POSITIVE HACK DAYS



ORGANIZER

Fast Track

Circle of Mugging: Identity Theft in Moscow Metro

Want to visit   +218

Author: George Noseevich

Since January 2015, the Moscow Metro Wi-Fi has officially become available on all the subway lines, and as early as the end of the month the network got compulsory identification by a mobile phone number. The speaker will talk about the system’s implementation features and weak points and explain how hackers can “trick” the identification or use someone else’s phone number to get the access. As a bonus, you will learn how to get the mobile number of “that hot blonde over there”.

  • Language
  • Russian

George Noseevich is a Ph.D. student of the Faculty of Computational Mathematics and Cybernetics, Moscow State University. George does commercial pentesting and participates in online competitions and bug bounties both individually and as a member of the Bushwhackers CTF team. His research is mostly focused on finding logic vulnerabilities in web applications as well as protecting applications against targeted attacks that exploit logic flaws. He has also been a speaker at international and local conferences –  ZeroNights 2012, Hack In The Box 2013, SysSec Workshop 2011.

George Noseevich George Noseevich

The End of Anonymity on Anonymous Networks

Want to visit   +122

Author: Denis Makrushin

Co-author: Maria Garnaeva

The problem of user de-anonymization on the Darknet becomes more and more popular. The report will cover a variety of exploits for vulnerabilities in .onion resources and configuration flaws that can be utilized to obtain information on Tor users.

  • Language
  • Russian

Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He graduated from the Faculty of Cybernetics and Information Security of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute); specializes in analysis of possible threats and follows the Offensive Security philosophy. Denis has gained an extensive experience in information security; was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for exposure to DDoS attacks; helped to organize and conduct an international forum on practical security.

Maria Garnaeva is an antivirus expert at Kaspersky Lab.

Denis Makrushin Denis Makrushin, Maria Garnaeva

GSM Signal Interception Protection

Want to visit   +109

Authors: Sergey Kharkov

Co-author: Artyom Poltorzhitsky

GSM network attacks, involving replacement of a base station with a virtual one (MITM attacks), allow eavesdropping any mobile phone conversation. The speaker will describe a general MITM attack pattern, the working principle of hacking devices and define the criteria, which may help detect a fake station. He will also show a Windows Phone application, which detects switching over to a virtual base station.

  • Language
  • Russian

Sergey Kharkov is a security expert at National Research Nuclear University MEPhI. He specializes in IS research, cellular network and mobile phone security.

Sergey Kharkov Sergey Kharkov, Artyom Poltorzhitsky

How to Choose WAF

Want to visit   +70

Author: Eldar Beibutov

The report is about choosing a web application firewall for a large company. The speaker will define the web firewall tasks, point out its core capabilities in terms of the best practices and real cases, and assess some of the most interesting solutions on the market.

  • Language
  • Russian

Eldar Beibutov does a master’s degree on information security management at Higher School of Economics and works as an IS engineer at Jet Infosystems. Last year, he graduated from Ufa State Aviation Technical University with a security specialist degree and moved to Moscow.

Eldar Beibutov Eldar Beibutov

Mobile "Security"

Want to visit   +66

Authors: Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina

The speakers will present a complete analysis process implemented to check if mobile applications comply with security standards. They will demonstrate a specially developed static analysis tool, dynamic analysis methods and exploitation of vulnerabilities found in real applications.

  • Language
  • Russian

Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.

Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.

Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina

Binary Analysis Using Decompilation and LLVM

Want to visit   +61

Authors: Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina

The report describes how to apply binary decompilation methods to find security flaws in binary programs. The speaker will show the current state of the decompilation tool and discuss his choice of methods employed.

  • Language
  • Russian

Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.

Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.

Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina

Hacking a Site on Adobe Experience Manager

Want to visit   +60

Author: Mikhail Egorov

The report is devoted to security testing of web applications based on Adobe Experience Manager (AEM). The speaker will share his experience of searching and exploiting vulnerabilities he came across during his work (vulnerabilities that lead to sensitive data leakage, DoS attacks, XSS, XXE and even RCE) and demonstrate self-developed tools, which can help automate security testing of AEM-based web applications.

  • Language
  • Russian

Mikhail Egorov is an independent researcher and an information security expert at Odin (Parallels). He graduated from Bauman Moscow State Technical University in 2009 with a master's degree in information security. He has OSCP and CISSP certificates. Key interests — vulnerability search, fuzzing, reverse engineering, cryptography, web application and network security.

Mikhail Egorov Mikhail Egorov

Not by Nmap Alone

Want to visit   +58

Author: Dmitry Boomov

The researcher will look into the possibility of internal infrastructure scanning via a victim’s browser with JavaScript disabled. Pretend all information about internal infrastructure is in the hands of a single person. Instead of forcing him or her to run nmap, you may scan a local network via the victim’s browser even if JavaScript in the said browser is restricted or disabled for security purposes. To accomplish that, you just need the target to click on the desired link.

  • Language
  • Russian

Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Dmitry Boomov Dmitry Boomov

Log Analysis Automation Through Elasticsearch

Want to visit   +57

Author: Vitaly Chetvertakov

Co-author: Kirill Semyonov

The report is devoted to analyzing and correlating large amounts of logs from a variety of information systems. The speakers will provide an example of a log analysis system used to detect malicious software within networks and demonstrate a solution that allows using indicators of compromise (IOC).

  • Language
  • Russian

Vitaly Chetvertakov is an anti-intrusion and computer forensics expert. He is keen on Python programming, developing web applications and automating the analysis of large amounts of data. He has been a speaker at various IS conferences.

Kirill Semyonov is an IS analyst. He is engaged in network attack security, investigates IS incidents and conducts research focused on the analysis of large amounts of data. He is interested in Python programming and penetration testing.

Vitaly Chetvertakov Vitaly Chetvertakov, Kirill Semyonov

Static Analysis of Source Code After 200 Open-Source Projects

Want to visit   +54

Author: Evgeny Ryzhkov

Co-author: Andrey Karpov

NDA often forbids releasing information about closed commercial projects, but open source can and should be discussed. Over the past few years, the speakers have analyzed hundreds of software projects — from zlib to Chromium — and are now ready to share this experience and reveal what mistakes are typical of open-source projects, whether closed code is better than open, whether coding standards should be complied with, and whether complex architectural errors are more difficult to find than misprints.

  • Language
  • Russian

Evgeny Ryzhkov is the general director of Program Verification Systems, a company that develops the PVS-Studio static code analyzer. He is the author of articles devoted to software system development and code analysis technologies. He defended a thesis on "Static code analysis for automated errors detection during software migration to 64-bit platforms".

Andrey Karpov is the technical director of Program Verification Systems and developer of source code static analyzers. He has worked for several years at the scientific center "CFD Software Group", where he has acquired exceptional experience in resource-intensive software development in the sphere of computational modeling and visualization. He is the creator of the Viva64 static analyzer and the PVS-Studio package.

Evgeny Ryzhkov Evgeny Ryzhkov, Andrey Karpov

Specialized Compiler for Hash Cracking

Want to visit   +52

Author: Alexey Cherepanov

A lot of time was spent to improve hash cracking speed, but the results still leave much to be desired. However, what if it was possible to make computer optimize the code and to separate crypto primitives and optimizations? The most flexible and powerful solution is code generation. The speaker will make an overview of various approaches and demonstrate the code generation techniques used in john-devkit to improve John the Ripper, the famous password cracker.

  • Language
  • Russian

Alexey Cherepanov is a programmer fascinated by free software, participant of GSoC 2012, contributor to John the Ripper, and the current maintainer of Johnny the GUI for John the Ripper.

Alexey Cherepanov Alexey Cherepanov

Yet Another Shodan: Creating a Similar Search Engine

Want to visit   +47

Author: Igor Agievich

Co-author: Pavel Markov

The Shodan search engine has lately become very popular. It allows searching for various equipment connected to the Internet. The report is devoted to an alternative search engine with the same tasks. The speakers will explain how they decided to start such a project, describe the similarities and differences between Shodan and the new system, and show how they solved the development problems.

  • Language
  • Russian

In 2010, Igor Agievich graduated from the Saint-Petersburg Polytechnic University (the department of Radio Engineering for Securing Information) becoming a Master of Engineering and Technology in the sphere of telecommunication (with specialization in Secure Telecommunication Systems). Has been a speaker at PHDays, Chaos Constructions, and Defcon Russia. Author of researches in information security. Published vulnerabilities found in Agnitum Outpost Security Suite, VirtualBox and vBulletin.

Pavel Markov is a software engineer at Radiomonitoring Technology (Saint Petersburg). He has been a speaker at PHDays for the last three years, prizewinner of the Critical Infrastructure Attack contest at PHDays IV.

Igor Agievich Igor Agievich, Pavel Markov

Lock Screen Bypass on Android Devices

Want to visit   +46

Author: Leonid Lukyanenko

The report is devoted to the methods of bypassing lock screens on Android devices. The speaker will demonstrate how to find out the owner's password, replace it with your own, and unlock bootloader.

  • Language
  • Russian
Leonid Lukyanenko Leonid Lukyanenko

fuzz.txt

Want to visit   +45

Author: Dmitry Boomov

Co-author: Oleg Kupreev

The report will focus on a new tool for mass web application scanning based on the Nikto scanner. Its developers — Oleg “0x90” Kupreev (Digital Security) and Dmitry “Bo0oM” Boomov (ONsec) — will explain how it works and what makes it so effective.

  • Language
  • Russian

Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Dmitry Boomov Dmitry Boomov, Oleg Kupreev

Is There Life Without SIEM?

Want to visit   +45

Author: Igor Gots

The speaker will demonstrate an effective primary analysis of system logs by using freeware. A system built within 10 man-hours out of several open-source products (syslog, Logstash, Elasticsearch, and Kibana) can make forensics tasks as easy as a mouse click.

  • Language
  • Russian

Igor Gots is an IS manager. He studies and implements methods of collecting and analyzing server and equipment logs.

Igor Gots Igor Gots

Don’t Believe Your Own Redirects

Want to visit   +42

Author: Mikhail Bolshov

This talk will focus on ways to bypass trusted redirects of Yandex, Mail.Ru, and LiveInternet.

  • Language
  • Russian

Mikhail Bolshov is an independent researcher of web technologies and web application protection. He specializes in provision of complex information security, participates in CTF competitions and bug bounty programs launched by Mail.Ru, Yandex, QIWI, etc.

Mikhail Bolshov Mikhail Bolshov

Bootkit via SMS: 4G Access Level Security Assessment

Want to visit   +41

Authors: Kirill Nesterov, Timur Yunusov, Alexey Osipov

This report is devoted to the security of 4G networks. The speakers will focus on vulnerabilities found: SIM card attacks, remote phone cloning, traffic interception, changing passwords, and gaining access to internal networks.

  • Language
  • Russian

Kirill Nesterov is an information security specialist at Positive Technologies. Suffering from one-sided love for vulnerabilities, he learned IDA PRO.

Alexey Osipov is a senior expert of the penetration testing department at Positive Technologies, a graduate of Moscow Power Engineering Institute and the winner of the $natch contest at PHDays 2012.

Timur Yunusov is a senior expert of the banking system security department at Positive Technologies. The author of researches on information security and organizer of the Positive Hack Days forum, he also has been a speaker at Black Hat EU and ZeroNights.

Kirill Nesterov, Timur Yunusov, Alexey Osipov Kirill Nesterov, Timur Yunusov, Alexey Osipov

When File Encryption Helps Password Cracking

Want to visit   +38

Author: Sylvain Pelissier

The speaker will focus on eCryptfs, a Linux kernel file system used for file encryption. He will point out disadvantages of the default key wrapping process implemented in eCryptfs user space utilities (ecryptfs-utils) and suggest a possible solution to the problem.

  • Language
  • English

Sylvain Pelissier is a hardware security engineer at Kudelski Security. Previously, he worked on implementation of cryptography algorithms on different platforms as well as on critical code security.

Sylvain Pelissier Sylvain Pelissier

GSM Security

Want to visit   +30

Author: Sergey Ponomarev

The speaker will review generally accessible tools for GSM radio channel analysis (AirProbe, OsmocomBB, OpenBTS, etc.); demonstrate the results of an experiment on passive traffic interception using OsmocomBB and point out its main difficulties (frequency hopping, SMS signal channel and voice channel encryption, AMR audio codecs).

  • Language
  • Russian
Sergey Ponomarev Sergey Ponomarev

Wireless Arduino-based Spy

Want to visit   +29

Author: Andrey Biryukov

External wireless devices have become quite widespread nowadays. Even at work, many people prefer using a wireless keyboard and mouse. However, are these devices secure?
The speaker will present keysweeper, a simple Arduino-based gadget that intercepts signals from the keyboard buttons and transfers them to the attacker. Using this device, the speaker will demonstrate vulnerabilities of modern wireless technologies.

  • Language
  • Russian

Andrey Biryukov is an IS system architect at MAYKOR. He has graduated from the Faculty of Applied Mathematics and Physics of Moscow Aviation Institute. A regular writer at the System Administrator magazine.

Andrey Biryukov Andrey Biryukov

Specifics of Data Storage in Popular Messaging Apps on Mobile Devices

Want to visit   +27

Author: Artyom Poltorzhitsky

The speaker will demonstrate the flaws of user data storage methods implemented in standard social network applications for Windows Phone.

  • Language
  • Russian
Artyom Poltorzhitsky Artyom Poltorzhitsky

Tempesta FW — Open Source Anti-DDoS Web Accelerator

Want to visit   +27

Author: Alexander Krizhanovsky

Co-author: Andrey Karpov

The report is devoted to Tempesta FW, a hybrid solution that combines a reverse proxy and a firewall. It accelerates web applications and provides a high-performance framework with access to all network layers for running complex network traffic classification and blocking modules. It is an open-source project published under GPL v2. The speaker will show real case studies of the project implementation.

  • Language
  • Russian

Alexander Krizhanovsky is the founder of NatSys Lab., a company that creates network traffic processing and data storage systems. He is a lead programmer at Tempesta Technologies (a subsidiary of NatSys Lab.) and a system architect at both companies. Previously he developed high-performance software at IBM, Yandex and Parallels.

Alexander Krizhanovsky Alexander Krizhanovsky, Andrey Karpov

Protecting HART Against Hacker Attacks

Want to visit   +26

Author: Ravil Zulkarnaev

This report will cover theoretical security issues concerning data transfer via the HART protocol. It will also provide an overview of a new software and hardware device designed to detect unauthorized connections and block malicious intrusion.

  • Language
  • Russian
Ravil Zulkarnaev Ravil Zulkarnaev

How to Detect Threats in Car Onboard Data Transferring Networks

Want to visit   +24

Author: Nikolai Kalintsev

Electronics control all systems in a modern car — its engine, brakes, roadholding ability, safety bags, climate control, etc. But all these systems share a significant problem — vulnerability on a hardware level. While recently risks were limited to external or human factors, now a car represents a threat.
This small talk is devoted to a new hardware and software solution designed to detect threats in onboard data transferring networks and to block hacks.

  • Language
  • Russian
Nikolai Kalintsev Nikolai Kalintsev

Windows Driver Fuzzing

Want to visit   +23

Author: Lazar Altschuller

This talk is about a new approach in using virtual machines with pre-installed drivers for fuzzing.

  • Language
  • Russian

Lazar Altschuller is a MEPhI student (the Department of Cybernetics and Information Security).

Lazar Altschuller Lazar Altschuller