Hands-on Labs

Building a Cyber Fortress

Author: Alexander Sverdlov

This fast and intensive one-hour hands-on lab is devoted to hardening operating systems, routers, networked devices and establishing usage practices, which significantly decrease the chances of a compromise, exploitation, and backdooring.

  • Language
  • English

Alexander Sverdlov is a cyber-incident responder in Dubai and specializes in incident prevention. He worked as a security manager at Hewlett-Packard, ITSO, ProCredit Bank Bulgaria, conducted hands-on labs on cyber forensics at PHDays III and PHDays IV.

Alexander Sverdlov Alexander Sverdlov

RFID/NFC for the Masses

Author: Nahuel Grisolía

The workshop covers both the Low Frequency band (mainly used for individual physical access to buildings, garages, hotels, etc.) and the High Frequency band, where NFC is the main term we are going to discuss. Mobile payment, Paypass, Paywave and NFC USIM are out there too. This workshop will provide you with all the tools, materials, and references for further study and research.

  • Language
  • English

Nahuel Grisolía is an information security professional from Argentina, where he runs his own company called Cinta Infinita. He is specialized in web application penetration testing and hardware hacking. He loves playing with Arduino’s, ARM-based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks at a couple of conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMware, Manage Engine, Oracle, Websense, Google, Twitter, as well as in free software projects like Achievo, Cacti, OSSIM, Dolibarr, and osTicket.

Nahuel Grisolía Nahuel Grisolía

iOS Application Exploitation

Author: Prateek Gianchandani

Co-author: Egor Tolstoy

This will be a hands-on introduction to exploiting iOS applications. The training will be based on using Damn Vulnerable iOS App to show the different kinds of vulnerabilities and to help developers secure their own applications.

  • Language
  • English

Prateek Gianchandani, an OWASP member and contributor, is currently working as an information security engineer for Emirates Airlines in Dubai. His core focus area is iOS application pentesting. He is also the author of Damn Vulnerable iOS App and runs a blog series on iOS application security.

Egor Tolstoy is a graduate of Information Security Faculty of Moscow Aviation Institute. Now he is an iOS software engineer in Rambler&Co. Besides primary activity he handles the security aspects of the developed systems and conducts penetration testing of different mobile applications.

Prateek Gianchandani Prateek Gianchandani, Egor Tolstoy

Debug Automation in WinDbg

Author: Alexander Tarasenko

This will be a hands-on demonstration on how to automate painstaking tasks using WinDbg. You will learn how to develop a script by means of the WinDbg integrated engine, Python and PyKd extension (install WinDbg, Python 2.7 and download the provided dumps in advance). The report is supposed to be interesting to reverse engineering specialists and to software developers seeking nontrivial debugging tools.

  • Language
  • Russian

Alexander Tarasenko graduated from Saint Petersburg Electrotechnical University; worked as a programmer at Agnitum and a software developer at Kaspersky Lab. He is fond of open-source projects and Python programming.

Alexander Tarasenko Alexander Tarasenko

SSL/TLS: History of Vulnerabilities

Author: Vladimir Lepikhin

Over the past few years, there have been lots of vulnerabilities found in the TLS protocol, and hackers have invented new attacks — BEAST, CRIME, Heartbleed, and POODLE. This hands-on lab offers a case study of tools and techniques cybercriminals use for SSL/TLS attacks.

  • Language
  • Russian
Vladimir Lepikhin Vladimir Lepikhin