New at PHDays VII: Hacking IPv6 Networks, WAFs of the Future, POS Terminals

  • March 2, 2017

    Preparations for PHDays VII are in full swing. Early in this year, we received 50 applications for presenting reports and workshops from Russia, Europe, Asia, Africa, North and South America. On February 1, the second stage of Call for Papers started. For now, we will announce the first participants enrolled in the Tech program. This year, attendees will learn how to hack IPv6 networks, how attackers steal money using POS terminals, and will know about new generation WAFs.

    Insecurity of payment systems: vulnerabilities in POS terminals

    Today, almost every shop is equipped with a POS terminal (point of sale) for processing transactions at financial calculations via magnetic stripe cards and smart cards. Terminals are widely used in different countries, and of course, where there is money, there are also attackers. In fall 2013, two hackers were arrested for hacking hundreds of POS terminals and stealing payment details of more than 100,000 of Americans. The attackers scanned the internet searching for vulnerable devices that supported RDP, obtained access to them, and installed a keylogger on detected terminals.

    At PHDays VII, Gabriel Bergel, Chief Strategic Officer (CSO) in Dreamlab Technologies and Chief Security Ambassador in 11Paths, will talk about vulnerabilities in protocols of POS terminals and possible fraud methods: from the classic skimmer, eavesdropping, modification, and installation of third-party software to hardware tampering POS.

    Alternative methods for vulnerability detection

    In November 2016, James Kettle, Head of Research at PortSwigger Web Security, designed an open-source scanner that implied an alternative approach to searching for vulnerabilities. Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures—almost like an anti-virus. The speaker will share key insights from the conception and development of an open-source scanner that's capable of finding and confirming both known and unknown classes of injection vulnerabilities.

    ICS security: flaws again

    Brian Gorenc, a senior manager of Vulnerability Research at Trend Micro and the head of the Zero Day Initiative (ZDI) program (the world's largest vendor-agnostic bug bounty program), will also speak at PHDays this year. Brian will present in-depth analysis performed on a corpus of more than 200 confirmed SCADA HMI vulnerabilities. Attendees will know about popular vulnerability types discovered in HMI solutions developed by Schneider Electric, Siemens, General Electric, and Advantech. The speaker will also talk on vendors' policies on issuing patches. Additional guidance will be provided on detecting critical vulnerabilities in the underlying code.

    Do WAFs dream of static analyzers?

    For most modern WAFs, a protected application is a black box: HTTP requests in the input, HTTP responses in the output—that's all that is available for a firewall to make decisions and build a statistical model. Even if the WAF will be able to catch all application requests to the outside world (the file system, sockets, databases, and so on), it will improve the quality of heuristic methods, but will not help to switch over to formal methods of proving an attack. But what if we teach the WAF to work with the application model that is received as a result of static analysis of its code. Or if we display it directly during the runtime, implemented in all the important steps of the application running process?

    Vladimir Kochetkov, a lead expert at Positive Technologies and one of the organizers of Positive Development User Group, a community of developers who are interested in application security, will speak on implementing the concept of WAF that considers an application as a white box and relies on formal methods of detecting attacks instead of heuristic ones.

    Machine learning is the future

    A report of Anto Joseph, a security engineer at Intel, covers the field of machine learning: he will give an introduction to the topic with the classic Boolean classification problem and introduce classifiers, which are at the core of many of the most common machine learning systems. Anto Joseph will also provide a simple example of deploying security machine learning systems in production pipelines using Apache Spark.

    Drawing a bead on IPv6

    The whole world switches to IPv6, a new version of IP. It should solve the problem of internet addresses that existed in IPv4 by using the address length of 128 bits. This means that each device that has access to the internet will have a unique IP address. However, the emerging IPv6 deployments change the rules of the "network reconnaissance" game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible.

    Fernando Gont, a security consultant and researcher for SI6 Networks, performed security analyses of IPv6. At PHDays VII, he will hold a hands-on lab on methods of research and hacking IPv6 networks, and will tell about the latest IPv6 network reconnaissance techniques discussed in RFC7707.


    This is only a part of accepted reports of the first stage. We will soon tell you about several interesting topics and speakers. Stay tuned! If you want to present a report at PHDays VII, you still have time to apply till March 15, 2017. We remind you that we will announce the results on March 30, 2017. A full list of presentations will be published in April on the official website of PHDays VII. You can find more about topics and participation rules at the Call for Papers page.

    The forum will be held in Moscow on May 23 and 24, 2017, at the Moscow World Trade Center. You can register and buy tickets here. The ticket price for two days of the forum is 9,600 rubles, and 7,337 rubles is for one day.

    The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.

Back to the list