POSITIVE HACK DAYS

Want to visit +132

Author: James Kettle

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures—almost like an anti-virus. The speaker will share with you key insights from the conception and development of an open-source scanner evolved from classic manual techniques that's capable of finding and confirming both known and unknown classes of injection vulnerabilities.

Language
English

Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities and exploiting subtle CORS misconfigurations in bitcoin exchanges. He has extensive experience cultivating novel attack techniques, including server and client side RCE, and abusing the HTTP Host header to poison password reset emails and server side caches. He has previously presented at numerous prestigious conferences, including BlackHat and AppSec.

James Kettle

Ransomware incidents forensics

Want to visit +108

Author: Mona Arkhipova

The speaker will provide a step-by-step reconstruction of ransomware infection of an endpoint PC with Osiris and give a sample from the live system.

Language
Russian

Info
Presentation

Manager of the information security architecture and monitoring unit at Acronis.

Mona Arkhipova

Do WAFs dream of static analyzers?

Want to visit +108

Author: Vladimir Kochetkov

Traditional WAFs regard the applications they protect as a black box: incoming HTTP requests and outgoing HTTP requests are the only means available for attack detection. Obviously, this information is not enough for formal proof, and WAF settles for heuristic approach. Even if we intercept all requests by an application to its environment (filesystem, sockets, BD), it only improves the quality of heuritsics, though it is in no way useful for switching to formal methods. But what if we build a WAF that would treat an application as a white box? What if it could handle the application model obtained as a result of the static code analysis? What if it would be possible to decide if an HTTP request is an attack as we run application code fragments?

Language
Russian

Head of the application security assessment team. He is engaged in the development of PT Application Inspector being an expert in application security and applied cryptography. He participated in such projects as Nemerle, YAPOET, and SCADA Strangelove. His articles were published in HITB Magazine, The Hacker Magazine, and RSDN Magazine. Spoke at conferences and meetups for developers. He is also the co-organizer of Positive Development User Group, a community for developers who are interested in application security.

Vladimir Kochetkov

Hackers need your bank more than your clients

Want to visit +104

Author: Dmitry Volkov

The speaker will introduce a case-by-case analysis of several incidents related to ATMs, payment gateways, card processing, interbank transfer systems. He will describe the tactics used by attackers from different countries to gain access to a bank's local network and talk about techniques to increase privileges on the local network. The talk will demonstrate attackers' slip-ups, explain how to identify their activity and prevent the disruption of a bank's infrastructure or money theft. Participants will learn about future trends in targeting financial institutions. This talk will also give them insight on tools that will be used by attackers and techniques for covering up traces.

Language
Russian

Info
Presentation

Dmitry Volkov

WhatsApp & Telegram account take-over

Want to visit +99

Author: Roman Zaikin

The author will talk about a vulnerability in WhatsApp and Telegram that allows an attacker to can gain full access to a user's account by sending an innocent-looking file that contains malicious code, and then widespread the attack over WhatsApp and Telegram networks.

Language
English

Info
Video

Roman Zaikin is a Security Expert at Check Point Security Technologies. His researches has revealed significant flaws in popular services and major vendors (Facebook, EBay, WhatsApp, Microsoft). The author of "The world of security and hacking." Has over 7 years of experience in cybersecurity research. Leading Cyber Courses at HackerU. Holds more than 15 certifications.

Roman Zaikin

Modern techniques and tools in malware analysis

Want to visit +98

Author: Ivan Piskunov

This hands-on lab will focus on modern countermeasures against malware analysis: antidebugging techniques, using virtual machines, antidisassembly tricks, code packing/encryption using current approaches, and special technologies and tools.
Participants will need a laptop, a Windows XP virtual machine with OllyDbg and a disassembler installed.

Language
Russian

Info
Presentation

Has been working in the IT and IS spheres for more than seven years. He writes on his blog ipiskunov.blogspot.com and in his personal column on SecurityLab.ru. He has written several articles on reversing for The Hacker magazine, and is a resident of the anti-malware.ru portal. His articles were published in magazines and mass media focused on information security, IT audit, and IS department economic management. Has three university degrees: information security, accounting and taxation, and business administration.

Ivan Piskunov

SOC Evolution 2017

Want to visit +96

Moderator: Elman Beybutov, Vladimir Bengin, Alexey Kachalin

What we have been discussing in recent years now has finally happened: numerous companies in Russia have taken along the concept of SOC introduced by pioneers—internal and first commercial SOCs. Specialists and managers have admitted the necessity of SOCs. We invited representatives of companies with hands-on experience in establishing and running security monitoring and incident response centers—both internal and commercial ones—to have their say in the discussion. The participants include Elman Beybutov, Alexander Bondarenko, Vladimir Dryukov, Alexey Novikov, Arkady Prokudin, Vladimir Shadrin, with Alexey Kachalin as a moderator.

Language
Russian

Attacks on video converter: a year later

Want to visit +92

Author: Emil Lerner and Pavel Cheremushkin

BlackHat 2016 saw the report on vulnerabilities in video services. The authors continued researching this area, and are going to tell about new vulnerabilities (logical and binary) and curious ways to exploit them. Look forward to hearing real stories about exploiting these vulnerabilities in bug bounty programs!

Language
Russian

Emil Lerner
A postgraduate at the information security department at the Faculty of Computational Mathematics and Cybernetics of Moscow State University. Engaged in web application security. A member of Bushwhackers, a CTF team.

Pavel Cheremushkin
A student at the information system security laboratory at the Faculty of Computational Mathematics and Cybernetics of Moscow State University. He has been working in the industry for five years. Currently, he is engaged in binary exploitation and reverse engineering. A member of Bushwhackers, a CTF team.

Emil Lerner and Pavel Cheremushkin

IPv6 network reconnaissance

Want to visit +91

Author: Fernando Gont

The Internet Protocol version 6 (IPv6) and the emerging IPv6 deployments somehow change the rules of the "network reconnaissance" game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible. This workshop will cover the latest IPv6 network reconnaissance techniques discussed in RFC7707. It will provide an intense IPv6 hacking experience, focusing on hands-on IPv6 network reconnaissance exercises.

Language
English

A security consultant and researcher for SI6 Networks. He specializes in the field of communications protocols security, working for private and governmental organizations from around the world. He has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. He has written a series of recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite.

Fernando Gont

Breaking bad. POS tampering

Want to visit +89

Authors: Gabriel Bergel and Javier Perez

The speakers will talk about insecurity of POS and fraud that can you be on. From the classic skimmer, eavesdropping, modification, and installation of third-party software to hardware tampering POS. The report also covers POS security features, main brands, cybercrime, methodology to POS tamper, impacted models, security countermeasures, PCI DSS, EMV, insecurity of EMV and NFC.

Language
English

Gabriel Bergel
A computer system engineer, currently coursing a Masters in Cybersecurity in the IMF Business School and Camilo José Cela University (Spain). He has 14 years of experience in different fields of information security. He is a speaker at common courses, lectures, workshops, and conferences for information security both nationally and throughout Latin America. Currently, the chief strategic officer in Dreamlab Technologies and chief security ambassador in 11Paths.

Javier Perez
Fan of tech and security, ISECOM OSSTMM instructor, trainer for security courses, speaker, researcher. Almost 10 years in the security world. During recent years, he has specialized in payment systems EMV, NFC, POS, ATM. Currently, the director of R&D at Dreamlab Technologies.

Gabriel Bergel and Javier Perez

User-friendly, though. (Messaging bots expose sensitive data)

Want to visit +85

Author: Anton Lopanitsyn

The speech will focus on messaging bots in Telegram: how a useful tool becomes a source of information leakage.

Language
Russian

A web application security expert at ONSEC. Currently working on Wallarm.

Anton Lopanitsyn

Dust application whitelisting off and take a fresh look!

Want to visit +82

Author: Artyom Ilin

Any IT engineer has heard a lot about application whitelisting drawbacks. Therefore, this technology is rarely used. The speaker will rehabilitate AWL and tell how AWL helps to withstand security threats. The talk will also clarify how to make this technology user-friendly and cover the issues of automated reaction to events and software exceptions.

Language
Russian

Info
Presentation

Works as the head of security systems department at the Infosecurity corporate group. Graduated from the Saint Petersburg State University of Aerospace Instrumentation, specializing in computing machines, systems, and networks. He is involved in testing, implementing, and supporting any software ensuring information safety.

Artyom Ilin

DDoS attacks in 2016–2017: a breakthrough

Want to visit +80

Author: Artyom Gavrichenkov

In early 2016, DDoS attacks and security strategies against them looked so trivial, giving an impression of running their course. A year later, the situation changed dramatically. The speaker offers to discuss these changes, their causes, background and consequences, as well as their relationship with the development of IoT.

Language
Russian

CTO at Qrator Labs. Graduated from Moscow State University, the Faculty of Computational Mathematics and Cybernetics. Has been working in IT networking, monitoring, and information security for 10 years, seven of which specifically in DDoS mitigation related research. Spoke at numerous conferences, including those related to information security, like Black Hat and ZeroNights.

Artyom Gavrichenkov

Backdooring LTE modem radio channel kernel

Want to visit +80

Author: Andrey Lovyannikov

This report will include findings of a research on radio channel kernel firmware for LTE modem Huawei E3372. The speaker will demonstrate how changes to the kernel can lead to transmission of unencrypted data over a radio channel.

Language
Russian

Info
Presentation

A leading security engineer at ASP Labs. A member of BalalaikaCr3w (LC/BC), a CTF team. A PhD student at MEPhI. He is usually engaged in reverse engineering of everything he can lay hands on. The rest of the time, he exploits binary vulnerabilities.

Andrey Lovyannikov

IoT (in)security

Want to visit +79

Moderator: Alexey Lukatsky

The internet of things is the next evolutionary jump in IT. On the one hand, this is a business opportunity, and on the other hand—a global threat to the development of companies, the internet and all modern IT world. The report will cover technical, organizational, and legal issues related to IoT safety, including attack and defense. Participants: Dmitry Berezin, Alexander Butenko, Igor Girkin, Uliana Zinina, Grigory Marshalko, Pavel Novikov. Moderator: Alexey Lukatsky.

Among the participants

An approach to ensure Enterprise IoT security

Language
Russian

Info
Video

Phishing: size of the problem and countermeasures

Want to visit +77

Moderator: Vyacheslav Borilin

Today's phishing market (Dmitry Malyshev)
Awareness Center Phishman (Nikolay Agninsky and Alexander Mitrokhin)
Phishing—a curse or an opportunity? (Vyacheslav Borilin)

Language
Russian

Info
Video

Moderator: Vyacheslav Borilin
Head of the Security Awareness unit, Kaspersky Lab. A member of IETF and ISA.

Hacker in a trap: A practical demonstration of how to block exploits and ransomware

Want to visit +76

Author: Denis Batrankov

This hands-on lab will feature simultaneous performance of real malicious code and protection tools on several virtual machines. All engines enabled: antivirus, URL filtration, antispyware, IPS, Threat Intelligence, DNS Sinkholing, sandboxes based on a next generation firewall and at the same time—the traps, sandbox, and endpoint protection based on Traps™.

Language
Russian

Info
Presentation

Denis has been active in information security since 1992. His experience spans a wide range of security technologies and products for networks, workstations, and servers from different vendors, including Palo Alto Networks, Allot, ISS, IBM, HP, Cisco, Check Point, and Microsoft. Active CISSP certification.

Denis Batrankov

DIY anti-APT

Want to visit +74

Author: Danil Borodavkin

Malicious code obfuscation, social engineering, exploiting either bugs or features in Windows—modern arsenal allows hackers to bypass signature protection successfully. The report focuses on the experience of building a corporate open-source-based system aimed at detecting attacks that cannot be detected by traditional protection tools. This talk will cover static and dynamic analysis elements, curious incidents that have been detected by the system (using exploits for MS Office, JS code in CHM files, tricks with inserting OLE to PDF and multipart, hacking a contractor and a major air travel company as a facilitating step). The speaker will also share statistics on detection of a DIY system, signature tools, and one commercial anti-APT solution.

Language
Russian

Info
Presentation

A security specialist with experience in intrusion detection, sandboxes, email filtering. Head of the corporate SOC at Information Satellite Systems (the Roscosmos group of companies). An Associate Professor at the Information Security scientific laboratory, initiative of the Siberian Federal University. 10 years of experience in information security. A *nix advocate. Passionate about open source, duct tapes, and order.

Danil Borodavkin

Internal security awareness (QIWI)

Want to visit +74

Author: Ekaterina Pukhareva

We arranged quizzes, quests, and CTFs to increase security awareness of QIWI staff. Then we checked what they learned using internal phishing, pentests, and dropping malware-infected media.

Language
Russian

Currently works for QIWI. Engaged in IT compliance and vulnerability management. An author of several articles on compliance risks and information security audit.

Ekaterina Pukhareva

SOC in a large corporate network: challenge accepted

Want to visit +73

Author: Andrey Dugin

The Security Operations Center at MTS had been at work for several years already, when the issue of creating SOC came to light at security conferences in Russia. Throughout these years, we have been gaining knowledge and experience facing a variety of cases at our SOC. What challenges do you face when establishing SOC? What specific features do you need to consider when implementing technologies and business processes in order to ensure IP/MPLS security in a large-scale network? What is the bottom line of our participation at PHDays VI: The Standoff? The speaker will answer to all these and many other questions in his talk.

Language
Russian

Info
Presentation

Works with MTS as a head of information security department. One of the tasks of his department is to ensure CCNP Security.

Andrey Dugin

Developing secure homebrewed products

Want to visit +71

Moderator: Dmitry Gusev

Language
Russian

Info
Video

Practical machine learning in infosecurity

Want to visit +71

Authors: Anto Joseph and Clarence Chio

Machine learning (ML) is the future. The speaker will give an introduction to the topic with the Boolean classification problem and introduce classifiers, which are at the core of many of the most common ML systems. He will also provide a simple example of deploying security machine learning systems in production pipelines using Apache Spark. The speaker will talk about how such systems can be poisoned, misguided, and utterly broken if the architects and implementers are not careful.

Language
English

Anto Joseph
A security engineer at Intel. He has 5 years of corporate experience in developing and advocating security in mobile and web platforms. Machine learning is one of his key areas of interest. He has been a presenter and trainer at various security conferences including BH USA 2016, DEF CON 24, BruCon, HackInParis, HITB Amsterdam, NullCon, GroundZero, c0c0n, XorConf.

Clarence Chio
Graduated with a B.S. and M.S. in Computer Science from Stanford within four years, specializing in data mining and artificial intelligence. Currently works as a security researcher at Shape Security, building a product that protects high-valued web assets from automated attacks. Spoke on machine learning and security at DEFCON 24, GeekPwn, PHDays, BSides, Code Blue, SecTor, GrrCon, Hack in Paris, QCon, and DeepSec. A community speaker with Intel, and is also the founder and organizer of the Data Mining for Cyber Security meetup group, the largest gathering of security data scientists in the San Francisco Bay Area.

Anto Joseph and Clarence Chio

Techniques to protect Java apps and ways to bypass them

Want to visit +71

Author: Philip Lebedev

The report outlines a range of protection strategies for Java apps, for most of which there are bypass scenarios available.

Language
Russian

An information security engineer at ASP Labs. A member of BalalaikaCr3w, a CTF team. Mostly focused on reverse engineering and exploiting binary vulnerabilities. An expert in researching iterative block ciphers.

Philip Lebedev

Will your business stand a ransomware?

Want to visit +70

Author: Yulia Omelyanenko

You're building your continuity and disaster recovery program, plan how to get over with a crisis caused by fires, power failure, natural disasters. But suddenly you get a notice that your network was hit with a ransomware and every second some data is probably getting lost. We will discuss ransomware threat from a business continuity point of view and analyze options to prevent it or minimize its impact in case a company was infected.

Language
English

A GRC unit manager in Acronis. Previously worked as a GRC lead in a large FMCG company. Graduated from Moscow Engineering Physics Institute. Has over 6 years of practical experience in information governance.

Yulia Omelyanenko

Jumping from Tenable's SecurityCenter CV to production environments

Want to visit +70

Author: Oleksandr Kazymyrov

This talk will cover passive (extracting information on assets, users, passwords, private keys, etc.) and active (encrypted credentials) information gathering on a rooted server with installed Tenable's SecurityCenter. Moreover, a method for lateral movement from DMZ to production environments using features of Nessus scanning will be demonstrated. It will help red teams to penetrate deeper into internal networks, especially into those containing highly valuable information, like cardholder data environments. From the blue team perspective, the demonstrated techniques will help better understand the risk of vulnerability scanners placed unattended in DMZ zones.

Language
English

Has a PhD in information security from the University of Bergen. A member of non-functional testing group in financial services at EVRY. Holds CEH (Certified Ethical Hacker) and CES (Certified Encryption Specialist) certificates. A co-author of the Ukrainian standards of block cipher and hash function.

Oleksandr Kazymyrov

Non-signature-based detection of PHP backdoors

Want to visit +69

Author: Gregory Zemskov

The speaker reports about the developed and implemented algorithm of non-signature-based detection of malicious PHP code fragments.

Language
Russian

Head of Revisium, a company focused on integrated website security. An IS specialist and developer of free website malware and security scanning tools. A permanent participant of conferences, a lecturer at Moscow State University of Mechanical Engineering, an author of courses, master classes and numerous web app security articles.

Gregory Zemskov

Discovering botnets in corporate networks by intercepting web traffic

Want to visit +68

Authors: Tatyana Shishkova and Alexey Vishnyakov

The speakers will share their experience in discovering botnets by intercepting web traffic between the bot and the C&C server, and speak about important parts of traffic that you should pay attention to in order to effectively detect malicious activity. They will also tell about the most recent cases of infections of large corporations and organizations in their practice and give examples of real-world botnet traffic, such as Neurevt, Andromeda, Fareit, Carberp, Tinba.

Language
Russian

Info
Video

Tatyana Shishkova
Graduated from the Faculty of Computational Mathematics and Cybernetics, Lomonosov Moscow State University. A malware analyst at Kaspersky Lab, has been working in the company since 2013. Specializes in network intrusion detection.

Alexey Vishnyakov
Graduated from the National Research Nuclear University MEPhI in 2015. A malware analyst in the Shift AV Group at Kaspersky Lab. One of his activities is detection and analysis of malicious objects.

Tatyana Shishkova and Alexey Vishnyakov

How to find zero-days in the Linux kernel

Want to visit +67

Author: Andrey Konovalov

This talk will present how to find vulnerabilities in the Linux kernel using syzkaller. It is a coverage-guided Linux syscall fuzzer. The fuzzer has found over 400 bugs during internal Linux kernel testing and numerous bugs while being used by external users.

Language
Russian

A Google software engineer working on various bug finding tools for the Linux kernel.

Andrey Konovalov

Live hacking: how digital attackers are intruding into your systems

Want to visit +65

Author: Sebastian Schreiber

IT security incidents in the recent past demonstrate emphatically that the IT systems even in international high-tech companies and major state institutions don't have sufficient protection. Widespread IT quality assurance measures may suffice to safeguard 99% of systems. However, the decisive factor is that the remaining one percent provides a target for digital attacks. Every gap, however tiny, is sufficient to render an otherwise well-secured IT infrastructure vulnerable in its entirety. During a live hacking presentation, the speaker will perform different attacks on IT systems. He will show that it is astonishingly easy to bypass protective measures in order to access sensitive information.

Language
English

Managing Director at SySS GmbH, the leading German provider of penetration tests.

Sebastian Schreiber

Opening. Information security today: the splendor and misery of corporate security

Want to visit +64

Moderator: Boris Simis

Language
Russian

Info
Video

The other side of DDoS

Want to visit +64

Author: Krassimir T. Tzvetanov

This talk intends to introduce defenders to the tools that are popular in the Underground to set up denial-of-service attacks. It will go through some of the tool-kits and techniques that are used to launch those attacks and look at some of the economics: how much it costs an attacker to execute the attack and how much it costs the defender to defend. From point of view of defense we are also going to investigate what are the benefits and drawback of mitigating the attack on premise vs using a service provider that specializes in that field.

Language
English

A security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks. Worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Also worked at Yahoo! and Google. Was a department lead for Defcon and an organizer of the premier BayArea security event BayThreat. Holds a Bachelor's degree in Electrical Engineering (Communications) and a Master's degree in Digital Forensics and Investigations.

Krassimir T. Tzvetanov

Live dissection: anatomy of a router-based botnet

Want to visit +64

Authors: Maxim Goncharov and Ilya Nesterov

Buy web traffic, prepare infrastructure for exploit kit and dropzone, rent a bulletproof hosting space, encrypt a malicious binary to be sure its not detected by most of AV, build sophisticated management protocols, run a C2 and hide yourself all the time behind several mixed layers of VPNs, SSH and proxy just to be sure you are safe—what a headache! Eventually, you'll have to deal with all that if you wish to have a real botnet. But what if there is a simpler way?

Language
Russian

Maxim Goncharov
A threat researcher at Shape Security with 16 years of experience in computer security. Participates as speaker at various security conferences and training seminars on cybercrime and related issues (e.g., vulnerabilities research, cyberterrorism, cybersecurity, underground economy). A recent speaker at Black Hat, PacSec, Power of Community, DeepSec, VB, APWG, and PHDays.

Ilya Nesterov
A security researcher at Shape Security. Prior to Shape, worked at F5 Networks. Earned his master's degree from Tomsk Polytechnic University. His interests include modern web application security threats and countermeasures, botnets, malware, exploits, and honeypot development. Also works as an independent security researcher. Spoke at different conferences including: Black Hat, OWASP AppSec, BSides.

Maxim Goncharov and Ilya Nesterov

Java Card platform attacks based on malicious applets

Want to visit +63

Author: Sergei Volokitin

The presentation introduces attacks on the secured containers of a Java-based smart card, which allows an attacker to steal cryptographic keys and PINs of the other applets installed on the card.

Language
English

A security analyst at Riscure in the Netherlands. Develops new attacks on the Java Card platform installed on the most of the modern smart cards. Received a degree in information security in 2013 and now is working on the Software Science Master program at Radboud University Nijmegen.

Sergei Volokitin

Voice cloning and its detection

Want to visit +61

Author: Roman Kazantsev

Banks started to apply authentication technology based on voice biometric data for access to credit cards. From information security point, such speech elements are sensitive and need protection against compromising and impersonalization. Impersonalization can be achieved by employing voice morphing (cloning) methods. The speaker will demonstrate software implementation for all phases of the voice cloning method, show how a voice recognition system can detect cloned voices, and present research data about dependency between performance of cloned voice detector and a number of cepstrum features used for training.

Language
Russian

Works as a Software Engineer in the Software & Services Group at Intel Corporation. Has 7+ years of professional experience in software engineering. Focuses on cryptography, software security, and computer science. He received a Bachelor and Master's degree in computer science with honors at Nizhny Novgorod State University, Russia. Has about ten published papers and two patents in information security.

Roman Kazantsev

Horizontal penetration in the windows-based infrastructure

Want to visit +61

Author: Teimur Kheirkhabarov

Every targeted attack consists of several stages. At the initial stage, attackers collect information about the company and its employees to find out the weakest link. Next, the intruders penetrates the corporate network and obtains access to one or several hosts inside the protected perimeter. They will attempt to get authentication data of users with privileges on various corporate hosts. Then, attackers start lurking on hosts in search of relevant information or systems. A multitude of tools for remote execution of Windows commands and other authorized utilities, so popular among system administrators, are at disposal of attackers. The speaker will talk about all these mechanisms and utilities. You will also learn how to find the traces of their usage inevitably left behind in event logs.

Language
Russian

Engaged in theoretical and practical aspects of information security research for more than six years. SOC analyst at Kaspersky Lab. Formerly, the head of the infosec department at an industrial company. Received specialist's and master's degrees from the Siberian State Aerospace University where later he was giving lectures on IS. An active participant to CTF contests. Spoke at ZeroNights.

Teimur Kheirkhabarov

DIY tablet PC for hacking

Want to visit +60

Author: Andrey Biryukov

Mobile devices penetrated our everyday life. Smartphones and tablet PCs allow performing numerous tasks in various areas, including information security. Although there is a vast range of mobile OS software, the programs required for penetration testing are unavailable. As a solution, the speaker suggests creating a DIY tablet PC based on Raspberry Pi 3 and running Linux. In contrast to other Raspberry-based solutions, this device does not require any peripherals—either a keyboard or a mouse. Interaction with the user is only via touch screen, therefore the device size can be reduced down to smartphone dimensions. The tablet PC is running Aircrack-ng, Kismet, Nmap, Wireshark, Metasploit (!), and custom Python scripts. The speaker will demonstrate how the device works and give tips on how to assemble and configure it.

Language
Russian

Graduated from the Moscow Aviation Institute, the Faculty of Applied Mathematics and Physics. 12+ years of experience in information security. Lead information security engineer with AMT GROUP with the focus on ICS security. A regular author for the Russian magazine "System administrator." Wrote several books on information security.

Andrey Biryukov

Meet and greet the macOS malware class of 2016

Want to visit +60

Author: Patrick Wardle

Say hello to KeRanger, Eleanor, Keydnap, and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. The talk will provide a technical overview of this malware, by discussing their infection vectors, persistence mechanisms, and features. We will discuss various generic detections that strive to ensure our Mac remain secure.

Language
English

Info
Video

Director of Research at Synack. Having worked at NASA and the NSA, and well as presented at many security conferences, he is intimately familiar with aliens, spies, and talking nerdy. In his free time, he collects OS X malware and writes free OS X security tools.

Patrick Wardle

Using the event types relationship graph for data correlation in SIEM systems

Want to visit +59

Authors: Andrey Fedorchenko, Andrey Chechulin, and Igor Kotenko

The talk will focus on correlation-related research for SIEM systems based on the structural analysis of types of security events. The speakers provide an approach to automated analysis, which considers security events as input data with dynamic content. A graph of event types with direct and indirect relationships between them is suggested for automated analysis. Handling of input security data involves functional and behavioral analysis performed by calculating the frequency-time characteristics of events, classifying events by severity, and creating behavior patterns. The suggested approach allows you to use rank correlation, along with other intelligent techniques. Requirements for normalization of source data are also stated. The speakers will demonstrate an analysis of security event log and event types relationship graph resulting from this analysis.

Language
Russian

Andrey Fedorchenko
Junior research associate at the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Engaged in research in the field of event correlation and information security in SIEM systems. Finalist for Young School competition held at PHDays V.

Andrey Chechulin
Senior research associate at the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Participant of several Russian and international projects dedicated to various aspects of information security. Was involved in the development of a course on computer forensics at Federal Criminal Police Office of Germany, development of systems for analytical modeling of attacks in the context of the The 7th European Framework Programme (FP7), development of visualization systems for the projects of the Federal Targeted Program of the Russian Federation. Spoke at a number of national and international conferences on computer security.

Igor Kotenko
Head of the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Participated in a variety of projects to develop new technologies for information security (project management for the Federal Target Program of the Russian Federation, the Russian Science Foundation, the Russian Foundation for Basic Research, the European Framework Programmes FP6 and FP7, projects commissioned by HP, Intel, and F-Secure). Speaker at a number of conferences on computer security.

Andrey Fedorchenko, Andrey Chechulin, and Igor Kotenko

Android Task Hijacking

Want to visit +59

Authors: Yury Shabalin and Evgeny Blashko

Android Task Hijacking is an Android vulnerability that makes it possible to spoof any application using only standard mechanisms and requiring no specific permits. It does not require root access to the device, and Google easily let such applications to the Store. All applications on the device are vulnerable to spoofing including the system ones, because this vulnerability is on the system level. The speaker will tell about technical details, show how this vulnerability works, and share possible solutions.

Language
Russian

Yury Shabalin
Responsible for SDLC implementation in the context of source code audit and overall integration of application analysis tools into an integral development ecosystem. Previously worked with Alfa Bank and Positive Technologies in such areas as security audit, forensics, penetration testing, and implementation of a Secure Software Development Lifecycle (SSDL). A speaker at ZeroNights, RISSPA, OWASP.

Evgeny Blashko
Five years of experience in information security; three years, in development of applications for desktop and mobile operation systems. Engaged in analysis of source code and mobile application security at SberTech. Spoke at OWASP Russia.

Yury Shabalin and Evgeny Blashko

Risk management: how to abandon illusions

Want to visit +59

Author: Alex Smirnoff

Providers of GRC solutions tend to present formal compliance as a required step to effective risk assessment. The speaker will point out shortcomings of these solutions, discuss alternative techniques, and advise on how to employ low-cost and future-proof approaches to vulnerability management.

Language
Russian

Started his career as a mainframe hacker in 1989, and for several years hacked mostly for fun. Developed a firewall, advised on cybersecurity issues. Worked as CISO with Parallels for four years. Now has turned back to consulting. An expert with the Open Net Association.

Alex Smirnoff

Cyber Defense Operations Center—Microsoft experience

Want to visit +59

Author: Andrei Miroshnikov

Review of the Microsoft Cyber Defense Operations Center in the context of functionality, design, specifics, and workflow management. Security incident detection, investigation, and response with Windows Defender ATP, Microsoft ATA, O365 Threat Explorer, and WEF—tools that allow monitoring security risks within the Microsoft network.

Language
Russian

A Senior Security Analyst in the Information Security Risk Management team at Microsoft's Cyber Defense Operations Center. The author and organizer of Forensics CTF (for the DEFCON 24). Spoke at Microsoft BlueHat. The author of "Windows 10 and Windows Server 2016 security auditing and monitoring reference." Graduated from Irkutsk State University with a Master's Degree in Computer Science. Currently getting an MBA degree at Washington State University.

Andrei Miroshnikov

Finding your way to domain admin access—and even so, the game isn't over yet

Want to visit +57

Author: Keith Lee

There are scenarios where getting domain admin access doesn't mean you have access to all hosts, shares, or databases in the network. The tricky part for an attacker is to find the right account to get in and out of the environment fast. In this presentation, the speaker will discuss the tricky scenarios his team faced during internal penetration test engagements and will tell how they developed a tool to solve those issues.

Language
English

Senior Security Consultant with Trustwave's SpidersLabs (one of the world's largest specialist security teams with over 100 consultants spread across North and South America, Europe, and the Asia Pacific). Focuses on penetration testing, social engineering, and incident response services to clients in the Asia-Pacific region.

Keith Lee

Developing DBFW from scratch

Want to visit +56

Authors: Denis Kolegov and Arseny Reutov

The talk describes technical aspects of developing a Database Firewall prototype from scratch, such as: what is required to develop DBFW; whether machine learning can be used for effective detection of SQL injection based on SQL requests; how to detect SQL injections using syntax analysis; and how to implement attribute and role-based access control. The speaker will also tell about prospective application protection mechanisms based on firewalls and static code analysis.

Language
Russian

Denis Kolegov
PhD in Technical Sciences. An Associate Professor at the Tomsk State University (the information security and cryptography department). The lead of the application protection technics research team at Positive Technologies.

Arseny Reutov
Graduated from Mari State University in 2012. Head of the application protection research department at Positive Technologies. An author of various research papers on information security and the web security blog raz0r.name. Specializes in information security issues, penetration testing, and analysis of web applications and source code.

Denis Kolegov and Arseny Reutov

Information security tomorrow: is it a stop factor for digitalization of economy?

Want to visit +55

Moderator: Alexey Kachalin

Participants:

Alexey Sokolov (Deputy Minister of Telecom and Mass Communications)
Sergey Plugotarenko (Director of the Russian Association for Electronic Communications)
Kirill Kertsenbaum (Kaspersky Lab)
Denis Baranov (Director of Research and Development of Positive Technologies)
Ilya Sachkov (Group-IB)
Dmitry Finogenov (advisor to the director of Positive Technologies)
Georgy Gritsay (the Open Networks association)
Roman Chaplygin (PWC)
Vyacheslav Kasimov (Executive Director for information secueity, Otkritie Bank)

Moderator: Alexey Kachalin (the program director of PHDays, Positive Technologies).

Language
Russian

Info
Video

Energy depletion attack analysis: a case with wireless network devices

Want to visit +55

Author: Vladislav Alexandrov and Vasily Desnitsky

The research reviewed attacks targeted at energy depletion of battery-powered devices. The following types of attacks have been analyzed: denial-of-sleep attacks, traffic increase, electromagnetic interference, software misuse. The report will be supported by modeling some types of attacks on an Android-based mobile device and on ZigBee network nodes.

Language
Russian

Vasily Desnitsky
PhD in Technical Sciences. Senior Research Fellow at the Laboratory of Computer Security Problems, SPIIRAS. An Associate Professor at the Bonch-Bruevich Saint Petersburg State University of Telecommunications, Department of Protected Information Systems. Has a keen interest in research and development in the following areas: embedded devices and IoT systems security, attack analysis and modeling, security event management systems, software protection.

Vladislav Alexandrov
Is taking the second year of a Master's Degree at the University of Information Technologies, Mechanics, and Optics (ITMO), specializes in Information Security, works as a programmer with Positive Technologies. Takes part in projects initiated by the Laboratory of Computer Security Problems, SPIIRAS. Performs researches in the areas of IoT system protection and energy depletion attack analysis.

Vladislav Alexandrov and Vasily Desnitsky

Lightning Talks

Want to visit +55

Moderator: Andrey Petukhov

We invite you to take part in a 5-minute Lightning Talk. Tell the audience about a new vulnerability or a problem in security algorithms, about a new concept for a security analysis tool, or a study. Share your ideas and find people who think the same. To take part in this event, you need to inform the fast track moderator.

Each talk lasts 5 minutes (1 or 2 slides).
No pre-moderation.
Best speakers get an invitation to PHDays VIII.

Language
Russian

Anthology of antifraud techniques: transition to mathematical models and artificial intelligence

Want to visit +55

Authors: Aleksey Sizov and Evgeniy Kolesnikov

The talk gives you an insight into the history and development of antifraud systems in Russia. The speaker will focus on the attack techniques against payment and banking services used by fraudsters over the past 10 years. You will also learn about the functional elements of antifraud systems related to attack detection and prevention. The second part of the presentation addresses application of mathematical models in antifraud systems and the effectiveness of this approach.

Language
Russian

Graduated from the faculty of Applied Mathematics and Cybernetics at Lomonosov Moscow State University in 2006. In 2009, received a research degree in Information Security from the Russian National Research Institute of Computer Science and IT Development. PhD in technical sciences. Worked for three years at Moscow Industrial Bank in the Credit Card Security Department. He was engaged in deployment of fraud monitoring systems and integration of encryption into credit card service processes. Later on, he was the Deputy Head of the Payment Risk Department at Tinkoff Bank. Since 2012, a fraud prevention manager at Jet Infosystems' Information Security Center.

Aleksey Sizov and Evgeniy Kolesnikov

Interface through web analyst's eyes: experience with usage of web analytics widgets on online banking login pages

Want to visit +55

Author: Dmitry Pavlov

Vast majority of websites and applications for monitoring visitors behavior use web analytics tools. The received data is used for the purposes of promotion and optimization of a website. Banks also use web statistics tools on their websites; sometimes, on online banking login pages. The speaker will represent statistics of using JavaScript widgets for analytics on online banking login pages, which contain sensitive information.

Language
Russian

A fourth-year student of the Faculty of Computational Mathematics and Cybernetics at MSU.

Dmitry Pavlov

The evolution of Trojan memory sticks

Want to visit +54

Author: Andrey Biryukov

Malicious devices based on Teensy and other development boards are rather well-known: mimicking a keyboard or another legitimate device, they bypass protection tools and perform a malicious activity. However, a Trojan device based on Raspberry Pi Zero microcomputer allows implementing even more types of attacks. It can be used for MITM attack, automated vulnerability scanning with further exploitation, or connection to a target system via JTAG to reconfigure BIOS settings. The speaker will demonstrate implementation of a number of such attacks.

Language
Russian

Andrey Biryukov

Hadoop safari: hunting for vulnerabilities

Want to visit +54

Authors: Mahdi Braik and Thomas Debize

With the growth of data traffic and data volumetric analysis needs, Big Data has become one of the most popular fields in IT and many companies are currently working on this topic by deploying Hadoop clusters, which is the current most popular Big Data framework. This talks aims to present in a simple way Hadoop security issues or rather its concepts, as well as to show the multiples vectors to attack a cluster.

Language
English

Mahdi Braik and Thomas Debize are French security enthusiasts and work as infosec auditors at Wavestone, a French consulting company. They work on all kinds of security audits, penetration tests, and incident responses through the company's CERT. Both developed a specific interest in Hadoop technologies few years ago: as they got to know how immature this ecosystem was, they decided to hunt for vulnerabilities in it. They like to git push new infosec tools and write blog posts in the corporate blog and infosec-specialized magazines.

Mahdi Braik and Thomas Debize

Preventing attacks in ASP.NET Core

Want to visit +54

Author: Mikhail Shcherbakov

ASP.NET Core is a continuation of ASP.NET platform, but unlike its elder brother, ASP.NET Core is completely open-source and supported by the community. The framework architecture has been reconsidered, with new security features created and a part of the existing ones rewritten. The speaker will describe the internal structure of ASP.NET Core attack prevention mechanisms, cryptography options available out of the box, arrangement of session management, and other features. The report will be useful for developers writing secure ASP.NET applications, specialists performing .NET project security reviews, and for those who would like to understand how to implement security components using this platform.

Language
Russian

Info
Presentation

Microsoft MVP, participant of .NET Core Bug Bounty Program, .NET community leader in St. Petersburg and Moscow, an independent software developer and consultant. The professional area is static and dynamic code analysis, information security, automatization of debugging code, research of .NET CLR internals.

Mikhail Shcherbakov

Exploring billion states of a program like a pro. How to cook your own fast and scalable DBI-based security tool. A case study

Want to visit +54

Author: Maksim Shudrak

The main purpose of this talk is to introduce DBI, delve deeper in this topic, demonstrate the power of this technique, and consider typical problems of its application for "industrial" tasks. Audience will get acquainted with DBI in general, will understand in which fields it is successfully applied, what are potential problems of this technique related to implementation of their own tool based on presented frameworks (Intel PIN and DynamoRIO), and see real examples of the technique used for heap-based bug detection in heavyweight programs along with dynamic malware analysis.

Language
Russian

A cyber security researcher at IBM Research Israel, PhD. Field of interests: reverse engineering, software security analysis, dynamic binary instrumentation, malware analysis, emulation technologies.

Maksim Shudrak

Cyberespionage in Central Asia

Want to visit +54

Author: Anton Cherepanov

ESET researchers recently discovered an interesting cyberespionage campaign in several Central Asia countries. The discovered malware has been used in targeted attacks against high-value targets since at least 2016. The talk will uncover details about the campaign and provide technical analysis of the used malicious toolkit.

Language
Russian

Info
Video

A senior malware researcher in ESET. Responsibilities include analysis of complex threats. Spoke at numerous conferences, including Virus Bulletin, CARO Workshop, 4SICS (CS3STHLM), and ZeroNights. His interests focus on IT security, reverse engineering, and malware analysis automation.

Anton Cherepanov

Protection against unauthorized access—which method is better?

Want to visit +53

Authors: Roman Alferov and Andrey Gorokhov

The report will summarize results of a research evaluating effectiveness of several information security products. Case studies will show the flaws identified by the researchers.

Language
Russian

Roman Alfyorov
Works as an analytical engineer with Standart Bezopasnosti (Security Standard). A member of a CTF team named girav. Studies at the Yaroslavl State University (specializes in computer security). Deals with reverse engineering of Windows binaries and penetration testing.

Andrey Gorokhov
Works as an engineer with Standart Bezopasnosti (Security Standard). A member of a CTF team named girav. A postgraduate student at the Yaroslavl State University. Engaged in cybercrime investigations and penetration testing.

Roman Alferov and Andrey Gorokhov

Security and psychological research of social dating applications

Want to visit +53

Authors: Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy

In an ever-connected world, people all around the globe are freely surrendering their personal information and privacy over to the helms of the social media giants with unprecedented trust. But what happens when this information falls in hands of wrong people? What if the social media platforms have not done as good of a job as they claim in protecting us from criminals and stalkers who mean to cause us harm? In this presentation, the speakers identify some flaws in one of the most popular social media platforms used globally today and demonstrate how an attacker can retrieve information about its users and track their location and movements. The speakers will also demonstrate how to extract information from people unknowingly and to identify users that tend to use the platform for fraud.

Language
English

Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy

Injecting security into web apps in the runtime

Want to visit +53

Author: Ajin Abraham

This paper discusses the research outcomes on implementing a runtime application patching algorithm on an insecurely-coded application to protect it against code injection vulnerabilities and other logical issues related to web applications, and will introduce the next generation web application defending technology dubbed as Runtime Application Self-Protection (RASP) that defends against web attacks by working inside your web application. RASP relies on runtime patching to inject security into web apps implicitly without introducing additional code changes. The talk concludes with the challenges in this new technology and gives you an insight on future of runtime protection.

Language
English

Ajin Abraham is a security engineer for IMMUNIO with 7+ years of experience in application security including 4 years of security research. He is passionate on developing new and unique security tools. Some of his contributions to the hacker arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, NodeJsScan. He has been invited to speak at multiple security conferences: ClubHack, Nullcon, OWASP AppSec, Black Hat (Europe, U.S., Asia), Hack Miami, Confidence, ToorCon, Ground Zero Summit, Hack In the Box, and c0c0n.

Ajin Abraham

Evil Printer: assembling an uncommon firmware

Want to visit +52

Author: Anton Dorfman

We are surrounded by devices doing important job, but their security is often neglected. These devices are network printers and multifunction devices. The speaker will review how to extend standard features of these devices by means of modifying their firmware. He will show live payloads required for attacks on enterprise and industrial networks.
Speaker: Anton Dorfman, authors: Vladimir Nazarov and Ivan Boyko.

Language
Russian

Researcher, reverser, and assembly language fan. PhD in Technical Sciences. Graduated with honors from the Samara State Technical University. Lectured on reverse engineering. The author of over 50 scientific publications on IT security. Keen on automating any reverse engineering tasks. Was the third in the contest Best Reverser at PHDays II. Was a speaker at PHDays, Zeronights, and HITB 2014. Organizes and trains student CTF teams. Lead specialist at the application analysis unit at Positive Technologies.

Anton Dorfman

How we hacked distributed configuration management systems

Want to visit +52

Authors: Francis Alexander and Bharadwaj Machiraju

The talk deals with how the researchers came across and exploited different configuration management systems during their pentests. The speakers will introduce different distributed configuration management tools, like Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd; discuss multiple ways to fingerprinting these systems, and exploit generic misconfigurations for increasing attack surface.

Language
English

Francis Alexander
An information security researcher and the author of NoSQL Exploitation Framework. Interested in web app and stand-alone app security, DBMS security, coding tools and fuzzing. Spoke at HITB AMS, Hack in Paris, 44CON, DerbyCon, Defcon.

Bharadwaj Machiraju
The project leader for OWASP OWTF. He is mostly found either building a web app sec tool or hunting bugs for fame. Spoke at such conferences as Nullcon, Troopers, BruCON, PyCon. Apart from information security, he is interested in sleeping, mnemonic techniques, and machine learning.

Francis Alexander and Bharadwaj Machiraju

Information security education: new perspectives

Want to visit +51

Author: Mikhail Saveliev

This event is aimed at young professionals, graduates, and graduate students, as well as agents of the security industry and educational institutions. The speakers from Sberbank, Kaspersky Lab, and Positive Technologies will explain which areas of knowledge are nowadays at a premium and why information security does not fit in traditional education. The representatives of the Moscow Polytechnic University and MIRBIS College will tell about new education models.

Language
Russian

Mikhail Saveliev

Dangerous controllers

Want to visit +51

Author: Igor Dusha

The main issues the speaker will cover are vulnerabilities in PLCs, process interface units, computer-based interlocking units, and other smart devices. He will also review specific features of penetration testing in SCADA, classification of vulnerabilities in SCADA systems and PLC—all supported by case studies and elimination methods. The report also outlines specific features of ensuring security in proprietary technologies for data transfer between control units and field devices, which allow controlling processes in oil and gas, nuclear, and other industries. The report is supplemented by real test results and compilations.

Language
Russian

Graduated from MEPhI (Moscow Engineering Physics Institute), the Faculty of Cybernetics and Information Security. Currently works as a security engineer with ASP Labs, architect of the complex SCADA security solution. Involved in SCADA security activities, such as audits, penetration testing, design and installation of information security tools, in railway, nuclear, petroleum refining, and power distribution industries. A member of the BalalaikaCr3w team in CTF.

Igor Dusha

Hacker-machine interface

Want to visit +51

Authors: Brian Gorenc and Fritz Sands

This talk covers an in-depth analysis performed on a corpus of 200+ confirmed SCADA and HMI vulnerabilities. It details out the popular vulnerability types discovered in HMI solutions developed by the biggest SCADA vendors, including Schneider Electric, Siemens, General Electric, and Advantech. It studies the weaknesses in the technologies used to develop HMI solutions and describes how critical vulnerabilities manifest in the underlying code. The talk will compare the time-to-patch performance of various SCADA vendors, and provide a comparison of the SCADA industry to the rest of the software industry. Additional guidance will be provided to SCADA developers and operators looking to reduce the available attack surface along with a prediction on what we expect next in attacks that leverage SCADA and HMI vulnerabilities.

Language
English

Brian Gorenc
A senior manager of Vulnerability Research at Trend Micro. He leads the Zero Day Initiative (ZDI) program, which represents the world's largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world's most popular software. He is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions.

Fritz Sands
A security researcher with Trend Micro's Zero Day Initiative. In this role, he analyzes and performs root-cause analysis on vulnerabilities submitted to the ZDI program, which is the world's largest vendor-agnostic bug bounty program. Also focuses on writing tools to perform static and dynamic analysis for discovering vulnerabilities. Prior to joining the ZDI in 2014, was in Microsoft's Trustworthy Computing and Secure Windows Initiative operations where he audited Windows code and developed dynamic analysis tools, and before that he was a system developer for multiple iterations of Microsoft Windows.

Brian Gorenc and Fritz Sands

Developing a Google Chrome extension to protect against information leakage through other browser extensions

Want to visit +50

Author: Anastasiya Parygina

A significant concern about browser extensions is that they are prone to information leakage. This talk focuses on a browser extension to improve security for users with minimal technical skills and knowledge in information security.

Language
Russian

Native of Astana (the Republic of Kazakhstan). A senior student at the Information Technology department of L. N. Gumilyov Eurasian National University. Has been involved in design and development of information systems since 2015.

Anastasiya Parygina

To vulnerability database and beyond

Want to visit +49

Author: Alexander Leonov

The speaker will talk about public databases of vulnerabilities and exploits, detection rules, security bulletins, and other security-related content. What's the use of such a database? Is it possible to automatically highlight hot topics by considering correlations between objects without going into technical details? Can such a database help to search and prioritize vulnerabilities in your infrastructure? Do you need security experts, or it is enough to buy your IT specialists a subscription for the vulnerability database?

Language
Russian

Expert in information security automation. For six years, had been engaged in development vulnerability scanners and IT compliance management. Works in Russia's largest internet company. Responsible for automated vulnerability assessment of a huge and diverse IT-infrastructure. Runs his own blog page on vulnerability management at avleonov.com.

Alexander Leonov

Linux kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation

Want to visit +49

Author: Alexander Krizhanovsky

The talk describes an extension of the Linux TCP/IP stack, so that HTTPS works in the same stack with TCP and IP. Application-layer HTTP DDoS attacks are usually mitigated by HTTP accelerators or HTTP load balancers. However, Linux socket interface used by the software doesn't provide reasonable performance for extreme loads caused by DDoS attacks. HTTP servers based on user space TCP/IP stacks are becoming popular due to their better performance, but TCP/IP stacks are huge and complex code, so it's not wise to implement and run it twice in user and kernel spaces. Kernel TCP/IP stack is well integrated with many powerful tools like IPTables, IPVS, tc, tcpdump that are unavailable for a user space TCP/IP stack or require complex interfaces. The speaker will present Tempesta FW, which introduces HTTPS processing to the kernel. HTTPS is built into the Linux TCP/IP stack. As an HTTP firewall, Tempesta FW implements a set of rate limits and heuristics to defend against HTTPS floods and Slow HTTP attacks.

Language
Russian

CEO at Tempesta Technologies and lead developer of Tempesta FW, a Linux application delivery controller. Founder and CEO of NatSys Lab., a company providing consultancy and custom software development in high performance network traffic processing and databases. Responsible for architecture and performance of several products in network traffic processing and database areas.

Alexander Krizhanovsky

HummingBad: past, present, and future

Want to visit +49

Author: Andrey Polkovnichenko

First-hand details on research of one of the most widespread mobile botnets by Check Point specialists. What is HummingBad, what are the perils, what is behind, and how to deal with it.

Language
Russian

A reverse engineer team lead at Check Point. For the last three years, he has been saving the world from mobile threats.

Andrey Polkovnichenko

Your money and your data threat sentry

Want to visit +48

Author: Young Hak Lee

Recently, advanced persistent threats (APT) using a drive-by download occur with increasing frequency. Existing auto analysis systems generally are not able to analyze malware used for APT attacks, and a malware researcher has to manually analyze them. The speaker will demonstrate a new real time memory auto analysis system (Malware Analyst). This system does not generate a memory dump by using LibVMI, directly accesses memory to improve diagnostic speed, and clearly distinguishes suspicious malware behavior.

Language
English

Security Senior Researcher and Security Research Team Manager. Spoke at CODEGATE and HITCON. In 2013, organized a CTF contest at CODEGATE; in 2012, was one of the conference's organizers.

Young Hak Lee

A heuristic approach for detection of DOM-based XSS combined with tolerant parsing

Want to visit +48

Author: Alexey Pertsev

The talk includes details on client-side detection and prevention of attacks related to DOM-based XSS using syntax error tolerant of JavaScript parsers. This technique is meant to be especially useful in WAFs.

Language
Russian

A graduate of G. I. Nevelskoi Maritime State University. Engaged in penetration testing at Digital Security.

Alexey Pertsev

Circumventing mobile app stores security checks using Hybrid Frameworks and HTML5-fu

Want to visit +48

Author: Paul Amar

This talk covers a new attack vector regarding app stores, circumventing security checks associated when publishing an app on any app store. Usually, after publishing a mobile application, stores run sandbox or manual tests and decide whether the application is legitimate. By using Hybrid framework (such as Cordova), it is possible to update mobile applications without user consent and without notifying app stores.

Language
English

A security engineer doing digital forensics and incident response. Likes developing (mostly in Python and some hipster stuff) and always has a bunch of crazy ideas coming up everyday. Spoke at DeepSec, BSides. His latest project, Data Exfiltration Toolkit, was showcased at Black Hat.

Paul Amar

ICS information security

Want to visit +47

Moderator: Roman Krasnov and Dmitry Darensky

The section will cover the following issues: R&D in protection of industrial control systems (ICS) and the internet of things, establishment of ICS cybersecurity centers, product compatibility testing and certification, traditional SOC arrangement and modern SOC establishment strategies.

Speakers: Evgeny Gengrinovich, Pavel Lutsik, Andrey Nuikin, Alexey Petukhov, and Ruslan Stefanov.

The participants of a round-table discussion will raise the following issues: shall SOC monitor ICS? What shall SOC be able to do in order to cope with IT and IS incidents? How to deal with remote autonomous objects?

Participants: Denis Babaev, Andrey Nuikin, and Ruslan Stefanov. Moderators: Roman Krasnov and Dmitry Darensky.

Among reports

Kaspersky Lab ICS-CERT. Research and investigations

In October 2016, Kaspersky Lab launched Kaspersky Lab ICS CERT, a visionary project designed to distribute information on current threats and vulnerabilities in industrial automation. Within the first six months of the project, the team eliminated a big number of vulnerabilities, conducted several incident investigations in industrial automation systems and published some reports covering ICS security issues. The report will describe ICS security problems detected in course of investigations and searches for vulnerabilities. The speaker will also tell about the project development plans and give the list of artefacts that can be useful for ICS component vendors, security departments of industrial companies, and independent researchers.

Language
Russian

Secure service-oriented architecture. Smart home voice control as a case study

Want to visit +45

Author: Wire Snark

The report reviews secure system development methodology as applied to IoT applications. The speaker will tell what is a threat model and how it is embedded in software development lifecycle. A voice control application will be used to demonstrate the single responsibility principle and the principle of least privilege. The report also reviews practical aspects of creating service-oriented architecture apps in Yocto Linux environment, such as using DBus IPC, selecting suitable secure programming languages (out of Go, Rust, Python, Node.js, Java). The speaker touches upon isolation of vulnerable code processing untrusted input data.

Language
Russian

Graduated from the Lobachevsky State University of Nizhny Novgorod. Started his career as a trainee at Intel in Nizhny Novgorod, then worked as a mathematician programmer with ASCON. Currently is a programmer and team lead with MERA. A system developer, mainly works with Yocto Linux and Android-based services and daemons; is interested in telephony and voice control. As a security researcher is involved in white-box audit. Supports privacy, anonymity, and security of users. An adherent of ethical hacking and free software.

Wire Snark

Anti-APT Swiss knife

Want to visit +43

Authors: Kirill Mikhailov, Andrey Semenyuchenko, Anatoly Viklov

Speakers will talk about a standard and a comprehensive approach to protection against APT attacks and demonstrate the possibilities of a "Swiss knife" in investigation of IS incidents.

Language
Russian

Info
Presentation

Kirill Mikhailov, Andrey Semenyuchenko, Anatoly Viklov

Innovations in protection tools and security tests

Want to visit +42

Authors: Anton Ivanov and Egor Nazarov

This section is devoted to advanced information security technologies illustrated by the relevant use cases. Experts seeking new breakthrough solutions are welcome. Moderators: Anton Ivanov and Egor Nazarov.

Language
Russian

Anton Ivanov and Egor Nazarov

Security cloud strategy

Want to visit +41

Moderator: Aleksey Goldbergs

Lost in translation: transferring services to the cloud
Aleksey Goldbergs, Positive Technologies

Practical usage of cloud services and BigData for attack detection
Anna Luchnik, Microsoft

Integration of information security services into NFV infrastructure
Vitaly Antonenko and Alexander Ermilov, ARCCN

Increasing trust and security of using cloud services in a company
Andrey Akinin, Web Control

Round-table talk: Security cloud strategy
Participants: Andrey Ivanov (Microsoft), Muslim Mejlumov (Rostelecom), Alexander Lyamin (Qrator Labs), Maxim Kaminsky (Brain4Net), Vitaly Antonenko (ARCCN). Moderator: Aleksey Goldbergs, Positive Technologies.

Language
Russian

Nonpublic section from Informzaschita

Want to visit +41

Author: Evgeny Klimov

Language
Russian

Evgeny Klimov

Security in motion: traffic inspection and network security

Want to visit +40

Moderator: Mikhail Kader

Transformation of traffic protection technologies when accessing network services and content
Taras Ivaschenko, Yandex

From signatures to behavioral analytics: evolution of approaches to identifying threats
Alexey Danilov, Infotecs

How to find something you know nothing about?
Andrey Akinin, Web Control

Detection of malicious code in traffic encrypted using TLS (without decryption)
Ruslan Ivanov, Cisco

Language
Russian

Security practice

Want to visit +36

Author: Denis Remchukov

Topical approaches and solutions for ensuring information security. Is the working SIEM a truth or a myth? UEBA: tomorrow or never? When will you stop buying these useless end-point antiviruses? Discussion about current and innovative protection technologies. Participants: Oleg Bashkinsky, Pavel Zemtsov, Konstantin Goldstein, Andrey Revyashko, Sergey Rysin. Moderator: Denis Remchukov.

Language
Russian

Denis Remchukov

Anti-plenary session. Technologies security: personal views of leading minds

Want to visit +35

Moderator: Alexey Kachalin

These days, information security suffers acute internal conflicts. All around, we hear: "No one is interested!", "You'll be hacked in any case!", "Buy new stuff." Both security solution developers and users have lost their faith and motivation. The most outstanding representatives of the community will sit together to share their pains and ideas that can influence every person and industry in general. As minimum slides or any tinsel as possible, and loads of personal experience, understanding of the subject, and emotions.

Participants: Alexey Kachalin, Ilya Sachkov, Alexey Lukatsky, Alexey Volkov, Vladimir Bengin, Elman Beybutov, Mikhail Kader, Dmitry Manannikov, Ivan Novikov.

Language
Russian

Mobile networks insecurity as it was yesterday, is today, and will be tomorrow

Want to visit +29

Authors: Kirill Puzankov, Sergey Mashukov, Pavel Novikov

Language
Russian

Kirill Puzankov, Sergey Mashukov, Pavel Novikov

Security Path: Dev vs Manage vs Hack

Want to visit +29

Authors: Dmitry Mannanikov and Mikhail Levin

We all started our career either as engineers or as operators—developed and created systems, experimented with design and research. But eventually each of us has come up to the question: what to do next, in a year or two, and what we would like to become in five or ten years. How to create a career in the security area? What would help in development, and what can be a dead end both for hackers and defenders? Is it possible to be a bug hunter throughout all life or shifting to a paperwork expert or people manager is inevitable? What is more attractive to hack and design: software or bulletproof enterprise processes? Specialists thinking about their future and managers guiding their staff in development are welcome.

Language
Russian

Info
Video

Dmitry Mannanikov and Mikhail Levin

Software architecture: security requirements

Want to visit +27

Author: Kirill Ivanov

Software development is in any case based on certain requirements. The complete list of these requirements consists of business objectives of the app, various restrictions, and quality expectations (so-called NFR). Software security requirements refer to the last point. The report describes where these requirements come from, how they can be managed and prioritized. Specific attention will be paid to the principles of software architecture design—with or without such requirements. The speaker will also demonstrate how modern and well-known approaches to application design help to improve the app architecture and minimize potential threat landscape.

Language
Russian

Info
Presentation

A software architect at Positive Technologies

Kirill Ivanov

Network security audit (standard 802.11)

Want to visit +26

Author: Oleg Kupreev

Language
Russian

Info
Presentation

Oleg Kupreev

Application Security Outback