Technical University with a specialization in information security. He has been in the business of information security since 2008. Currently works as a specialist in the department of information systems security at the Scientific and Technological Center "Vulcan."

Moscow, Russia

Alexander Kuznetsov,  Alexander Tovstolip Alexander Kuznetsov, Alexander Tovstolip

Mobile Banking Applications Security

Author: Artyom Poltorzhitsky

Co-author: Vladimir Konev

The speaker will consider probable threats, develop an intruder model, and perform an experiment in which he will hack a mobile banking app by getting user data and confidential information from the running mobile application. This specially designed application will be able to monitor short incoming messages from the bank, disassemble them and notify the intruder of information received from the bank (passwords, secret sequences used to log in to the e-bank system, changes in the account balance). The insecurity of both today's banking applications for mobile devices and mobile banking services will become apparent to the audience.

  • Language
  • Russian

Senior student at the Information Security Department of the Bauman MSTU . He has been working for Bank Soft Systems as a mobile banking apps developer for two years. Now he holds the position of an engineer at Central Research Institute for Economics, Information and Management Systems.

Moscow, Russia

Artyom Poltorzhitsky Artyom Poltorzhitsky, Vladimir Konev

Analysis of Reputation Services Functions

Author: Pavel Korostelyov

Landscape of vulnerabilities related to malware has significantly changed for the last few years. The examples of such advanced malware as Conficker, Zeus, Stuxnet, Duqu, and etc. show that their developers achieved an absolutely new development level. One of the most important elements of an up-to-date virus is an antivirus system bypass module, which makes the conventional signature approach and heuristic analysis give in. To solve this problem, a lot of vendors of IS tools launched cloud reputation systems, which, in a real time mode, can answer the question whether this or that file, e-mail message, website, or simple network host should be trusted. The report analyzes functions of such services and reviews solutions of such vendors as Kaspersky Lab, Symantec, McAfee, Cisco, Blue Coat, Palo Alto, Check Point.

  • Language
  • Russian

Pavel Korostelyov is a Technical Manager at Step Logic.

Moscow, Russia

Pavel Korostelyov Pavel Korostelyov

Mobile OS Security Analysis Considering BYOD and MDM Through the Example of BlackBerry OS

Author: Yury Chemerkin

BlackBerry OS is rightly considered the most secure operating system having a set of deeply integrated protection mechanisms that successfully passed security tests. The operating system is also known for its MDM solution, BlackBerry Enterprise Server (both desktop and cloud versions). It was designed to provide mobile devices (especially BlackBerry) with additional protection within the scope of a BYOD policy in companies. However, it was developed without considering the characteristics of the operating system and its protection mechanisms. The report will show how to bypass the protection mechanisms.

  • Language
  • Russian

Yuri Chemerkin is a researcher at Advanced Monitoring. He is taking a postgraduate course at the Russian State University for the Humanities. Has a wide experience in the fileds of software development, reverse engineering, analyzing software solutions for security issues, mobile operating systems and clouds. He writes for such magazines as Hakin9, Pentest, eForensics (Software Press).

Moscow, Russia

Yury Chemerkin Yury Chemerkin

Pentest Lab: Creation Experience

Authors: Roman Romanov, Konstantin Levin

The report will focus on the issue of creating a pentesting platform.
The report will provide a summary of the project target, tasks examples, and difficulties that occur during the process of implementation.

  • Language
  • Russian

Roman Romanov graduated from the Moscow Social and Economic Institute, worked at Jet Infosystems CJSC. Now he is an information security specialist at ChronoPay.

Orekhovo-Zuyevo, Moscow Region, Russia

Konstantin Levin is a 5-year student of the Radio-Engineering Department, MSTU. He has been working in the IT field since the second year at the university, now he is writing his graduation paper related to the security of wireless networks.

Murmansk, Russia

Roman Romanov, Konstantin Levin Roman Romanov, Konstantin Levin

Microsoft SQL Server 2012 Security Mechanisms

Author: Veniamin Berestov

The report will cover the following issues of Microsoft SQL Server 2012:

  • Isolated databases (peculiar features from the point of view of information security, analysis of user passwords)
  • Password hashing algorithm
  • Blind SQL Injection via ad hoc connections (including connection to SQL Azure)
  • Peculiar features of connection to DBMS using Windows authentication

  • Language
  • Russian

Veniamin Berestov is an information security expert at Positive Technologies.

Veniamin Berestov Veniamin Berestov

SPAN Aggregation and Traffic Threat Analysis: Possibilities and Restrictions, Advantages and Disadvantages

Author: Andrey Dugin

The report considers selective aggregation of network traffic using SPAN sessions and taps for optimal applying of threats analysis systems such as DLP, network IDSs and IDSs for specific applications. Network architectures, TAP installation, SPAN sessions configuration, possibilities and restrictions of SPAN aggregators, and selective aggregation parameters are described in the report. The analysis of suitability and efficiency of solutions for implementation of network traffic selective aggregation is presented.

  • Language
  • Russian

Andrey Dugin graduated from the National University of Kyiv-Mohyla Academy. He is a postgraduate at the Ukrainian Research Institute of Communications. Works for MTS (Mobile TeleSystems OJSC) as an information security engineer at the IS department. Possesses 10 years of experience at the MTS Group, 5 years of which he worked in the information security sphere: network and firewall administration, implementation of intrusion detection systems, integration of network security tools with control and on-line monitoring systems, building the IT security knowledge base for MTS Ukraine.

Moscow, Russia

Andrey Dugin Andrey Dugin

Anonymity on the Internet: Methods, Techniques, Vulnerabilities and All, All, All

Author: Dmitry Urgyumov

The problem of ensuring anonymity on the Internet becomes more and more pressing nowadays. The report includes analysis of various techniques to provide anonymity, their efficiency and weaknesses. Practical examples and a review of uncommon methods of anonymization are also presented. The emphasis is made on vulnerabilities that arise during the anonymization process.

  • Language
  • Russian

Dmitry Ugryumov

Studied at the Kuban State Technological University. Holds honors degrees in "Organization and technology of data protection" and "Finance and credit". Has been taking a postgraduate course at the Kuban State Technological University since 2011 (specialty "Methods and systems for data protection. Information security"). Currently works for RosIntegratsia, where he grew from a technician to the head of the special scientific and technical department.

Krasnodar, Russia

Dmitry Urgyumov Dmitry Urgyumov

Dynamic Detection of Shellcode in Electronic Documents

Authors: Igor Agievich, Pavel Markov

The past few years show frequent use of e-mail messages with electronic documents containing exploits. Attackers use this technique to enlarge botnets or to spy on the industrial secrets of an organization. The report will describe dynamic detection of shellcode in electronic documents without signature analysis to enhance security of employees engaged in document flow. A zero-day vulnerability detected in Yandex.Browser will be used to demonstrate how the software use can decrease incident response time spent by the information security service of a company.

  • Language
  • Russian

Igor Agievich is the Deputy Head of the Internet Technologies Department at the company Tchnologii Radiocontrolya. He obtained a master's degree at the Saint Petersburg State Polytechnical University specializing in Secure Telecommunication Systems (the Department of Radio Electronic Means of Information Security). The author of "Research on your own", a report that he delivered at Chaos Construction 2011 and DefCon Russia. Performs various researches in the field of information security. Authored several articles. Discovered and published vulnerabilities in vBulletin (2005, 2006), VirtualBox (2011), Agnitum Outpost Security Suite (2012), and others.

Saint Petersburg, Russia

Pavel Markov is a developer at the company Tchnologii Radiocontrolya.

Saint Petersburg, Russia

Igor Agievich, Pavel Markov Igor Agievich, Pavel Markov

How to Straighten up a Car's "Brains"

Authors: Kirill Ermakov, Dmitry Sklyarov

ECU (Electronic Control Unit) for an up-to-date race car is a microcontroller that thoroughly controls all the systems of a bolide. ECU has an operating system, which receives information from different measuring elements and gives control commands in accordance with a specific profile. An owner can change profile settings, but the functions that make the car system more efficient are usually unavailable in basic ECU versions.
The research goal was to obtain control over all the ECU settings and achieve its full potential.

  • Language
  • Russian

Dmitry Sklyarov is the Lead Analyst of the Department of Advanced Developments at Positive Technologies.
Kirill Yermakov is an Information Security Specialist, Department of Advanced Developments, Positive Technologies.

Kirill Ermakov, Dmitry Sklyarov Kirill Ermakov, Dmitry Sklyarov

Visualization of Information System Analysis

Authors: Andrey Plastunov, Oleg Danilin

The report will consist of two parts. A theoretical part will cover approaches to visualization of the results of an information system research. A practical part will exemplify presentation of results in interactive graphs in terms of the research of a company's corporate network.

  • Language
  • Russian

Andrey Plastunov
System analyst at JSC Advanced Monitoring. He graduated from the Cybernetics Department of MEPHI. His area of interest includes research and analysis of information system security, and also analysis of mobile application security.

Moscow, Russia

Oleg Danilin
System analyst at JSC Advanced Monitoring. He graduated from the Bauman Moscow State Technical University. His area of interest includes research of information systems and traffic analysis. Development of a tool for visual traffic analysis is among his professional achievements.

Moscow, Russia

Andrey Plastunov, Oleg Danilin Andrey Plastunov, Oleg Danilin

XML Out-Of-Band Attack

Authors: Timur Yunusov, Alexey Osipov

This talk covers a brand new technique for out-of-band data retrieval. It allows accessing files and resources from a victim’s machine and internal network, even when normal output is impossible from the vulnerable application that handles XML data.

  • Language
  • Russian

Alexey Osipov is a specialist of Web Application Security. He performs in-depth analysis of web application security, allied services, and conducts research in the field of information security.

Moscow, Russia

Timur Yunusov is a specialist on a Web Application Security Team. He also participates in the development of the international forum on practical security Positive Hack Days. Timur performs in-depth analysis of web application security and allied services and conducts research in the field of information security.

Moscow, Russia

Timur Yunusov, Alexey Osipov Timur Yunusov, Alexey Osipov

A Handheld Tool for Pentesting

Author: Andrey Biryukov

The report considers applying credit-card-sized computers for pentesting. The speaker will demonstrate a Raspberry Pi device, the Pwn Pi operating system, and its main embedded utilities. The report also includes a video demonstration of several pre-recorded attacks against wireless devices.

  • Language
  • Russian

Andrey Biryukov graduated from The Moscow Aviation Institute specializing in applied mathematics. Since 2010 he has been working as a System Architect in Informzashchita. Andrey Biryukov is a permanent author and editor in the Systemny Administrator magazine.

Moscow, Russia

Andrey Biryukov Andrey Biryukov

SMS Banking Fraud

Author: Denis Gorchakov

Co-author: Olga Kochetova

The speaker will tell how intruders can use the lack of sender validation in an SMS banking system. He will present some attack examples involving social engineering. In conclusion, the speaker will offer some advice on how to solve the problem.

  • Language
  • Russian

Denis Gorchakov completed a degree at the Institute of Business Security of the Moscow Power Engineering Institute, specializing in information protection organization and technology. He worked as a laboratory assistant at the Department of Complex Security at the MPEI Business Security Institute. Now works as an information security engineer at Positive Technologies.

Denis Gorchakov Denis Gorchakov, Olga Kochetova

High-Performance Computing Using FPGA by the Example of MD5 Keyword Search

Author: Alexander Tereshchenko

Due to its flexibility, FPGAs can be implemented on a wide range of devices (e.g., radio data intercepting devices and high-performance switches). The speaker will tell about the peculiarities of field-programmable gate arrays (FPGAs) and represent the description of a Spartan-6 FPGA device and an algorithm for MD5 hash keyword search (MD5 is used illustrative purposes, in fact FPGAs can be utilized for keyword search of most hashing algorithms).

  • Language
  • Russian

Alexander Tereshchenko is a graduate of the Military Academy of Air Defense Forces of Russian Federation and of the Smolensk State University. Worked at Tensor, currently is a software engineer at the Smolensk Radio-Electronics Research and Innovation Center Zavant.

Smolensk, Russia

Alexander Tereshchenko Alexander Tereshchenko

How to Obtain the Forbidden by Taking the Way that does not Exist: iOS Mach Ports Fuzzing

Authors: Kirill Ermakov, Dmitry Sklyarov

Apple imposes a lot of restrictions on developers of iOS applications. Even such a harmless action as obtaining information about an encryption mode used by a Wi-Fi connection is a little bit difficult.
The report will explain how to obtain more system information not using Jailbreak or Private Frameworks. All you need is to write a fragment of Private Frameworks by yourself!

  • Language
  • Russian

Dmitry Sklyarov is the Lead Analyst of the Department of Advanced Developments at Positive Technologies.
Kirill Yermakov is an Information Security Specialist, Department of Advanced Developments, Positive Technologies.

Kirill Ermakov, Dmitry Sklyarov Kirill Ermakov, Dmitry Sklyarov