PHDays — Positive Hack Days. Hands-on Labs
PHDays video

POSITIVE HACK DAYS



ORGANIZER

Hands-on Labs

Modern techniques and tools in malware analysis

Want to visit   +97

Author: Ivan Piskunov

This hands-on lab will focus on modern countermeasures against malware analysis: antidebugging techniques, using virtual machines, antidisassembly tricks, code packing/encryption using current approaches, and special technologies and tools.
Participants will need a laptop, a Windows XP virtual machine with OllyDbg and a disassembler installed.

  • Language
  • Russian

Has been working in the IT and IS spheres for more than seven years. He writes on his blog ipiskunov.blogspot.com and in his personal column on SecurityLab.ru. He has written several articles on reversing for The Hacker magazine, and is a resident of the anti-malware.ru portal. His articles were published in magazines and mass media focused on information security, IT audit, and IS department economic management. Has three university degrees: information security, accounting and taxation, and business administration.

Ivan Piskunov Ivan Piskunov

IPv6 network reconnaissance

Want to visit   +90

Author: Fernando Gont

The Internet Protocol version 6 (IPv6) and the emerging IPv6 deployments somehow change the rules of the "network reconnaissance" game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible. This workshop will cover the latest IPv6 network reconnaissance techniques discussed in RFC7707. It will provide an intense IPv6 hacking experience, focusing on hands-on IPv6 network reconnaissance exercises.

  • Language
  • English

A security consultant and researcher for SI6 Networks. He specializes in the field of communications protocols security, working for private and governmental organizations from around the world. He has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. He has written a series of recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite.

Fernando Gont Fernando Gont

Hacker in a trap: A practical demonstration of how to block exploits and ransomware

Want to visit   +76

Author: Denis Batrankov

This hands-on lab will feature simultaneous performance of real malicious code and protection tools on several virtual machines. All engines enabled: antivirus, URL filtration, antispyware, IPS, Threat Intelligence, DNS Sinkholing, sandboxes based on a next generation firewall and at the same time—the traps, sandbox, and endpoint protection based on Traps™.

  • Language
  • Russian

Denis has been active in information security since 1992. His experience spans a wide range of security technologies and products for networks, workstations, and servers from different vendors, including Palo Alto Networks, Allot, ISS, IBM, HP, Cisco, Check Point, and Microsoft. Active CISSP certification.

Denis Batrankov Denis Batrankov

Practical machine learning in infosecurity

Want to visit   +71

Authors: Anto Joseph and Clarence Chio

Machine learning (ML) is the future. The speaker will give an introduction to the topic with the Boolean classification problem and introduce classifiers, which are at the core of many of the most common ML systems. He will also provide a simple example of deploying security machine learning systems in production pipelines using Apache Spark. The speaker will talk about how such systems can be poisoned, misguided, and utterly broken if the architects and implementers are not careful.

  • Language
  • English

Anto Joseph
A security engineer at Intel. He has 5 years of corporate experience in developing and advocating security in mobile and web platforms. Machine learning is one of his key areas of interest. He has been a presenter and trainer at various security conferences including BH USA 2016, DEF CON 24, BruCon, HackInParis, HITB Amsterdam, NullCon, GroundZero, c0c0n, XorConf.

Clarence Chio
Graduated with a B.S. and M.S. in Computer Science from Stanford within four years, specializing in data mining and artificial intelligence. Currently works as a security researcher at Shape Security, building a product that protects high-valued web assets from automated attacks. Spoke on machine learning and security at DEFCON 24, GeekPwn, PHDays, BSides, Code Blue, SecTor, GrrCon, Hack in Paris, QCon, and DeepSec. A community speaker with Intel, and is also the founder and organizer of the Data Mining for Cyber Security meetup group, the largest gathering of security data scientists in the San Francisco Bay Area.

Anto Joseph and Clarence Chio Anto Joseph and Clarence Chio

DIY tablet PC for hacking

Want to visit   +59

Author: Andrey Biryukov

Mobile devices penetrated our everyday life. Smartphones and tablet PCs allow performing numerous tasks in various areas, including information security. Although there is a vast range of mobile OS software, the programs required for penetration testing are unavailable. As a solution, the speaker suggests creating a DIY tablet PC based on Raspberry Pi 3 and running Linux. In contrast to other Raspberry-based solutions, this device does not require any peripherals—either a keyboard or a mouse. Interaction with the user is only via touch screen, therefore the device size can be reduced down to smartphone dimensions. The tablet PC is running Aircrack-ng, Kismet, Nmap, Wireshark, Metasploit (!), and custom Python scripts. The speaker will demonstrate how the device works and give tips on how to assemble and configure it.

  • Language
  • Russian

Graduated from the Moscow Aviation Institute, the Faculty of Applied Mathematics and Physics. 12+ years of experience in information security. Lead information security engineer with AMT GROUP with the focus on ICS security. A regular author for the Russian magazine "System administrator." Wrote several books on information security.

Andrey Biryukov Andrey Biryukov

Network security audit (standard 802.11)

Want to visit   +26

Author: Oleg Kupreev

  • Language
  • Russian
Oleg Kupreev Oleg Kupreev

Application Security Outback

Want to visit   +25

Authors: Vladimir Kochetkov, Denis Kolegov

Have you ever wondered how modern application protection mechanisms are arranged? What theory is the basis of WAF and SAST implementation? What are their limitations? How far can we push them aside if we would have a broader look at the application security issue? This hands-on lab will show basic methods and algorithms of the two fundamental application security technologies: web application firewall and static code analysis. Using open source tools developed specifically for this hands-on lab, the participants will review the problems that app protection developers come across and possible solutions to these problems.

  • Language
  • Russian

Vladimir Kochetkov
Vladimir is a team lead at the source code analyzer development department at Positive Technologies

Denis Kolegov
Lead of the application protection research team at Positive Technologies

Vladimir Kochetkov, Denis Kolegov Vladimir Kochetkov, Denis Kolegov