POSITIVE HACK DAYS



ORGANIZER

Program

A Long View of Information Security

Tech

Want to visit   +311

Author: Whitfield Diffie (Advisor of Almaz Capital)

Cryptography, despite a long prehistory, is only about a hundred years old: radio created the need and mechanical computation made it possible to put centuries-old theory to practice. Computer security is perhaps fifty years old: it is only with the development of time-shared computers that computer security became distinct from the security of the computer room. Why then with only an additional fifty years under its belt is cryptography doing so much better than computer security? The speaker will address this question in historical, technical, and economic terms with an eye to discovering why the overall field of cyber or network or information security is doing so poorly and what will be required to put it on a better course.

  • Language
  • English

Dr. Whitfield Diffie (Advisor of Almaz Capital) is best known for discovering of the concept of public key cryptography, which underlies the security of internet commerce and all modern secure communication systems. He is a Consulting Professor in the Center for International Security and Cooperation at Stanford and a Visiting Professor at Royal Holloway College of the University of London. An owner of a number of awards, including the IEEE Information Society Golden Jubilee Award for invention of the Diffie-Hellman key exchange protocol, he is also the co-author of the book “Privacy on the Line: the Politics of Wiretapping and Encryption”.
Advisor of Almaz Capital.

Whitfield Diffie (Advisor of Almaz Capital) Whitfield Diffie (Advisor of Almaz Capital)

Circle of Mugging: Identity Theft in Moscow Metro

Fast Track

Want to visit   +218

Author: George Noseevich

Since January 2015, the Moscow Metro Wi-Fi has officially become available on all the subway lines, and as early as the end of the month the network got compulsory identification by a mobile phone number. The speaker will talk about the system’s implementation features and weak points and explain how hackers can “trick” the identification or use someone else’s phone number to get the access. As a bonus, you will learn how to get the mobile number of “that hot blonde over there”.

  • Language
  • Russian

George Noseevich is a Ph.D. student of the Faculty of Computational Mathematics and Cybernetics, Moscow State University. George does commercial pentesting and participates in online competitions and bug bounties both individually and as a member of the Bushwhackers CTF team. His research is mostly focused on finding logic vulnerabilities in web applications as well as protecting applications against targeted attacks that exploit logic flaws. He has also been a speaker at international and local conferences –  ZeroNights 2012, Hack In The Box 2013, SysSec Workshop 2011.

George Noseevich George Noseevich

Zero Shades of Grey

Tech

Want to visit   +148

Author: Andrey Masalovich

Early detection and prevention of different information attacks, as well as struggle against extremism on the Net are very crucial tasks. Unfortunately, traditional internet monitoring systems do not allow assessing information reliability, which complicates early detection of information attacks. The speaker will demonstrate how to quickly assess reliability of text, graphic, and multimedia data and detect disinformation. Only real examples from ongoing information wars.

  • Language
  • Russian

Andrey Masalovich is the president of Inforus and an expert for RFBR, INTAS, ITC UN and APEC, has a Ph.D. in Physics and Mathematics. He has supervised a number of successful projects in the analytical equipment of banks, financial-industrial groups, major networks of trade retailers and government organizations. A former FAPSI lieutenant colonel, Commander of the Order "Star of the Glory of the Fatherland", winner of the scholarship of Sciences "Outstanding Scientist of Russia" (1993). Author of numerous publications on the problems of search and analysis of data. Conducted seminars in several universities in Russia (Academy of National Economy, Moscow State University, MAI) and in the USA (Harvard, Stanford University, Georgia Institute of Technology, Texas A&M University). Conducted hands-on labs on competitive intelligence at all the PHDays forums. Creator of the Avalanche search engine.

Andrey Masalovich Andrey Masalovich

Automated Patching for Vulnerable Source Code

Dev

Want to visit   +127

Author: Vladimir Kochetkov

The report describes problems of automated patching based on the results of source code security analysis, as well as possible solutions to them.

  • Language
  • Russian

Vladimir Kochetkov is an expert of Positive Research Center (Positive Technologies). He specializes in application security research and takes part in development of several Application Inspector modules. He is also a developer and administrator of rsdn.ru.

Vladimir Kochetkov Vladimir Kochetkov

The End of Anonymity on Anonymous Networks

Fast Track

Want to visit   +122

Author: Denis Makrushin

Co-author: Maria Garnaeva

The problem of user de-anonymization on the Darknet becomes more and more popular. The report will cover a variety of exploits for vulnerabilities in .onion resources and configuration flaws that can be utilized to obtain information on Tor users.

  • Language
  • Russian

Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He graduated from the Faculty of Cybernetics and Information Security of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute); specializes in analysis of possible threats and follows the Offensive Security philosophy. Denis has gained an extensive experience in information security; was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for exposure to DDoS attacks; helped to organize and conduct an international forum on practical security.

Maria Garnaeva is an antivirus expert at Kaspersky Lab.

Denis Makrushin Denis Makrushin, Maria Garnaeva

Social Engineering for Fun and Profit

Tech

Want to visit   +115

Author: Chris Hadnagy

The speaker will share his experience in creating competitions all around social engineering and will highlight some of the stories from the DEF CON SECTF over the past 5 years.

  • Language
  • English

Chris Hadnagy is the founder and CEO of Social-Engineer, Inc. Chris possesses over 16 years’ experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. Chris established the world’s first social engineering framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which has become staples in the security industry and is referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

Chris Hadnagy Chris Hadnagy

GSM Signal Interception Protection

Fast Track

Want to visit   +109

Authors: Sergey Kharkov

Co-author: Artyom Poltorzhitsky

GSM network attacks, involving replacement of a base station with a virtual one (MITM attacks), allow eavesdropping any mobile phone conversation. The speaker will describe a general MITM attack pattern, the working principle of hacking devices and define the criteria, which may help detect a fake station. He will also show a Windows Phone application, which detects switching over to a virtual base station.

  • Language
  • Russian

Sergey Kharkov is a security expert at National Research Nuclear University MEPhI. He specializes in IS research, cellular network and mobile phone security.

Sergey Kharkov Sergey Kharkov, Artyom Poltorzhitsky

Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web Applications

Dev

Want to visit   +109

Author: Denis Kolegov

Co-author: Nikolai Tkachenko

The report describes non-invasive methods for elimination of vulnerabilities in logical access control and data stream management systems of web applications. You will learn basic approaches that help implement new access control policy and eliminate some of the most common authorization vulnerabilities without modifying the web application's source code.

  • Language
  • Russian

Denis Kolegov is Candidate of Engineering Sciences, Docent of Information Security and Cryptography Chair at Tomsk State University, a senior security engineer at F5 Networks. He has been a speaker at such IS conferences as PHDays III Young School, PHDays IV, ZeroNights 2014, and Sibecrypt.

Denis Kolegov Denis Kolegov, Nikolai Tkachenko

Building a Cyber Fortress

Hands-on Labs

Want to visit   +108

Author: Alexander Sverdlov

This fast and intensive one-hour hands-on lab is devoted to hardening operating systems, routers, networked devices and establishing usage practices, which significantly decrease the chances of a compromise, exploitation, and backdooring.

  • Language
  • English

Alexander Sverdlov is a cyber-incident responder in Dubai and specializes in incident prevention. He worked as a security manager at Hewlett-Packard, ITSO, ProCredit Bank Bulgaria, conducted hands-on labs on cyber forensics at PHDays III and PHDays IV.

Alexander Sverdlov Alexander Sverdlov

Fighting Payment Fraud Within Mobile Networks

Tech

Want to visit   +106

Author: Denis Gorchakov

Co-author: Nikolai Goncharov

The speakers will talk about a hardware-software system designed for Android virus analysis, as well as detection of botnet control centers (online and SMS) on infected devices, data collectors, and savings accounts. You will find about the system development, details of its operation and future.

  • Language
  • Russian

Denis Gorchakov is an IS expert at Alfa-Bank. Previously, he worked as an IS engineer at Positive Technologies and anti-fraud specialist at MTS (a Russian telecommunications group).

Nikolai Goncharov is a postgraduate student at the Department of Information Security at Moscow State Technical University and the chief information security specialist at MTS (a telecommunications group in Russia). Trained at SUNY. Lately, has been engaged in fraud and malware prevention in communication networks, forensics, and administering antifraud and SIEM solutions. Conducts research in this field to include in his Ph.D. thesis.

Denis Gorchakov Denis Gorchakov, Nikolai Goncharov

The Bazaar, the Maharaja's Ultimatum, and the Shadow of the Future: Extortion and Cooperation in the Zero-Day Market

Business

Want to visit   +97

Author: Alfonso de Gregorio

The work contains the first results of an ongoing study on extortion and cooperation in zero-day markets. The speaker will present a detailed overview of some inherent obstacles that market players face and describe the strategies, which allow maximizing profits.

  • Language
  • English

Alfonso De Gregorio is a security technologist, founder of BeeWise, and Principal Consultant at secYOUre. He also served as the chief security architect at an HSM vendor, expert at the European Commission, and visiting scholar at the Computer Security and Industrial Cryptography (COSIC) research group. He has been a speaker at Fault Diagnosis and Tolerance in Cryptography (FDTC), ISS World Prague, RSA Conference Europe, Metricon, Security by Design: From Theory to Practice, IFIPTM, and other conferences.

Alfonso de Gregorio Alfonso de Gregorio

Compromises in Large Infrastructures: Investigating and Managing Incidents

Business

Want to visit   +82

Moderator: Vladimir Kropotov

Large companies' information infrastructures often attract hackers. Media highlights tens of hacks, while hundreds of bugs are fixed silently, and thousands of information systems remain compromised for many years.

How do infrastructure owners detect attacks? What do they do once a hack is detected and what should not be done? Who and when should be informed of an incident? What skills and technical equipment are required to detect and control incidents?

  • Language
  • Russian

Vladimir Kropotov, the head of monitoring department at Positive Technologies, a frequent speaker at a number of international conferences, including PHDays, ZeroNights, HITB, and Hack.lu.

Detecting Network Intrusions With Machine Learning-Based Anomaly Detection Techniques

Tech

Want to visit   +78

Author: Clarence Chio

Machine learning techniques used in network intrusion detection are susceptible to “model poisoning” by attackers. The speaker will dissect this attack, analyze some proposals for how to circumvent such attacks, and then consider specific use cases of how machine learning and anomaly detection can be used in the web security context.

  • Language
  • English

Clarence Chio is a software engineer at Shape Security and a community speaker at Intel. He has recently graduated with a B.S. and M.S. in Computer Science from Stanford University specializing in data mining and artificial intelligence. He is currently working on a product that protects its customers from malicious bot intrusion and on the system that tackles this problem from the angle of big data analysis.

Clarence Chio Clarence Chio

CAESAR, BRUTUS, and Symmetric Crypto in 2020s

Tech

Want to visit   +74

Author: Markku-Juhani Saarinen

What kind of ciphers do security-conscious users and organizations expect to be actually using in phones, browsers, and VPNs in 2020's? Most of the talk is related to the on-going CAESAR competition organized to replace AES-GCM (which is currently the only unclassified algorithm certified by U.S. and NATO to handle Top Secret communications) with new authenticated encryption methods. The speaker will discuss the relative strengths and weaknesses of the current-generation (and upcoming) Russian algorithms from both cryptanalytic and implementation viewpoints.

  • Language
  • English

Markku-Juhani Saarinen is a researcher, trained cryptographer, and experienced coder with 20 years’ experience in cryptography and information security. Part of the original SSH2 design/implementation team in the 1990's. Few crypto patents, dozens of research publications. PhD Crypto, Royal Holloway, University of London (2009). One of the few people who are called upon to actually break ciphers. Currently based in Istanbul, Turkey.

Markku-Juhani Saarinen Markku-Juhani Saarinen

Why IT Security Is Fucked Up

Tech

Want to visit   +70

Author: Stefan Schumacher

IT security is in a miserable state. The problems have been discussed again and again without advancing IT security. The speaker will give an overview of what is wrong with IT security and security research; he will show why cryptosystems really fail, what psychology knows about security, and what IT Sec has to do if it ever wants to break through the current difficulties and start generating more security.

  • Language
  • English

Stefan Schumacher is the head of the Magdeburg Institute for Security Research currently running a research program on security psychology. He worked in the NetBSD project, has almost 15 years of experience as a conference speaker and trainer at such conferences as DeepSec, DeepIntel, AusCERT, Chaos Communication Congress, Chaos Communication Camp, CeBIT and the German Armed Forces and Intelligence Agencies. He is also the editor of the Magdeburg Journal of Security Research and some books about IT security.

Stefan Schumacher Stefan Schumacher

How to Choose WAF

Fast Track

Want to visit   +70

Author: Eldar Beibutov

The report is about choosing a web application firewall for a large company. The speaker will define the web firewall tasks, point out its core capabilities in terms of the best practices and real cases, and assess some of the most interesting solutions on the market.

  • Language
  • Russian

Eldar Beibutov does a master’s degree on information security management at Higher School of Economics and works as an IS engineer at Jet Infosystems. Last year, he graduated from Ufa State Aviation Technical University with a security specialist degree and moved to Moscow.

Eldar Beibutov Eldar Beibutov

RFID/NFC for the Masses

Hands-on Labs

Want to visit   +68

Author: Nahuel Grisolía

The workshop covers both the Low Frequency band (mainly used for individual physical access to buildings, garages, hotels, etc.) and the High Frequency band, where NFC is the main term we are going to discuss. Mobile payment, Paypass, Paywave and NFC USIM are out there too. This workshop will provide you with all the tools, materials, and references for further study and research.

  • Language
  • English

Nahuel Grisolía is an information security professional from Argentina, where he runs his own company called Cinta Infinita. He is specialized in web application penetration testing and hardware hacking. He loves playing with Arduino’s, ARM-based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks at a couple of conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMware, Manage Engine, Oracle, Websense, Google, Twitter, as well as in free software projects like Achievo, Cacti, OSSIM, Dolibarr, and osTicket.

Nahuel Grisolía Nahuel Grisolía

Mobile "Security"

Fast Track

Want to visit   +66

Authors: Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina

The speakers will present a complete analysis process implemented to check if mobile applications comply with security standards. They will demonstrate a specially developed static analysis tool, dynamic analysis methods and exploitation of vulnerabilities found in real applications.

  • Language
  • Russian

Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.

Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.

Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina

ROP Is Not a Problem Anymore: Automatic Shellcode Detection in Network Traffic

Tech

Want to visit   +66

Author: Svetlana Gayvoronskaya

Co-author: Ivan Petrov

This report covers the analysis of ROP shellcode present in public databases (metasploit, exploitdb, etc.) and modern ROP shellcode generators. It also focuses on a utility capable of detecting ROP shellcode for the x86 architecture within the traffic of high-speed networks via static and dynamic analysis.

  • Language
  • Russian

Svetlana Gayvoronskaya is a security specialist at Microsoft; has a Ph.D. in Physics and Mathematics; graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University. As a speaker, participated in Defcon, Black Hat, HITB, and PHDays.

Ivan Petrov is a senior student at the faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University, interested in reverse engineering and mobile security. He studies the potentials of exploitation of ARM devices, writes Metasploit modules. As a speaker, he participated at PHDays, Defcon, HITB, and RusCrypto.

Svetlana Gayvoronskaya Svetlana Gayvoronskaya, Ivan Petrov

Damn Vulnerable Chemical Process

Tech

Want to visit   +65

Author: Marina Krotofil

Attackers and researchers have shown numerous ways to compromise and control the digital systems involved in process control. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into a microcontroller. The report will take the audience through all the stages and details of designing and implementing such attacks and will illustrate the role of knowledge on physical processes and control system principles in designing full-fledged SCADA exploits.

  • Language
  • English

Marina Krotofil is a senior security consultant at European Network for Cyber Security. Most recently, she completed her doctoral degree in ICS security at Hamburg University of Technology, Germany, holds an MBA in Technology Management, MSc in Telecommunications, MSc in Information and Communication Systems. She is the author of the Damn Vulnerable Chemical Process framework – an open-source platform for cyber-physical security experimentation based on the realistic models of chemical plants. Marina has written more than a dozen of papers on the cyber-physical exploitation and defense and fundamentals of secure control.

Marina Krotofil Marina Krotofil

Binary Analysis Using Decompilation and LLVM

Fast Track

Want to visit   +61

Authors: Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina

The report describes how to apply binary decompilation methods to find security flaws in binary programs. The speaker will show the current state of the decompilation tool and discuss his choice of methods employed.

  • Language
  • Russian

Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.

Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.

Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina

Hacking a Site on Adobe Experience Manager

Fast Track

Want to visit   +60

Author: Mikhail Egorov

The report is devoted to security testing of web applications based on Adobe Experience Manager (AEM). The speaker will share his experience of searching and exploiting vulnerabilities he came across during his work (vulnerabilities that lead to sensitive data leakage, DoS attacks, XSS, XXE and even RCE) and demonstrate self-developed tools, which can help automate security testing of AEM-based web applications.

  • Language
  • Russian

Mikhail Egorov is an independent researcher and an information security expert at Odin (Parallels). He graduated from Bauman Moscow State Technical University in 2009 with a master's degree in information security. He has OSCP and CISSP certificates. Key interests — vulnerability search, fuzzing, reverse engineering, cryptography, web application and network security.

Mikhail Egorov Mikhail Egorov

Handcuffs & Restraints

Tech

Want to visit   +59

Author: Robert Pingor

For all of their varied brands and styles, did you know that most handcuffs consist of the same internal mechanisms and that all models almost always operate in the same way? Because of this, it's quite simple to understand how handcuffs work, how they can be exploited, and how to get out of them quickly. Although the design is universal, it is not an easy thing to find one key that can operate all handcuff models. Many keys from various manufacturers are similar, but none is perfect for all situations. However, such a key has been released, open-source, for you to try the same.

  • Language
  • English
Robert Pingor Robert Pingor

Not by Nmap Alone

Fast Track

Want to visit   +58

Author: Dmitry Boomov

The researcher will look into the possibility of internal infrastructure scanning via a victim’s browser with JavaScript disabled. Pretend all information about internal infrastructure is in the hands of a single person. Instead of forcing him or her to run nmap, you may scan a local network via the victim’s browser even if JavaScript in the said browser is restricted or disabled for security purposes. To accomplish that, you just need the target to click on the desired link.

  • Language
  • Russian

Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Dmitry Boomov Dmitry Boomov

Investments in a Global Development of Security Companies

Business

Want to visit   +58

Moderator: Alexander Galitsky

The participants of this section will touch upon the areas of investments in the cyber-security companies, explain how to go global from the local markets and to structure the companies for the international market, as well as discuss further development of the companies as a result of the next investments rounds. These issues will be discussed by the section participants:

  • Yoav Tzruya, Partner, JVP Cyber Labs
  • Sergei Khodakov, Head of Information Security Foresight, Skolkovo Foundation
  • Geoffrey Baehr, General Partner, Almaz Capital Partners (former Chief Network Officer of Sun Microsystems)
  • Mikhail Kader, Distinguished systems engineer, Cisco

  • Language
  • Russian

Alexander Galitsky is a managing partner of Almaz Capital Partners, a venture fund founded in 2008 and backed by Cisco Systems, EBRD and IFC. His investments include Parallels, Yandex, QIK (sold to Skype), Vyatta (sold to Brocade), Acumatica, Alawar, EverNote, GridGain, WikiMart, etc. He pioneered in WiFi and VPN technologies in partnership with Sun Microsystems and was a pioneer of the Russian internet industry back in the 90s. Prior to becoming an entrepreneur, he served as one of the top technical executives for the Soviet space industry. Alexander was honored numerous times as the most influential person in the Russian IT and Internet industry by independent agencies, including Forbes.

iOS Application Exploitation

Hands-on Labs

Want to visit   +58

Author: Prateek Gianchandani

Co-author: Egor Tolstoy

This will be a hands-on introduction to exploiting iOS applications. The training will be based on using Damn Vulnerable iOS App to show the different kinds of vulnerabilities and to help developers secure their own applications.

  • Language
  • English

Prateek Gianchandani, an OWASP member and contributor, is currently working as an information security engineer for Emirates Airlines in Dubai. His core focus area is iOS application pentesting. He is also the author of Damn Vulnerable iOS App and runs a blog series on iOS application security.

Egor Tolstoy is a graduate of Information Security Faculty of Moscow Aviation Institute. Now he is an iOS software engineer in Rambler&Co. Besides primary activity he handles the security aspects of the developed systems and conducts penetration testing of different mobile applications.

Prateek Gianchandani Prateek Gianchandani, Egor Tolstoy

Log Analysis Automation Through Elasticsearch

Fast Track

Want to visit   +57

Author: Vitaly Chetvertakov

Co-author: Kirill Semyonov

The report is devoted to analyzing and correlating large amounts of logs from a variety of information systems. The speakers will provide an example of a log analysis system used to detect malicious software within networks and demonstrate a solution that allows using indicators of compromise (IOC).

  • Language
  • Russian

Vitaly Chetvertakov is an anti-intrusion and computer forensics expert. He is keen on Python programming, developing web applications and automating the analysis of large amounts of data. He has been a speaker at various IS conferences.

Kirill Semyonov is an IS analyst. He is engaged in network attack security, investigates IS incidents and conducts research focused on the analysis of large amounts of data. He is interested in Python programming and penetration testing.

Vitaly Chetvertakov Vitaly Chetvertakov, Kirill Semyonov

Debug Automation in WinDbg

Hands-on Labs

Want to visit   +57

Author: Alexander Tarasenko

This will be a hands-on demonstration on how to automate painstaking tasks using WinDbg. You will learn how to develop a script by means of the WinDbg integrated engine, Python and PyKd extension (install WinDbg, Python 2.7 and download the provided dumps in advance). The report is supposed to be interesting to reverse engineering specialists and to software developers seeking nontrivial debugging tools.

  • Language
  • Russian

Alexander Tarasenko graduated from Saint Petersburg Electrotechnical University; worked as a programmer at Agnitum and a software developer at Kaspersky Lab. He is fond of open-source projects and Python programming.

Alexander Tarasenko Alexander Tarasenko

Static Analysis of Source Code After 200 Open-Source Projects

Fast Track

Want to visit   +54

Author: Evgeny Ryzhkov

Co-author: Andrey Karpov

NDA often forbids releasing information about closed commercial projects, but open source can and should be discussed. Over the past few years, the speakers have analyzed hundreds of software projects — from zlib to Chromium — and are now ready to share this experience and reveal what mistakes are typical of open-source projects, whether closed code is better than open, whether coding standards should be complied with, and whether complex architectural errors are more difficult to find than misprints.

  • Language
  • Russian

Evgeny Ryzhkov is the general director of Program Verification Systems, a company that develops the PVS-Studio static code analyzer. He is the author of articles devoted to software system development and code analysis technologies. He defended a thesis on "Static code analysis for automated errors detection during software migration to 64-bit platforms".

Andrey Karpov is the technical director of Program Verification Systems and developer of source code static analyzers. He has worked for several years at the scientific center "CFD Software Group", where he has acquired exceptional experience in resource-intensive software development in the sphere of computational modeling and visualization. He is the creator of the Viva64 static analyzer and the PVS-Studio package.

Evgeny Ryzhkov Evgeny Ryzhkov, Andrey Karpov

Attacks on SAP Mobile

Tech

Want to visit   +53

Author: Vahagn Vardanyan

  • Language
  • Russian
Vahagn Vardanyan Vahagn Vardanyan

Specialized Compiler for Hash Cracking

Fast Track

Want to visit   +52

Author: Alexey Cherepanov

A lot of time was spent to improve hash cracking speed, but the results still leave much to be desired. However, what if it was possible to make computer optimize the code and to separate crypto primitives and optimizations? The most flexible and powerful solution is code generation. The speaker will make an overview of various approaches and demonstrate the code generation techniques used in john-devkit to improve John the Ripper, the famous password cracker.

  • Language
  • Russian

Alexey Cherepanov is a programmer fascinated by free software, participant of GSoC 2012, contributor to John the Ripper, and the current maintainer of Johnny the GUI for John the Ripper.

Alexey Cherepanov Alexey Cherepanov

DGAs and Threat Intelligence

Tech

Want to visit   +51

Author: John Bambenek

This talk will focus on a research into Domain Generation Algorithms used in several malware families. By reverse engineering the DGA, it became possible to create near-time intelligence feeds used to monitor malicious networks and provide information required for network protection.

  • Language
  • English

John Bambenek is the chief forensic examiner for Bambenek Consulting and an incident handler with the Internet Storm Center. He has been engaged in security for 15 years researching security threats. He is a published author of several articles, book chapters and one book. He has contributed to IT security courses and certification exams covering such subjects as penetration testing, reverse engineering malware, forensics, and network security. He has participated in many incident investigations spanning the globe. He speaks at conferences around the world and runs several private intelligence groups focusing on takedowns and disruption of criminal entities.

John Bambenek John Bambenek

SAT Algorithms and Their Application in Cryptanalysis

Dev

Want to visit   +49

Author: Alexander Semenov

The report is about applying SAT algorithms to cryptanalysis tasks. The speaker will cover the algorithms and techniques that form the basis of modern SAT solvers. The usage of SAT solvers for inversion of cryptographic functions will be demonstrated in the context of solving an A5/1 key stream generator cryptanalysis task, as well as tasks on detecting collisions of MD-family hash functions.

  • Language
  • Russian

Alexander Semenov is Candidate of Engineering Sciences, Docent, Chief of Discrete Analysis and Applied Logic Laboratory at Institute of System Dynamics and Control Theory SB RAS, Irkutsk. Key scientific interests – computational complexity of algorithms, cryptography, cryptanalysis, parallel computation, algorithms for solving SAT.

Alexander Semenov Alexander Semenov

Why State-sponsored Malware is Interesting

Tech

Want to visit   +48

Author: Alexander Gostev

Co-author: Vitaly Kamluk

Over the past few years, the cyberspace has turned into a battleground for spooks and security companies. Why is it becoming easier and faster to catch 0-day packed-deeply hidden-stealthy “implants”? Why is it a capital mistake to use the same Trojan to infect both terrorists and Merkel’s aide? What makes these implants so interesting from a researcher’s point of view?

  • Language
  • Russian

Alexander Gostev is the chief security expert at Kaspersky Lab. In 1994, he got interested in antivirus technologies when an antivirus program was first set up in a company he worked at that time. Having founded the Antivirus Center of Komi Republic in 1996, he started publishing data on new viruses detected. He also was a coordinator of the project "WildList Russia" launched in 1998. In 2002 he joined Kaspersky Lab as a virus analyst.

Vitaly Kamluk graduated from Belarusian State University, the Faculty of Applied Mathematics and Informatics; joined Kaspersky Lab in 2005 as an infrastructure services developer. In 2008, he was promoted to a senior antivirus expert and then to the Director of the EEMEA Research Center in 2009. He specializes in threats focusing on global network infrastructures, malware reverse engineering and cybercrime investigations.

Alexander Gostev Alexander Gostev, Vitaly Kamluk

Cryptography in Russia: Is It All That Bleak?

Tech

Want to visit   +48

Authors: Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin

The speakers will outline the basic principles of Russian cryptographic protection mechanisms, discuss the requirements to them and highlight the practical aspects of their use. Comparing a variety of cryptographic algorithms, they will explain what work the experts on standardization of Russian cryptographic algorithms and protocols perform and why Russian cryptography is so important though there are many western cryptographic algorithms. This report will also cover key information media and the results of analysis of tokens exposure to different attacks and malicious activities.

  • Language
  • Russian

Stanislav Smyshlyaev is the head of information security department at CryptoPro, has a Ph.D. in Physics and Mathematics. Graduated from the Faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University with honors. His scientific interests are cryptographic analysis of protocols, methods of security assessment of cryptographic algorithms, and cryptographic properties of Boolean functions. The author of more than 30 scientific publications including publications in Journal of Cryptology and NATO ARW Proceedings.

Evgeny Alexeev is a senior engineer analyst at CryptoPro, has a Ph.D. in Physics and Mathematics. Graduated from the Faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University with honors. His area of research is cryptographic analysis of ciphers and hash functions, cryptographic properties of Boolean functions, and reverse engineering. The author of more than ten scientific publications.

Sergey Agafin graduated from the Faculty of Cryptology and Discrete Mathematics of National Nuclear Research University "MEPhI" (Moscow Engineering Physics Institute) in 2012. The author of a dozen of publications, he participated as a speaker in such international conferences as Comprehensive Information Protection, RusCrypto, and SinConf (Scotland). His scientific interests are means to store cryptographic keys, random number generators, and methods of software module analysis.

Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin

Yet Another Shodan: Creating a Similar Search Engine

Fast Track

Want to visit   +47

Author: Igor Agievich

Co-author: Pavel Markov

The Shodan search engine has lately become very popular. It allows searching for various equipment connected to the Internet. The report is devoted to an alternative search engine with the same tasks. The speakers will explain how they decided to start such a project, describe the similarities and differences between Shodan and the new system, and show how they solved the development problems.

  • Language
  • Russian

In 2010, Igor Agievich graduated from the Saint-Petersburg Polytechnic University (the department of Radio Engineering for Securing Information) becoming a Master of Engineering and Technology in the sphere of telecommunication (with specialization in Secure Telecommunication Systems). Has been a speaker at PHDays, Chaos Constructions, and Defcon Russia. Author of researches in information security. Published vulnerabilities found in Agnitum Outpost Security Suite, VirtualBox and vBulletin.

Pavel Markov is a software engineer at Radiomonitoring Technology (Saint Petersburg). He has been a speaker at PHDays for the last three years, prizewinner of the Critical Infrastructure Attack contest at PHDays IV.

Igor Agievich Igor Agievich, Pavel Markov

Emerging Trends and Ideas About the Business of Security From a Silicon Valley VC Perspective

Business

Want to visit   +47

Author: Geoffrey Baehr

The strategy and business of security companies is rapidly changing. This is due to the accelerating pace of threat evolution, rather than selling to new markets and users, the daily practice of security firms is shifting. However, we find that the comparable evolution in the practice of security techniques is not keeping pace both on the end user and corporate sides. Opportunities abound for startups to address these issues.

  • Language
  • English

Geoffrey Baehr is a general partner at Almaz Capital investing in areas ranging from security and networking to analytics and big data technologies. He is currently working on Software Defined platforms and networks and data analytics applied to the Internet of Things. He is also working on the scaling, management and control of virtualized infrastructure. Geoffrey is on a panel of reviewers for computer science related proposals and is a member of the IEEE (Institute of Electrical and Electronics Engineers) and ACM (Association for Computing Machinery).

Geoffrey Baehr Geoffrey Baehr

Lock Screen Bypass on Android Devices

Fast Track

Want to visit   +46

Author: Leonid Lukyanenko

The report is devoted to the methods of bypassing lock screens on Android devices. The speaker will demonstrate how to find out the owner's password, replace it with your own, and unlock bootloader.

  • Language
  • Russian
Leonid Lukyanenko Leonid Lukyanenko

Pig in a Poke: M&A Security Issues

Business

Want to visit   +45

Author: Natalya Kukanova

When a company buys another company, nobody ever thinks of a security audit. If, by any chance, it comes to the limelight, the current regulatory requirements alone are analyzed. Yandex mastered security audit implementation into the merging processes (M&A). The report describes the problems faced and the solutions found. No theory, just practice.

  • Language
  • Russian

Natalya Kukanova is an analyst at Yandex. Previously worked as an information security analyst and project manager at Digital Security and Positive Technologies; she was involved in development and implementation of IS systems and processes, as well as information security risk management.

Natalya Kukanova Natalya Kukanova

fuzz.txt

Fast Track

Want to visit   +45

Author: Dmitry Boomov

Co-author: Oleg Kupreev

The report will focus on a new tool for mass web application scanning based on the Nikto scanner. Its developers — Oleg “0x90” Kupreev (Digital Security) and Dmitry “Bo0oM” Boomov (ONsec) — will explain how it works and what makes it so effective.

  • Language
  • Russian

Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Dmitry Boomov Dmitry Boomov, Oleg Kupreev

Is There Life Without SIEM?

Fast Track

Want to visit   +45

Author: Igor Gots

The speaker will demonstrate an effective primary analysis of system logs by using freeware. A system built within 10 man-hours out of several open-source products (syslog, Logstash, Elasticsearch, and Kibana) can make forensics tasks as easy as a mouse click.

  • Language
  • Russian

Igor Gots is an IS manager. He studies and implements methods of collecting and analyzing server and equipment logs.

Igor Gots Igor Gots

Don’t Believe Your Own Redirects

Fast Track

Want to visit   +43

Author: Mikhail Bolshov

This talk will focus on ways to bypass trusted redirects of Yandex, Mail.Ru, and LiveInternet.

  • Language
  • Russian

Mikhail Bolshov is an independent researcher of web technologies and web application protection. He specializes in provision of complex information security, participates in CTF competitions and bug bounty programs launched by Mail.Ru, Yandex, QIWI, etc.

Mikhail Bolshov Mikhail Bolshov

Chw00t: Breaking Unices’ Chroot Solutions

Tech

Want to visit   +43

Author: Balazs Bucsay

Chroot is not a security solution, but still lots of people use it as it was one. Based on tricky chroot, Jail was introduced in FreeBSD, Containers — in Solaris, and LXC — on Linux. However, some chroot solutions are breakable or at least partly breakable, and you would be surprised to hear how many.

  • Language
  • English

Balazs Bucsay is a Hungarian hacker with 14 years of experience, currently living in Hungary, Europe. Works for Vodafone (the world's second largest mobile operator company) as an ethical hacking specialist, doing penetration tests and other security related tasks. Participated in a series of ethical hacking competitions, owns professional certificates including OSCP, OSCE, and OSWP.

Balazs Bucsay Balazs Bucsay

Building International White Hat Community

Business

Want to visit   +42

The Hacker Manifesto provoked the ongoing dispute on the distinction between hackers and criminals, researchers and public enemies. Government bodies and companies only add to the confusion investing to the "white" and "gray" exploit and vulnerability market shaking an unsteady responsible disclosure process. This section will gather organizers of the world's top hacker conferences to discuss information security development and new trends on different continents.
Participants:

  • Dragos Ruiu (a.k.a. Dojo Mama-San) — CanSecWest, Canada
  • Vangelis — Power of Community, Korea
  • Sergey Gordeychik — SCADA Strangelove
  • Kana Shinoda — CodeBlue, Japan
  • Rodrigo Branco — H2HC, Brazil
  • Alexander Polyakov — ZeroNights, Russia
  • Bogk Andreas – Chaos Communication Congress

  • Language
  • English

Bootkit via SMS: 4G Access Level Security Assessment

Fast Track

Want to visit   +41

Authors: Kirill Nesterov, Timur Yunusov, Alexey Osipov

This report is devoted to the security of 4G networks. The speakers will focus on vulnerabilities found: SIM card attacks, remote phone cloning, traffic interception, changing passwords, and gaining access to internal networks.

  • Language
  • Russian

Kirill Nesterov is an information security specialist at Positive Technologies. Suffering from one-sided love for vulnerabilities, he learned IDA PRO.

Alexey Osipov is a senior expert of the penetration testing department at Positive Technologies, a graduate of Moscow Power Engineering Institute and the winner of the $natch contest at PHDays 2012.

Timur Yunusov is a senior expert of the banking system security department at Positive Technologies. The author of researches on information security and organizer of the Positive Hack Days forum, he also has been a speaker at Black Hat EU and ZeroNights.

Kirill Nesterov, Timur Yunusov, Alexey Osipov Kirill Nesterov, Timur Yunusov, Alexey Osipov

Calculation, Visualization, and Analysis of Security Metrics in SIEM Systems

Tech

Want to visit   +41

Author: Igor Kotenko

This report will focus on the current state of research and development introducing a new approach to calculation, visualization and analysis of security metrics for situation awareness in SIEM systems and providing aspects of implementation of software components in such systems.

  • Language
  • Russian

Igor Kotenko is a professor, head of the SPIIRAS Laboratory of Information Security Issues, and doctor of technical sciences. He participated in a variety of projects on developing new computer security technologies and innovative methods for monitoring and managing security incidents, detecting network intrusions, modeling network attacks, assessing network security, and verifying security policies. As a speaker, participated in the international forum PHDays three times.

Igor Kotenko Igor Kotenko

SSL/TLS: History of Vulnerabilities

Hands-on Labs

Want to visit   +40

Author: Vladimir Lepikhin

Over the past few years, there have been lots of vulnerabilities found in the TLS protocol, and hackers have invented new attacks — BEAST, CRIME, Heartbleed, and POODLE. This hands-on lab offers a case study of tools and techniques cybercriminals use for SSL/TLS attacks.

  • Language
  • Russian
Vladimir Lepikhin Vladimir Lepikhin

Information Security: Careers of the Future

Business

Want to visit   +39

Moderator: Evgeny Minkovsky

What jobs and technologies in information security will be in, say, five years? What about in fifteen years? During the meeting, invited experts will try to predict most likely trends using the Rapid Foresight method. This discussion is also available via online voting.

  • Igor Sokolov, a member of the Russian Academy of Sciences, director at the Institute of Informatics Problems of the Russian Academy of Sciences
  • Aleksey Lukatsky, a business consultant in information security with Cisco Systems
  • Mikhail Savelyev, director at Security Training Center Informzaschita, a specialized center of continuing professional education
  • Alexander Rusinov, director deputy at the Department of Development of Informational Technologies, Ministry of Telecom and Mass Communications of Russia
  • Dmitry Gorelov, commercial director at Active-Soft CJSC, director of RusCrypto
  • Ilya Dimitrov, a member of the Presidium of Opora Russia, an all-Russian non-governmental organization of small and medium-sized business, executive director at the Association of Electronic Trading Platforms

  • Language
  • Russian

Evgeny Minkovsky is a lead consultant for Positive Technologies and graduate of Moscow State University. He held courses dedicated to network security and OS Linux, also developed training courses at the security training center “Informzaschita”.

Memory Corruption: from Sandbox to SMM

Tech

Want to visit   +38

Author: Nikita Tarakanov

This report will focus on similarities and differences of memory corruptions exploitation in different rings, from userland to all-mighty SMM. It will demonstrate how many vulnerabilities are required to bypass all security mechanisms. Additionally, it will also discuss historical retrospective of multi-ring exploitation.

  • Language
  • Russian

Nikita Tarakanov is a security researcher at Intel currently engaged in reverse engineering and vulnerability search automation. He previously worked as an IS researcher at Positive Technologies, VUPEN Security, and CISS. The winner of the PHDays Hack2Own 2011/2012 contest and the author of reports about kernel mode drivers and their exploitation techniques. He is interested in writing exploits, especially for Windows NT Kernel.

Nikita Tarakanov Nikita Tarakanov

When File Encryption Helps Password Cracking

Fast Track

Want to visit   +38

Author: Sylvain Pelissier

The speaker will focus on eCryptfs, a Linux kernel file system used for file encryption. He will point out disadvantages of the default key wrapping process implemented in eCryptfs user space utilities (ecryptfs-utils) and suggest a possible solution to the problem.

  • Language
  • English

Sylvain Pelissier is a hardware security engineer at Kudelski Security. Previously, he worked on implementation of cryptography algorithms on different platforms as well as on critical code security.

Sylvain Pelissier Sylvain Pelissier

SAP Security: Real-life Attacks on Business Processes

Business

Want to visit   +37

Author: Ertunga Arsal

SAP applications build the business backbone of the largest organizations in the world. The speaker will show exploits that manipule a business process to extract money, critical payment information, and credit card data out of the business backbone. He will explain the attack vectors, and what effective measures you can take to prevent, detect and respond to them.

  • Language
  • English

Ertunga Arsal is the founder of ESNC, a company specialized in securing large enterprise SAP implementations. He is an active security researcher, and SAP released more than 80 security patches for the vulnerabilities he reported. He has been a speaker at many conferences, including Black Hat, Defcon, Chaos Communication Congress, DeepSec, SecT, and Hack.lu.

Ertunga Arsal Ertunga Arsal

Future Technologies for Internal Threat Elimination

Business

Want to visit   +36

Author: Natalya Kaspersky

Protection from data leaks has evolved to resistance to internal threats and business risks. According to InfoWatch Research Center, more than 80% of information security incidents experienced by companies are organized by their employees. This talk will focus on the main risks of internal threats and countermeasures of the future.

  • Language
  • Russian

Natalya Kaspersky graduated from Moscow State Institute of Electronic Engineering with a master’s degree in Applied Mathematics, and has a bachelor’s degree in Business of The UK Open University. She actively invests in high-tech companies.
Natalya is a co-founder of Kaspersky Lab, one of the world's largest antivirus companies, and CEO of InfoWatch Group of Companies, working in the sphere of information security. During her 10-year tenure at Kaspersky Lab, Natalya turned a small group of enthusiasts into a world-class international IT company with annual revenues of hundreds millions USD.
She holds multiple awards in Russian and International Business and IT including: “Best Technology Business Entrepreneur”, Women in Technology MEA 2014 awards, Dubai and Nominee as “The most influential person from Russia Q1 2015 for input in the IT industry” by BRIC Magazine, UK.

Natalya Kaspersky Natalya Kaspersky

Technologies for Protection of ICS Integrity

Business

Want to visit   +36

Author: Andrey Doukhvalov

Modern security technologies are oriented mostly on data confidentiality and less on data availability or integrity. Unfortunately, this does not work for industrial control systems (ICS). The main protection goal here is to provide control continuity.

  • Language
  • Russian

Starting as a software engineer at Kaspersky Lab in 1998, Andrey Doukhvalov rose to the chief software architect. Now he is the Head of Future Technologies engaged in development of a secured operating system and technologies designed to protect ICS.

Andrey Doukhvalov Andrey Doukhvalov

Today's Russia in Unfriendly Cyberworld

Business

Want to visit   +36

Moderator: Alexey Andreev

A panel discussion on what information security issues are now the most pending in Russia and other world.
Representatives of the State Duma, FSTEC, FSB and Ministry of Foreign Affairs of Russia are among the participants.

  • Language
  • Russian

Alexey Andreev, also known as Lexa and Mersey Shelley, is a Russian IT journalist, former editor-in-chief of the Webplanet web portal and other network projects. Alexey is the author of the cyberpunk novels "The Web" and "2048", full of that contain detailed predictions about our technological future. He received Russian and Ukrainian awards in literature, won three international haiku competitions (Japan). He currently works at Positive Technologies.

Practical Approaches to Automation of Reverse Engineering

Tech

Want to visit   +35

Author: Anton Dorfman

The report focuses on the author’s experience in creating a reverse engineering plugin based on IDAPython, which is capable of conducting primary automated code analysis and transferring results from the currently researched system to its other versions.

  • Language
  • Russian

Anton Dorfman is a researcher, reverser, assembly language fan, and PhD in Technical Sciences. He is interested in automating reverse engineering tasks. Anton was the third in the contest Best Reverser at PHDays 2012, presented a 4-hour long workshop on mastering shellcode at PHDays III and shared some ideas on data format reversing at Zero Nights 2013. He also covered the topic of reverse engineering automation technologies at PHDays IV and presented the results of his study in the report “FRODO: Format Reverser of Data Objects” at HITB 2014.

Anton Dorfman Anton Dorfman

Expert Community's Role in Generation of Information Security Threat Databases

Business

Want to visit   +34

Moderator: FSTEC of Russia

This year, FSTEC of Russia has launched a public information security threat database comprised of data on software vulnerabilities and typical threats to information systems. How is this resource made up? What is its purpose and how will it develop? How will its data be implemented? Experts, developers of information security systems and public officers will discuss these and other questions.

  • Language
  • Russian

How to Get the Common Criteria Certificate in Germany and Live to Tell the Tale

Business

Want to visit   +32

Author: Dmitry Kuznetsov

The speaker will focus on his first successful experience in certifying a Russian security product in the international certification system ISO 15408. He will point out similarities and differences between Russian and international certification procedures, obstacles he encountered and ways to overcome them. The report will be a valuable source of information to those developers who plan to enter international markets of enterprise-level information security tools.

  • Language
  • Russian

Dmitry Kuznetsov is the Director of Methodology and Standardization at Positive Technologies. He manages scientific researches in product development and certification. He also represents the company in the technical committees of the Federal Agency on Technical Regulating and Metrology — “Information Security” and “Standards for Financial Operations”.

Dmitry Kuznetsov Dmitry Kuznetsov

General Pr0ken File System

Tech

Want to visit   +31

Author: Felix Wilhelm

Co-author: Florian Grunow

The speakers will present a detailed overview of the IBM General Parallel File System (IBM GPFS), its flaws, and architecture. The system is used in some of the world's biggest supercomputers (e.g., IBM's Watson), which makes it a prime target for attackers as not only the data stored is valuable, but also the machines running the GPFS are quite powerful. Besides, the speakers will walk through exploitation of two innocent-looking bugs.

  • Language
  • English

Felix Wilhelm and Florian Grunow are security researchers at ERNW, a German security company. They are interested in understanding and breaking all kinds of software and have presented their research at such international security conferences as INFILTRATE, PoC, Troopers, and Hack in the Box.

Felix Wilhelm Felix Wilhelm, Florian Grunow

Kaspersky Lab’s Solutions for ICS Security

Business

Want to visit   +31

Author: Konstantin Kamanin

Kaspersky Lab’s overview of how to protect an ICS from main threats.

  • Language
  • Russian

Konstantin Kamanin is the Head of Industrial Security and Critical Infrastructure Protection, HQ, Product Management at Kaspersky Lab. Since 2013, he has been responsible for creating products and solutions that effectively protect industrial facilities and critical infrastructures from cyberthreats. He got wide experience in product management being responsible for creation and delivery of B2C, B2B, OEM and platform products and solutions.

Konstantin Kamanin Konstantin Kamanin

Invisible Backdoors In Your Code

Tech

Want to visit   +31

Author: Debasis Mohanty

This report will share facts of intentionally introduced security bugs demonstrating how such backdoors go unnoticed or undetectable for years. The speaker will touch upon few advanced techniques that can be used to introduce backdoors invisible to an automated static code vulnerability scanning tool or an experienced code reviewer. Providing an insight to the audience on how to identify and eliminate such sneaky bugs, the speaker will introduce an effective approach to preventing or detecting such backdoors before software is rolled out to end users.

  • Language
  • English

Debasis Mohanty has more than 14 years of experience in IT Security and Management. He has headed operations across information security domains including Incident Management, Cyber Forensics, and Security Assessment. He also has multiple security advisories and exploits to his credit, holds a Bachelor’s Degree in Computer Science, and works for Insomnia Security.

Debasis Mohanty Debasis Mohanty

GSM Security

Fast Track

Want to visit   +30

Author: Sergey Ponomarev

The speaker will review generally accessible tools for GSM radio channel analysis (AirProbe, OsmocomBB, OpenBTS, etc.); demonstrate the results of an experiment on passive traffic interception using OsmocomBB and point out its main difficulties (frequency hopping, SMS signal channel and voice channel encryption, AMR audio codecs).

  • Language
  • Russian
Sergey Ponomarev Sergey Ponomarev

Wireless Arduino-based Spy

Fast Track

Want to visit   +29

Author: Andrey Biryukov

External wireless devices have become quite widespread nowadays. Even at work, many people prefer using a wireless keyboard and mouse. However, are these devices secure?
The speaker will present keysweeper, a simple Arduino-based gadget that intercepts signals from the keyboard buttons and transfers them to the attacker. Using this device, the speaker will demonstrate vulnerabilities of modern wireless technologies.

  • Language
  • Russian

Andrey Biryukov is an IS system architect at MAYKOR. He has graduated from the Faculty of Applied Mathematics and Physics of Moscow Aviation Institute. A regular writer at the System Administrator magazine.

Andrey Biryukov Andrey Biryukov

Black and White: Underground and Security Trends

Business

Want to visit   +28

Author: Boris Simis

Co-author: Vladimir Kropotov

  • Language
  • Russian
Boris Simis Boris Simis, Vladimir Kropotov

Cyberspace in Outer Space

Business

Want to visit   +28

Moderator: Aleksey Andreev

Development of the Internet and other communication systems brought space much closer. On the one hand, the progress ensured space discoveries by thousands of amateur researchers, but on the other hand, it left spaceships wide open to hacker attacks threatening to disrupt costly missions. This round table discussion will be dedicated to the development of space technology in the digital era.

Reports:

  • Dmitry Pashkov — Amateur Radio for Space Communication
    The radio amateur from Mordovia will describe his experience of intercepting and handling space images and other curious data he managed to retrieve from satellites using homemade devices.
  • Vitaly Egorov — How the Internet Brings Space One Step Closer
    The review report focuses on scientific studies conducted through the Internet. Its author became famous after finding the Soviet station Mars 3 while studying the images from Mars probes.
  • Alexander Ilyin — Foreseeable Future for World’s Space Technology
    The co-owner of Lin Industrial and resident of the Skolkovo space cluster will talk about real and ideal plans for space research in a variety of countries.

  • Language
  • Russian

Alexey Andreev, also known as Lexa and Mersey Shelley, is a Russian IT journalist, former editor-in-chief of the Webplanet web portal and other network projects. Alexey is the author of the cyberpunk novels "The Web" and "2048", full of that contain detailed predictions about our technological future. He received Russian and Ukrainian awards in literature, won three international haiku competitions (Japan). He currently works at Positive Technologies.

Specifics of Data Storage in Popular Messaging Apps on Mobile Devices

Fast Track

Want to visit   +27

Author: Artyom Poltorzhitsky

The speaker will demonstrate the flaws of user data storage methods implemented in standard social network applications for Windows Phone.

  • Language
  • Russian
Artyom Poltorzhitsky Artyom Poltorzhitsky

Tempesta FW — Open Source Anti-DDoS Web Accelerator

Fast Track

Want to visit   +27

Author: Alexander Krizhanovsky

Co-author: Andrey Karpov

The report is devoted to Tempesta FW, a hybrid solution that combines a reverse proxy and a firewall. It accelerates web applications and provides a high-performance framework with access to all network layers for running complex network traffic classification and blocking modules. It is an open-source project published under GPL v2. The speaker will show real case studies of the project implementation.

  • Language
  • Russian

Alexander Krizhanovsky is the founder of NatSys Lab., a company that creates network traffic processing and data storage systems. He is a lead programmer at Tempesta Technologies (a subsidiary of NatSys Lab.) and a system architect at both companies. Previously he developed high-performance software at IBM, Yandex and Parallels.

Alexander Krizhanovsky Alexander Krizhanovsky, Andrey Karpov

Soviet Supercomputer K-340A and Security of Cloud Computing

Tech

Want to visit   +27

Author: Sergey Krendelev

The speaker will focus on issues of encrypted data processing with nonstandard encryption algorithms, such as fully homomorphic encryption and order preserving encryption, and on the use of homomorphic encryption for obfuscation.

  • Language
  • Russian

Sergey Krendelev is the head of the scientific laboratory Modern Computer Technologies at Novosibirsk State University. He also works at Parallels and is engaged in a project on cloud service protection.

Sergey Krendelev Sergey Krendelev

How to Spot Invisible Incidents

Business

Want to visit   +26

Author: Dmitry Kuznetsov

Statistics show that attackers require three to five days to obtain full control over large IT infrastructures. While intruders may operate in a hacked network for months, companies usually become acknowledged once hackers' actions lead to significant financial loss.

Standard protection means are of no help. Hiring hackers to prevent hypothetical incidents is unreal. How then to detect intruders in your network?

  • Language
  • Russian

Dmitry Kuznetsov is the Director of Methodology and Standardization at Positive Technologies. He manages scientific researches in product development and certification. He also represents the company in the technical committees of the Federal Agency on Technical Regulating and Metrology — “Information Security” and “Standards for Financial Operations”.

Dmitry Kuznetsov Dmitry Kuznetsov

Protecting HART Against Hacker Attacks

Fast Track

Want to visit   +26

Author: Ravil Zulkarnaev

This report will cover theoretical security issues concerning data transfer via the HART protocol. It will also provide an overview of a new software and hardware device designed to detect unauthorized connections and block malicious intrusion.

  • Language
  • Russian
Ravil Zulkarnaev Ravil Zulkarnaev

How to Detect Threats in Car Onboard Data Transferring Networks

Fast Track

Want to visit   +24

Author: Nikolai Kalintsev

Electronics control all systems in a modern car — its engine, brakes, roadholding ability, safety bags, climate control, etc. But all these systems share a significant problem — vulnerability on a hardware level. While recently risks were limited to external or human factors, now a car represents a threat.
This small talk is devoted to a new hardware and software solution designed to detect threats in onboard data transferring networks and to block hacks.

  • Language
  • Russian
Nikolai Kalintsev Nikolai Kalintsev

Destroy — Create — Destroy

Business

Want to visit   +23

Author: Alexey Kachalin

Assessment of information system and application security in the course of development is gradually becoming popular. Security specialists have finally gained credence to be included in development teams and start creating knowledge databases to store research results. What are developers and information system owners expecting from researchers? This talk is about current tasks to be solved and the quality of regular assessments.

  • Language
  • Russian
Alexey Kachalin Alexey Kachalin

Windows Driver Fuzzing

Fast Track

Want to visit   +23

Author: Lazar Altschuller

This talk is about a new approach in using virtual machines with pre-installed drivers for fuzzing.

  • Language
  • Russian

Lazar Altschuller is a MEPhI student (the Department of Cybernetics and Information Security).

Lazar Altschuller Lazar Altschuller

Information Security Market: Novelties, Questions & Answers

Business

Want to visit   +22

Moderator: Oleg Glebov

Leading participants of the IS market will introduce their products and solutions:

  • Oleg Glebov — Overview of Advanced Threats and Countermeasures
  • Aleksey Kiselev — Modern DDoS Attacks: Tendencies, Risks and Approaches to Security
  • Igor Lyapunov — From IS Products to Services. Distribution Evolution. Jet Infosystems
  • Yuri Sergeev, Head of Software Security — Sberbank-Technology Software Security Practice @ Sberbank Technology

  • Language
  • Russian

Oleg Glebov rose from a system administrator in a small IT company to a well-known information security expert. More than 100 articles in IT and IS magazines. A certified information security expert with fundamental security and cryptography knowledge has almost 6 years of active work with leading global vendors (HP, SUN, IBM, CheckPoint, Cisco, Wibu-Systems, and McAfee).