POSITIVE HACK DAYS

Download PHDays VII Forum agenda

Tech Section/Business Hands-on Labs Fast Track
Young School

May 23


Time Amphitheater Hall Press Hall Valdai Hall Seliger Hall Workshop Conference
Hall A
Conference Hall B
8:00-9:30 REGISTRATION
9:30-10:00 OPENING
10:00-11:00 Opening
Information security today: the splendour and misery of corporate security
Plenary sessions. Discussions

Moderator: Boris Simis

Participants: Vitaly Lyutikov, Artem Sychev, Sergey Lebed
Attacks on video converter: a year later

Emil Lerner and Pavel Cheremushkin


Hackers need your bank more than your clients

Dmitry Volkov
Internal security awareness (QIWI)
- Ekaterina Pukhareva



Secure service-oriented architecture. Smart home voice control as a case study
- Wire Snark



Interface through web analyst's eyes: experience with usage of web analytics widgets on online banking login pages
- Dmitry Pavlov
11:00-11:30 Live dissection: anatomy of a router-based botnet

Maxim Goncharov and Ilya Nesterov
DIY anti-APT

Danil Borodavkin
Will your business stand a ransomware?
- Yulia Omelyanenko



Risk management: how to abandon illusions
- Alex Smirnoff
Modern techniques and tools in malware analysis

Ivan Piskunov
Innovations in protection tools and security tests

Moderators: Anton Ivanov and Egor Nazarov

Among the participants: Anastasya Novikova, Alexander Bugaev, Denis Kalemberg, Yuri Shulga
11:30-12:00 Information security tomorrow: is it a stop factor for digitalization of economy?
Plenary sessions. Reports

Moderator: Alexey Kachalin

Participants: Alexey Sokolov, Sergey Plugotarenko, Kirill Kertsenbaum, Denis Baranov, Ilya Sachkov, Dmitry Finogenov, Georgy Gritsay, Roman Chaplygin, Vyacheslav Kasimov
12:00-13:00 Hadoop safari: hunting for vulnerabilities

Mahdi Braik and Thomas Debize
Ransomware incidents forensics

Mona Arkhipova
Techniques to protect Java apps and ways to bypass them
- Philip Lebedev



Backdooring LTE modem radio channel kernel
- Andrey Lovyannikov



The evolution of Trojan memory sticks
- Andrey Biryukov
13:00-14:00 WhatsApp & Telegram account take-over

Roman Zaikin
Developing secure homebrewed products

Moderator: Dmitry Gusev

Participants: Alexey Smirnov, Vladimir Rubanov, Pavel Osipenko, Dmitry Gorelov, Pavel Eyges, Evgeny Sidorov
Cyber Defense Operations Center—Microsoft experience

Andrei Miroshnikov
How to find zero-days in the Linux kernel
- Andrey Konovalov



Exploring billion states of a program like a pro. How to cook your own fast and scalable DBI-based security tool. A case study
- Maksim Shudrak



Non-signature-based detection of PHP backdoors
- Gregory Zemskov



The other side of DDoS
- Krassimir Tsvetanov
IPv6 network reconnaissance

Fernando Gont
Anti-APT Swiss knife

Kirill Mikhailov, Andrey Semenyuchenko, Anatoly Viklov
14:00-15:00 Meet and greet the macOS malware class of 2016

Patrick Wardle
SOC in a large corporate network: challenge accepted

Andrey Dugin
Lightning Talks (section)

Andrey Petukhov
Nonpublic section from Informzaschita

Evgeny Klimov
15:00-16:00 DDoS attacks in 2016–2017: a breakthrough

Artyom Gavrichenkov
Developing DBFW from scratch

Denis Kolegov and Arseny Reutov
SOC Evolution 2017

Moderators: Elman Beybutov, Vladimir Bengin, Alexey Kachalin
DIY tablet PC for hacking

Andrey Biryukov
Hacker in a trap: A practical demonstration of how to block exploits and ransomware

Denis Batrankov
16:00-17:00 IoT (in)security

Moderator: Alexey Lukatsky

Participants: Igor Girkin, Alexander Butenko, Dmitry Berezin, Pavel Novikov, Grigory Marshalko, Nikita Utkin, Vladislav Shershulsky
Your money and your data threat sentry

Young Hak Lee
How we hacked distributed configuration management systems

Francis Alexander and Bharadwaj Machiraju
ICS information security

Moderators: Roman Krasnov, Dmitry Darensky

Participants: Ruslan Stefanov, Evgeny Gengrinovich, Andrey Nuykin, Denis Babaev, Alexey Petukhov, Pavel Lutsik
17:00-18:00 Phishing: size of the problem and countermeasures

Moderator: Vyacheslav Borilin

Speakers: Dmitry Malyshev, Nikolay Agninsky and Alexander Mitrokhin
Do WAFs dream of static analyzers?

Vladimir Kochetkov

May 24

Time Amphitheater Hall Press Hall Valdai Hall Seliger Hall Workshop Conference
Hall A
Conference Hall B
9:00-10:00 REGISTRATION
10:00-11:00 Anti-plenary session. Technologies security: personal views of leading minds

- Alexey Kachalin
- Ilya Sachkov
- Alexey Lukatsky
- Alexey Volkov
- Vladimir Bengin
- Elman Beybutov
- Mikhail Kader
- Dmitry Mannanikov
- Ivan Novikov
Live hacking: how digital attackers are intruding into your systems

Sebastian Schreiber
Security in motion: traffic inspection and network security

Mikhail Kader
Cyberespionage in Central Asia
- Anton Cherepanov



User-friendly, though. (Messaging bots expose sensitive data)
- Anton Lopanitsyn



GPS latent possibilities
- Leonid Krolle


Positive Development User Group

10:00
Application Security Outback
- Vladimir Kochetkov, Denis Kolegov

13:40
Automation of rule construction for Approof
- Denis Efremov


14:00
Preventing attacks in ASP.NET Core
- Mikhail Shcherbakov



15:00
Formal verification of C code
- Denis Efremov



16:00
Vulnerable Android application: N proven methods of falling into the same trap
- Nikolay Anisenya



16:45
Software architecture: security requirements
- Kirill Ivanov



17:30
From experiments to industrial programming: a ten-year journey
- Katerina Troshina
Security cloud strategy

Moderator: Aleksey Goldbergs

Participants: Andrey Akinin, Anna Luchnik, Andrey Ivanov, Muslim Mejlumov, Maxim Kaminsky, Vitaly Antonenko, Alexander Lyamin
11:00-12:00 Security and psychological research of social dating applications

Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy
To vulnerability database and beyond
- Alexander Leonov



Using the event types relationship graph for data correlation in SIEM systems
- Andrey Fedorchenko



Energy depletion attack analysis: a case with wireless network devices
- Vladislav Alexandrov and Vasily Desnitsky
Practical machine learning in infosecurity

Anto Joseph and Clarence Chio
12:00-13:00 Backslash powered scanning: implementing human intuition

James Kettle
Discovering botnets in corporate networks by intercepting web traffic

Tatyana Shishkova and Alexey Vishnyakov
Security practice

Moderator: Denis Remchukov

Participants: Konstantin Goldstein, Sergey Rysin, Andrey Revyashko, Pavel Zemtsov, Oleg Bakshinsky, Alexey Danilov
A heuristic approach for detection of DOM-based XSS combined with tolerant parsing
- Alexey Pertsev



Horizontal penetration in the windows-based infrastructure
- Teimur Kheirkhabarov



Evil Printer: assembling an uncommon firmware
- speaker: Anton Dorfman
- authors: Anton Dorfman, Vladimir Nazarov and Ivan Boyko
13:00-14:00 Hacker-machine interface

Brian Gorenc and Fritz Sands
Anthology of antifraud techniques: transition to mathematical models and artificial intelligence

Aleksey Sizov
Protection against unauthorized access—which method is better?
- Roman Alferov and Andrey Gorokhov



Developing a Google Chrome extension to protect against information leakage through other browser extensions
- Anastasiya Parygina



Dangerous controllers
- Igor Dusha
Network security audit (standard 802.11)

Oleg Kupreev
14:00-15:00 Breaking bad. POS tampering

Gabriel Bergel and Javier Perez
Mobile networks insecurity as it was yesterday, is today, and will be tomorrow

Kirill Puzankov, Sergey Mashukov, Pavel Novikov
Finding your way to domain admin access—and even so, the game isn't over yet

Keith Lee
Information security education: new perspectives

Moderator: Mikhail Savelyev

Participants: Oksana Seledneva, Ekaterina Stolyarova, Mikhail Sumbatyan, Andrey Filippovich, Ekaterina Starostina, Oleg Mikhalsky
15:00-16:00 Stand or fall. An army of intelligent bots controlled by hackers

Andrei Masalovich
Java Card platform attacks based on malicious applets

Sergei Volokitin
Dust application whitelisting off and take a fresh look!

Artyom Ilin
Circumventing mobile app stores security checks using Hybrid Frameworks and HTML5-fu

Paul Amar
16:00-17:00 Security Path: Dev vs Manage vs Hack

Moderators: Dmitry Manannikov and Mikhail Levin

Participants: Vladimir Dryukov, Denis Gorchakov, Andrey Zaikin
Voice cloning and its detection

Roman Kazantsev
HummingBad: past, present, and future

Andrey Polkovnichenko
Android Task Hijacking

Yury Shabalin and Evgeny Blashko
17:00-18:00 Linux kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation

Alexander Krizhanovsky
Jumping from Tenable's SecurityCenter CV to production environments

Oleksandr Kazymyrov
Injecting security into web apps in the runtime

Ajin Abraham