Fast Track
Circle of Mugging: Identity Theft in Moscow Metro
Author: George Noseevich
Since January 2015, the Moscow Metro Wi-Fi has officially become available on all the subway lines, and as early as the end of the month the network got compulsory identification by a mobile phone number. The speaker will talk about the system’s implementation features and weak points and explain how hackers can “trick” the identification or use someone else’s phone number to get the access. As a bonus, you will learn how to get the mobile number of “that hot blonde over there”.
- Language
- Russian
George Noseevich is a Ph.D. student of the Faculty of Computational Mathematics and Cybernetics, Moscow State University. George does commercial pentesting and participates in online competitions and bug bounties both individually and as a member of the Bushwhackers CTF team. His research is mostly focused on finding logic vulnerabilities in web applications as well as protecting applications against targeted attacks that exploit logic flaws. He has also been a speaker at international and local conferences – ZeroNights 2012, Hack In The Box 2013, SysSec Workshop 2011.

The End of Anonymity on Anonymous Networks
Author: Denis Makrushin
Co-author: Maria Garnaeva
The problem of user de-anonymization on the Darknet becomes more and more popular. The report will cover a variety of exploits for vulnerabilities in .onion resources and configuration flaws that can be utilized to obtain information on Tor users.
- Language
- Russian
- Info
- Video
Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He graduated from the Faculty of Cybernetics and Information Security of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute); specializes in analysis of possible threats and follows the Offensive Security philosophy. Denis has gained an extensive experience in information security; was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for exposure to DDoS attacks; helped to organize and conduct an international forum on practical security.
Maria Garnaeva is an antivirus expert at Kaspersky Lab.

GSM Signal Interception Protection
Authors: Sergey Kharkov
Co-author: Artyom Poltorzhitsky
GSM network attacks, involving replacement of a base station with a virtual one (MITM attacks), allow eavesdropping any mobile phone conversation. The speaker will describe a general MITM attack pattern, the working principle of hacking devices and define the criteria, which may help detect a fake station. He will also show a Windows Phone application, which detects switching over to a virtual base station.
- Language
- Russian
- Info
- Video
Sergey Kharkov is a security expert at National Research Nuclear University MEPhI. He specializes in IS research, cellular network and mobile phone security.

How to Choose WAF
Author: Eldar Beibutov
The report is about choosing a web application firewall for a large company. The speaker will define the web firewall tasks, point out its core capabilities in terms of the best practices and real cases, and assess some of the most interesting solutions on the market.
- Language
- Russian
- Info
- Video
Eldar Beibutov does a master’s degree on information security management at Higher School of Economics and works as an IS engineer at Jet Infosystems. Last year, he graduated from Ufa State Aviation Technical University with a security specialist degree and moved to Moscow.

Mobile "Security"
Authors: Yaroslav Alexandrov, Lenar Safin, Alexander Chernov, Katerina Troshina
The speakers will present a complete analysis process implemented to check if mobile applications comply with security standards. They will demonstrate a specially developed static analysis tool, dynamic analysis methods and exploitation of vulnerabilities found in real applications.
- Language
- Russian
- Info
- Video
Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.
Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.

Hacking a Site on Adobe Experience Manager
Author: Mikhail Egorov
The report is devoted to security testing of web applications based on Adobe Experience Manager (AEM). The speaker will share his experience of searching and exploiting vulnerabilities he came across during his work (vulnerabilities that lead to sensitive data leakage, DoS attacks, XSS, XXE and even RCE) and demonstrate self-developed tools, which can help automate security testing of AEM-based web applications.
- Language
- Russian
- Info
- Video
Mikhail Egorov is an independent researcher and an information security expert at Odin (Parallels). He graduated from Bauman Moscow State Technical University in 2009 with a master's degree in information security. He has OSCP and CISSP certificates. Key interests — vulnerability search, fuzzing, reverse engineering, cryptography, web application and network security.

Binary Analysis Using Decompilation and LLVM
Authors: Lenar Safin, Yaroslav Alexandrov, Alexander Chernov, Katerina Troshina
The report describes how to apply binary decompilation methods to find security flaws in binary programs. The speaker will show the current state of the decompilation tool and discuss his choice of methods employed.
- Language
- Russian
- Info
- Video
Lenar Safin is a postgraduate student of the faculty of computer science and technology at Saint Petersburg Electrotechnical University "LETI" and a software engineer at SmartDec. He is engaged in the reverse engineering, audit and automation of application security processes.
Yaroslav Alexandrov is a researcher and developer at SmartDec. In 2013, he graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University, entered a Ph.D. program, and now is working on a thesis on “Binary Statistical Analysis of Mobile Applications for Android”. Key interests — binary analysis, decompilation and mobile application security.

Not by Nmap Alone
Author: Dmitry Boomov
The researcher will look into the possibility of internal infrastructure scanning via a victim’s browser with JavaScript disabled. Pretend all information about internal infrastructure is in the hands of a single person. Instead of forcing him or her to run nmap, you may scan a local network via the victim’s browser even if JavaScript in the said browser is restricted or disabled for security purposes. To accomplish that, you just need the target to click on the desired link.
- Language
- Russian
- Info
- Video
Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Log Analysis Automation Through Elasticsearch
Author: Vitaly Chetvertakov
Co-author: Kirill Semyonov
The report is devoted to analyzing and correlating large amounts of logs from a variety of information systems. The speakers will provide an example of a log analysis system used to detect malicious software within networks and demonstrate a solution that allows using indicators of compromise (IOC).
- Language
- Russian
Vitaly Chetvertakov is an anti-intrusion and computer forensics expert. He is keen on Python programming, developing web applications and automating the analysis of large amounts of data. He has been a speaker at various IS conferences.
Kirill Semyonov is an IS analyst. He is engaged in network attack security, investigates IS incidents and conducts research focused on the analysis of large amounts of data. He is interested in Python programming and penetration testing.

Static Analysis of Source Code After 200 Open-Source Projects
Author: Evgeny Ryzhkov
Co-author: Andrey Karpov
NDA often forbids releasing information about closed commercial projects, but open source can and should be discussed. Over the past few years, the speakers have analyzed hundreds of software projects — from zlib to Chromium — and are now ready to share this experience and reveal what mistakes are typical of open-source projects, whether closed code is better than open, whether coding standards should be complied with, and whether complex architectural errors are more difficult to find than misprints.
- Language
- Russian
- Info
- Video
Evgeny Ryzhkov is the general director of Program Verification Systems, a company that develops the PVS-Studio static code analyzer. He is the author of articles devoted to software system development and code analysis technologies. He defended a thesis on "Static code analysis for automated errors detection during software migration to 64-bit platforms".
Andrey Karpov is the technical director of Program Verification Systems and developer of source code static analyzers. He has worked for several years at the scientific center "CFD Software Group", where he has acquired exceptional experience in resource-intensive software development in the sphere of computational modeling and visualization. He is the creator of the Viva64 static analyzer and the PVS-Studio package.

Specialized Compiler for Hash Cracking
Author: Alexey Cherepanov
A lot of time was spent to improve hash cracking speed, but the results still leave much to be desired. However, what if it was possible to make computer optimize the code and to separate crypto primitives and optimizations? The most flexible and powerful solution is code generation. The speaker will make an overview of various approaches and demonstrate the code generation techniques used in john-devkit to improve John the Ripper, the famous password cracker.
- Language
- Russian
- Info
- Video
- Presentation
Alexey Cherepanov is a programmer fascinated by free software, participant of GSoC 2012, contributor to John the Ripper, and the current maintainer of Johnny the GUI for John the Ripper.

Yet Another Shodan: Creating a Similar Search Engine
Author: Igor Agievich
Co-author: Pavel Markov
The Shodan search engine has lately become very popular. It allows searching for various equipment connected to the Internet. The report is devoted to an alternative search engine with the same tasks. The speakers will explain how they decided to start such a project, describe the similarities and differences between Shodan and the new system, and show how they solved the development problems.
- Language
- Russian
- Info
- Video
In 2010, Igor Agievich graduated from the Saint-Petersburg Polytechnic University (the department of Radio Engineering for Securing Information) becoming a Master of Engineering and Technology in the sphere of telecommunication (with specialization in Secure Telecommunication Systems).
Has been a speaker at PHDays, Chaos Constructions, and Defcon Russia.
Author of researches in information security. Published vulnerabilities found in Agnitum Outpost Security Suite, VirtualBox and vBulletin.
Pavel Markov is a software engineer at Radiomonitoring Technology (Saint Petersburg). He has been a speaker at PHDays for the last three years, prizewinner of the Critical Infrastructure Attack contest at PHDays IV.

Lock Screen Bypass on Android Devices
Author: Leonid Lukyanenko
The report is devoted to the methods of bypassing lock screens on Android devices. The speaker will demonstrate how to find out the owner's password, replace it with your own, and unlock bootloader.
- Language
- Russian

fuzz.txt
Author: Dmitry Boomov
Co-author: Oleg Kupreev
The report will focus on a new tool for mass web application scanning based on the Nikto scanner. Its developers — Oleg “0x90” Kupreev (Digital Security) and Dmitry “Bo0oM” Boomov (ONsec) — will explain how it works and what makes it so effective.
- Language
- Russian
Dmitry Boomov is an information security researcher and penetration testing specialist at ONsec.

Is There Life Without SIEM?
Author: Igor Gots
The speaker will demonstrate an effective primary analysis of system logs by using freeware. A system built within 10 man-hours out of several open-source products (syslog, Logstash, Elasticsearch, and Kibana) can make forensics tasks as easy as a mouse click.
- Language
- Russian
Igor Gots is an IS manager. He studies and implements methods of collecting and analyzing server and equipment logs.

Don’t Believe Your Own Redirects
Author: Mikhail Bolshov
This talk will focus on ways to bypass trusted redirects of Yandex, Mail.Ru, and LiveInternet.
- Language
- Russian
- Info
- Video
Mikhail Bolshov is an independent researcher of web technologies and web application protection. He specializes in provision of complex information security, participates in CTF competitions and bug bounty programs launched by Mail.Ru, Yandex, QIWI, etc.

Bootkit via SMS: 4G Access Level Security Assessment
Authors: Kirill Nesterov, Timur Yunusov, Alexey Osipov
This report is devoted to the security of 4G networks. The speakers will focus on vulnerabilities found: SIM card attacks, remote phone cloning, traffic interception, changing passwords, and gaining access to internal networks.
- Language
- Russian
- Info
- Video
- Presentation
Kirill Nesterov is an information security specialist at Positive Technologies. Suffering from one-sided love for vulnerabilities, he learned IDA PRO.
Alexey Osipov is a senior expert of the penetration testing department at Positive Technologies, a graduate of Moscow Power Engineering Institute and the winner of the $natch contest at PHDays 2012.
Timur Yunusov is a senior expert of the banking system security department at Positive Technologies. The author of researches on information security and organizer of the Positive Hack Days forum, he also has been a speaker at Black Hat EU and ZeroNights.

When File Encryption Helps Password Cracking
Author: Sylvain Pelissier
The speaker will focus on eCryptfs, a Linux kernel file system used for file encryption. He will point out disadvantages of the default key wrapping process implemented in eCryptfs user space utilities (ecryptfs-utils) and suggest a possible solution to the problem.
- Language
- English
- Info
- Video
- Presentation
Sylvain Pelissier is a hardware security engineer at Kudelski Security. Previously, he worked on implementation of cryptography algorithms on different platforms as well as on critical code security.

GSM Security
Author: Sergey Ponomarev
The speaker will review generally accessible tools for GSM radio channel analysis (AirProbe, OsmocomBB, OpenBTS, etc.); demonstrate the results of an experiment on passive traffic interception using OsmocomBB and point out its main difficulties (frequency hopping, SMS signal channel and voice channel encryption, AMR audio codecs).
- Language
- Russian
- Info
- Video

Wireless Arduino-based Spy
Author: Andrey Biryukov
External wireless devices have become quite widespread nowadays. Even at work, many people prefer using a wireless keyboard and mouse. However, are these devices secure?
The speaker will present keysweeper, a simple Arduino-based gadget that intercepts signals from the keyboard buttons and transfers them to the attacker. Using this device, the speaker will demonstrate vulnerabilities of modern wireless technologies.
- Language
- Russian
Andrey Biryukov is an IS system architect at MAYKOR. He has graduated from the Faculty of Applied Mathematics and Physics of Moscow Aviation Institute. A regular writer at the System Administrator magazine.

Specifics of Data Storage in Popular Messaging Apps on Mobile Devices
Author: Artyom Poltorzhitsky
The speaker will demonstrate the flaws of user data storage methods implemented in standard social network applications for Windows Phone.
- Language
- Russian

Tempesta FW — Open Source Anti-DDoS Web Accelerator
Author: Alexander Krizhanovsky
Co-author: Andrey Karpov
The report is devoted to Tempesta FW, a hybrid solution that combines a reverse proxy and a firewall. It accelerates web applications and provides a high-performance framework with access to all network layers for running complex network traffic classification and blocking modules. It is an open-source project published under GPL v2. The speaker will show real case studies of the project implementation.
- Language
- Russian
Alexander Krizhanovsky is the founder of NatSys Lab., a company that creates network traffic processing and data storage systems. He is a lead programmer at Tempesta Technologies (a subsidiary of NatSys Lab.) and a system architect at both companies. Previously he developed high-performance software at IBM, Yandex and Parallels.

Protecting HART Against Hacker Attacks
Author: Ravil Zulkarnaev
This report will cover theoretical security issues concerning data transfer via the HART protocol. It will also provide an overview of a new software and hardware device designed to detect unauthorized connections and block malicious intrusion.
- Language
- Russian
- Info
- Video

How to Detect Threats in Car Onboard Data Transferring Networks
Author: Nikolai Kalintsev
Electronics control all systems in a modern car — its engine, brakes, roadholding ability, safety bags, climate control, etc. But all these systems share a significant problem — vulnerability on a hardware level. While recently risks were limited to external or human factors, now a car represents a threat.
This small talk is devoted to a new hardware and software solution designed to detect threats in onboard data transferring networks and to block hacks.
- Language
- Russian

Windows Driver Fuzzing
Author: Lazar Altschuller
This talk is about a new approach in using virtual machines with pre-installed drivers for fuzzing.
- Language
- Russian
Lazar Altschuller is a MEPhI student (the Department of Cybernetics and Information Security).
