A Long View of Information Security

Author: Whitfield Diffie (Advisor of Almaz Capital)

Cryptography, despite a long prehistory, is only about a hundred years old: radio created the need and mechanical computation made it possible to put centuries-old theory to practice. Computer security is perhaps fifty years old: it is only with the development of time-shared computers that computer security became distinct from the security of the computer room. Why then with only an additional fifty years under its belt is cryptography doing so much better than computer security? The speaker will address this question in historical, technical, and economic terms with an eye to discovering why the overall field of cyber or network or information security is doing so poorly and what will be required to put it on a better course.

  • Language
  • English

Dr. Whitfield Diffie (Advisor of Almaz Capital) is best known for discovering of the concept of public key cryptography, which underlies the security of internet commerce and all modern secure communication systems. He is a Consulting Professor in the Center for International Security and Cooperation at Stanford and a Visiting Professor at Royal Holloway College of the University of London. An owner of a number of awards, including the IEEE Information Society Golden Jubilee Award for invention of the Diffie-Hellman key exchange protocol, he is also the co-author of the book “Privacy on the Line: the Politics of Wiretapping and Encryption”.
Advisor of Almaz Capital.

Whitfield Diffie (Advisor of Almaz Capital) Whitfield Diffie (Advisor of Almaz Capital)

Zero Shades of Grey

Author: Andrey Masalovich

Early detection and prevention of different information attacks, as well as struggle against extremism on the Net are very crucial tasks. Unfortunately, traditional internet monitoring systems do not allow assessing information reliability, which complicates early detection of information attacks. The speaker will demonstrate how to quickly assess reliability of text, graphic, and multimedia data and detect disinformation. Only real examples from ongoing information wars.

  • Language
  • Russian

Andrey Masalovich is the president of Inforus and an expert for RFBR, INTAS, ITC UN and APEC, has a Ph.D. in Physics and Mathematics. He has supervised a number of successful projects in the analytical equipment of banks, financial-industrial groups, major networks of trade retailers and government organizations. A former FAPSI lieutenant colonel, Commander of the Order "Star of the Glory of the Fatherland", winner of the scholarship of Sciences "Outstanding Scientist of Russia" (1993). Author of numerous publications on the problems of search and analysis of data. Conducted seminars in several universities in Russia (Academy of National Economy, Moscow State University, MAI) and in the USA (Harvard, Stanford University, Georgia Institute of Technology, Texas A&M University). Conducted hands-on labs on competitive intelligence at all the PHDays forums. Creator of the Avalanche search engine.

Andrey Masalovich Andrey Masalovich

Social Engineering for Fun and Profit

Author: Chris Hadnagy

The speaker will share his experience in creating competitions all around social engineering and will highlight some of the stories from the DEF CON SECTF over the past 5 years.

  • Language
  • English

Chris Hadnagy is the founder and CEO of Social-Engineer, Inc. Chris possesses over 16 years’ experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. Chris established the world’s first social engineering framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which has become staples in the security industry and is referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

Chris Hadnagy Chris Hadnagy

Fighting Payment Fraud Within Mobile Networks

Author: Denis Gorchakov

Co-author: Nikolai Goncharov

The speakers will talk about a hardware-software system designed for Android virus analysis, as well as detection of botnet control centers (online and SMS) on infected devices, data collectors, and savings accounts. You will find about the system development, details of its operation and future.

  • Language
  • Russian

Denis Gorchakov is an IS expert at Alfa-Bank. Previously, he worked as an IS engineer at Positive Technologies and anti-fraud specialist at MTS (a Russian telecommunications group).

Nikolai Goncharov is a postgraduate student at the Department of Information Security at Moscow State Technical University and the chief information security specialist at MTS (a telecommunications group in Russia). Trained at SUNY. Lately, has been engaged in fraud and malware prevention in communication networks, forensics, and administering antifraud and SIEM solutions. Conducts research in this field to include in his Ph.D. thesis.

Denis Gorchakov Denis Gorchakov, Nikolai Goncharov

Detecting Network Intrusions With Machine Learning-Based Anomaly Detection Techniques

Author: Clarence Chio

Machine learning techniques used in network intrusion detection are susceptible to “model poisoning” by attackers. The speaker will dissect this attack, analyze some proposals for how to circumvent such attacks, and then consider specific use cases of how machine learning and anomaly detection can be used in the web security context.

  • Language
  • English

Clarence Chio is a software engineer at Shape Security and a community speaker at Intel. He has recently graduated with a B.S. and M.S. in Computer Science from Stanford University specializing in data mining and artificial intelligence. He is currently working on a product that protects its customers from malicious bot intrusion and on the system that tackles this problem from the angle of big data analysis.

Clarence Chio Clarence Chio

CAESAR, BRUTUS, and Symmetric Crypto in 2020s

Author: Markku-Juhani Saarinen

What kind of ciphers do security-conscious users and organizations expect to be actually using in phones, browsers, and VPNs in 2020's? Most of the talk is related to the on-going CAESAR competition organized to replace AES-GCM (which is currently the only unclassified algorithm certified by U.S. and NATO to handle Top Secret communications) with new authenticated encryption methods. The speaker will discuss the relative strengths and weaknesses of the current-generation (and upcoming) Russian algorithms from both cryptanalytic and implementation viewpoints.

  • Language
  • English

Markku-Juhani Saarinen is a researcher, trained cryptographer, and experienced coder with 20 years’ experience in cryptography and information security. Part of the original SSH2 design/implementation team in the 1990's. Few crypto patents, dozens of research publications. PhD Crypto, Royal Holloway, University of London (2009). One of the few people who are called upon to actually break ciphers. Currently based in Istanbul, Turkey.

Markku-Juhani Saarinen Markku-Juhani Saarinen

Why IT Security Is Fucked Up

Author: Stefan Schumacher

IT security is in a miserable state. The problems have been discussed again and again without advancing IT security. The speaker will give an overview of what is wrong with IT security and security research; he will show why cryptosystems really fail, what psychology knows about security, and what IT Sec has to do if it ever wants to break through the current difficulties and start generating more security.

  • Language
  • English

Stefan Schumacher is the head of the Magdeburg Institute for Security Research currently running a research program on security psychology. He worked in the NetBSD project, has almost 15 years of experience as a conference speaker and trainer at such conferences as DeepSec, DeepIntel, AusCERT, Chaos Communication Congress, Chaos Communication Camp, CeBIT and the German Armed Forces and Intelligence Agencies. He is also the editor of the Magdeburg Journal of Security Research and some books about IT security.

Stefan Schumacher Stefan Schumacher

ROP Is Not a Problem Anymore: Automatic Shellcode Detection in Network Traffic

Author: Svetlana Gayvoronskaya

Co-author: Ivan Petrov

This report covers the analysis of ROP shellcode present in public databases (metasploit, exploitdb, etc.) and modern ROP shellcode generators. It also focuses on a utility capable of detecting ROP shellcode for the x86 architecture within the traffic of high-speed networks via static and dynamic analysis.

  • Language
  • Russian

Svetlana Gayvoronskaya is a security specialist at Microsoft; has a Ph.D. in Physics and Mathematics; graduated from the Faculty of Computational Mathematics and Cybernetics of Moscow State University. As a speaker, participated in Defcon, Black Hat, HITB, and PHDays.

Ivan Petrov is a senior student at the faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University, interested in reverse engineering and mobile security. He studies the potentials of exploitation of ARM devices, writes Metasploit modules. As a speaker, he participated at PHDays, Defcon, HITB, and RusCrypto.

Svetlana Gayvoronskaya Svetlana Gayvoronskaya, Ivan Petrov

Damn Vulnerable Chemical Process

Author: Marina Krotofil

Attackers and researchers have shown numerous ways to compromise and control the digital systems involved in process control. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into a microcontroller. The report will take the audience through all the stages and details of designing and implementing such attacks and will illustrate the role of knowledge on physical processes and control system principles in designing full-fledged SCADA exploits.

  • Language
  • English

Marina Krotofil is a senior security consultant at European Network for Cyber Security. Most recently, she completed her doctoral degree in ICS security at Hamburg University of Technology, Germany, holds an MBA in Technology Management, MSc in Telecommunications, MSc in Information and Communication Systems. She is the author of the Damn Vulnerable Chemical Process framework – an open-source platform for cyber-physical security experimentation based on the realistic models of chemical plants. Marina has written more than a dozen of papers on the cyber-physical exploitation and defense and fundamentals of secure control.

Marina Krotofil Marina Krotofil

Handcuffs & Restraints

Author: Robert Pingor

For all of their varied brands and styles, did you know that most handcuffs consist of the same internal mechanisms and that all models almost always operate in the same way? Because of this, it's quite simple to understand how handcuffs work, how they can be exploited, and how to get out of them quickly. Although the design is universal, it is not an easy thing to find one key that can operate all handcuff models. Many keys from various manufacturers are similar, but none is perfect for all situations. However, such a key has been released, open-source, for you to try the same.

  • Language
  • English
Robert Pingor Robert Pingor

Attacks on SAP Mobile

Author: Vahagn Vardanyan

  • Language
  • Russian
Vahagn Vardanyan Vahagn Vardanyan

DGAs and Threat Intelligence

Author: John Bambenek

This talk will focus on a research into Domain Generation Algorithms used in several malware families. By reverse engineering the DGA, it became possible to create near-time intelligence feeds used to monitor malicious networks and provide information required for network protection.

  • Language
  • English

John Bambenek is the chief forensic examiner for Bambenek Consulting and an incident handler with the Internet Storm Center. He has been engaged in security for 15 years researching security threats. He is a published author of several articles, book chapters and one book. He has contributed to IT security courses and certification exams covering such subjects as penetration testing, reverse engineering malware, forensics, and network security. He has participated in many incident investigations spanning the globe. He speaks at conferences around the world and runs several private intelligence groups focusing on takedowns and disruption of criminal entities.

John Bambenek John Bambenek

Why State-sponsored Malware is Interesting

Author: Alexander Gostev

Co-author: Vitaly Kamluk

Over the past few years, the cyberspace has turned into a battleground for spooks and security companies. Why is it becoming easier and faster to catch 0-day packed-deeply hidden-stealthy “implants”? Why is it a capital mistake to use the same Trojan to infect both terrorists and Merkel’s aide? What makes these implants so interesting from a researcher’s point of view?

  • Language
  • Russian

Alexander Gostev is the chief security expert at Kaspersky Lab. In 1994, he got interested in antivirus technologies when an antivirus program was first set up in a company he worked at that time. Having founded the Antivirus Center of Komi Republic in 1996, he started publishing data on new viruses detected. He also was a coordinator of the project "WildList Russia" launched in 1998. In 2002 he joined Kaspersky Lab as a virus analyst.

Vitaly Kamluk graduated from Belarusian State University, the Faculty of Applied Mathematics and Informatics; joined Kaspersky Lab in 2005 as an infrastructure services developer. In 2008, he was promoted to a senior antivirus expert and then to the Director of the EEMEA Research Center in 2009. He specializes in threats focusing on global network infrastructures, malware reverse engineering and cybercrime investigations.

Alexander Gostev Alexander Gostev, Vitaly Kamluk

Cryptography in Russia: Is It All That Bleak?

Authors: Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin

The speakers will outline the basic principles of Russian cryptographic protection mechanisms, discuss the requirements to them and highlight the practical aspects of their use. Comparing a variety of cryptographic algorithms, they will explain what work the experts on standardization of Russian cryptographic algorithms and protocols perform and why Russian cryptography is so important though there are many western cryptographic algorithms. This report will also cover key information media and the results of analysis of tokens exposure to different attacks and malicious activities.

  • Language
  • Russian

Stanislav Smyshlyaev is the head of information security department at CryptoPro, has a Ph.D. in Physics and Mathematics. Graduated from the Faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University with honors. His scientific interests are cryptographic analysis of protocols, methods of security assessment of cryptographic algorithms, and cryptographic properties of Boolean functions. The author of more than 30 scientific publications including publications in Journal of Cryptology and NATO ARW Proceedings.

Evgeny Alexeev is a senior engineer analyst at CryptoPro, has a Ph.D. in Physics and Mathematics. Graduated from the Faculty of Computational Mathematics and Cybernetics of Lomonosov Moscow State University with honors. His area of research is cryptographic analysis of ciphers and hash functions, cryptographic properties of Boolean functions, and reverse engineering. The author of more than ten scientific publications.

Sergey Agafin graduated from the Faculty of Cryptology and Discrete Mathematics of National Nuclear Research University "MEPhI" (Moscow Engineering Physics Institute) in 2012. The author of a dozen of publications, he participated as a speaker in such international conferences as Comprehensive Information Protection, RusCrypto, and SinConf (Scotland). His scientific interests are means to store cryptographic keys, random number generators, and methods of software module analysis.

Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin Stanislav Smyshlyaev, Evgeny Alexeev, Sergey Agafin

Chw00t: Breaking Unices’ Chroot Solutions

Author: Balazs Bucsay

Chroot is not a security solution, but still lots of people use it as it was one. Based on tricky chroot, Jail was introduced in FreeBSD, Containers — in Solaris, and LXC — on Linux. However, some chroot solutions are breakable or at least partly breakable, and you would be surprised to hear how many.

  • Language
  • English

Balazs Bucsay is a Hungarian hacker with 14 years of experience, currently living in Hungary, Europe. Works for Vodafone (the world's second largest mobile operator company) as an ethical hacking specialist, doing penetration tests and other security related tasks. Participated in a series of ethical hacking competitions, owns professional certificates including OSCP, OSCE, and OSWP.

Balazs Bucsay Balazs Bucsay

Calculation, Visualization, and Analysis of Security Metrics in SIEM Systems

Author: Igor Kotenko

This report will focus on the current state of research and development introducing a new approach to calculation, visualization and analysis of security metrics for situation awareness in SIEM systems and providing aspects of implementation of software components in such systems.

  • Language
  • Russian

Igor Kotenko is a professor, head of the SPIIRAS Laboratory of Information Security Issues, and doctor of technical sciences. He participated in a variety of projects on developing new computer security technologies and innovative methods for monitoring and managing security incidents, detecting network intrusions, modeling network attacks, assessing network security, and verifying security policies. As a speaker, participated in the international forum PHDays three times.

Igor Kotenko Igor Kotenko

Memory Corruption: from Sandbox to SMM

Author: Nikita Tarakanov

This report will focus on similarities and differences of memory corruptions exploitation in different rings, from userland to all-mighty SMM. It will demonstrate how many vulnerabilities are required to bypass all security mechanisms. Additionally, it will also discuss historical retrospective of multi-ring exploitation.

  • Language
  • Russian

Nikita Tarakanov is a security researcher at Intel currently engaged in reverse engineering and vulnerability search automation. He previously worked as an IS researcher at Positive Technologies, VUPEN Security, and CISS. The winner of the PHDays Hack2Own 2011/2012 contest and the author of reports about kernel mode drivers and their exploitation techniques. He is interested in writing exploits, especially for Windows NT Kernel.

Nikita Tarakanov Nikita Tarakanov

Practical Approaches to Automation of Reverse Engineering

Author: Anton Dorfman

The report focuses on the author’s experience in creating a reverse engineering plugin based on IDAPython, which is capable of conducting primary automated code analysis and transferring results from the currently researched system to its other versions.

  • Language
  • Russian

Anton Dorfman is a researcher, reverser, assembly language fan, and PhD in Technical Sciences. He is interested in automating reverse engineering tasks. Anton was the third in the contest Best Reverser at PHDays 2012, presented a 4-hour long workshop on mastering shellcode at PHDays III and shared some ideas on data format reversing at Zero Nights 2013. He also covered the topic of reverse engineering automation technologies at PHDays IV and presented the results of his study in the report “FRODO: Format Reverser of Data Objects” at HITB 2014.

Anton Dorfman Anton Dorfman

Invisible Backdoors In Your Code

Author: Debasis Mohanty

This report will share facts of intentionally introduced security bugs demonstrating how such backdoors go unnoticed or undetectable for years. The speaker will touch upon few advanced techniques that can be used to introduce backdoors invisible to an automated static code vulnerability scanning tool or an experienced code reviewer. Providing an insight to the audience on how to identify and eliminate such sneaky bugs, the speaker will introduce an effective approach to preventing or detecting such backdoors before software is rolled out to end users.

  • Language
  • English

Debasis Mohanty has more than 14 years of experience in IT Security and Management. He has headed operations across information security domains including Incident Management, Cyber Forensics, and Security Assessment. He also has multiple security advisories and exploits to his credit, holds a Bachelor’s Degree in Computer Science, and works for Insomnia Security.

Debasis Mohanty Debasis Mohanty

General Pr0ken File System

Author: Felix Wilhelm

Co-author: Florian Grunow

The speakers will present a detailed overview of the IBM General Parallel File System (IBM GPFS), its flaws, and architecture. The system is used in some of the world's biggest supercomputers (e.g., IBM's Watson), which makes it a prime target for attackers as not only the data stored is valuable, but also the machines running the GPFS are quite powerful. Besides, the speakers will walk through exploitation of two innocent-looking bugs.

  • Language
  • English

Felix Wilhelm and Florian Grunow are security researchers at ERNW, a German security company. They are interested in understanding and breaking all kinds of software and have presented their research at such international security conferences as INFILTRATE, PoC, Troopers, and Hack in the Box.

Felix Wilhelm Felix Wilhelm, Florian Grunow

Soviet Supercomputer K-340A and Security of Cloud Computing

Author: Sergey Krendelev

The speaker will focus on issues of encrypted data processing with nonstandard encryption algorithms, such as fully homomorphic encryption and order preserving encryption, and on the use of homomorphic encryption for obfuscation.

  • Language
  • Russian

Sergey Krendelev is the head of the scientific laboratory Modern Computer Technologies at Novosibirsk State University. He also works at Parallels and is engaged in a project on cloud service protection.

Sergey Krendelev Sergey Krendelev