PHDays — Positive Hack Days. Tech

POSITIVE HACK DAYS



ORGANIZER

Tech

Backslash powered scanning: implementing human intuition

Want to visit   +132

Author: James Kettle

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures—almost like an anti-virus. The speaker will share with you key insights from the conception and development of an open-source scanner evolved from classic manual techniques that's capable of finding and confirming both known and unknown classes of injection vulnerabilities.

  • Language
  • English

Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities and exploiting subtle CORS misconfigurations in bitcoin exchanges. He has extensive experience cultivating novel attack techniques, including server and client side RCE, and abusing the HTTP Host header to poison password reset emails and server side caches. He has previously presented at numerous prestigious conferences, including BlackHat and AppSec.

James Kettle James Kettle

Ransomware incidents forensics

Want to visit   +108

Author: Mona Arkhipova

The speaker will provide a step-by-step reconstruction of ransomware infection of an endpoint PC with Osiris and give a sample from the live system.

  • Language
  • Russian

Manager of the information security architecture and monitoring unit at Acronis.

Mona Arkhipova Mona Arkhipova

Do WAFs dream of static analyzers?

Want to visit   +108

Author: Vladimir Kochetkov

Traditional WAFs regard the applications they protect as a black box: incoming HTTP requests and outgoing HTTP requests are the only means available for attack detection. Obviously, this information is not enough for formal proof, and WAF settles for heuristic approach. Even if we intercept all requests by an application to its environment (filesystem, sockets, BD), it only improves the quality of heuritsics, though it is in no way useful for switching to formal methods. But what if we build a WAF that would treat an application as a white box? What if it could handle the application model obtained as a result of the static code analysis? What if it would be possible to decide if an HTTP request is an attack as we run application code fragments?

  • Language
  • Russian

Head of the application security assessment team. He is engaged in the development of PT Application Inspector being an expert in application security and applied cryptography. He participated in such projects as Nemerle, YAPOET, and SCADA Strangelove. His articles were published in HITB Magazine, The Hacker Magazine, and RSDN Magazine. Spoke at conferences and meetups for developers. He is also the co-organizer of Positive Development User Group, a community for developers who are interested in application security.

Vladimir Kochetkov Vladimir Kochetkov

Hackers need your bank more than your clients

Want to visit   +104

Author: Dmitry Volkov

The speaker will introduce a case-by-case analysis of several incidents related to ATMs, payment gateways, card processing, interbank transfer systems. He will describe the tactics used by attackers from different countries to gain access to a bank's local network and talk about techniques to increase privileges on the local network. The talk will demonstrate attackers' slip-ups, explain how to identify their activity and prevent the disruption of a bank's infrastructure or money theft. Participants will learn about future trends in targeting financial institutions. This talk will also give them insight on tools that will be used by attackers and techniques for covering up traces.

  • Language
  • Russian
Dmitry Volkov Dmitry Volkov

WhatsApp & Telegram account take-over

Want to visit   +98

Author: Roman Zaikin

The author will talk about a vulnerability in WhatsApp and Telegram that allows an attacker to can gain full access to a user's account by sending an innocent-looking file that contains malicious code, and then widespread the attack over WhatsApp and Telegram networks.

  • Language
  • English

Roman Zaikin is a Security Expert at Check Point Security Technologies. His researches has revealed significant flaws in popular services and major vendors (Facebook, EBay, WhatsApp, Microsoft). The author of "The world of security and hacking." Has over 7 years of experience in cybersecurity research. Leading Cyber Courses at HackerU. Holds more than 15 certifications.

Roman Zaikin Roman Zaikin

Attacks on video converter: a year later

Want to visit   +92

Author: Emil Lerner and Pavel Cheremushkin

BlackHat 2016 saw the report on vulnerabilities in video services. The authors continued researching this area, and are going to tell about new vulnerabilities (logical and binary) and curious ways to exploit them. Look forward to hearing real stories about exploiting these vulnerabilities in bug bounty programs!

  • Language
  • Russian

Emil Lerner
A postgraduate at the information security department at the Faculty of Computational Mathematics and Cybernetics of Moscow State University. Engaged in web application security. A member of Bushwhackers, a CTF team.

Pavel Cheremushkin
A student at the information system security laboratory at the Faculty of Computational Mathematics and Cybernetics of Moscow State University. He has been working in the industry for five years. Currently, he is engaged in binary exploitation and reverse engineering. A member of Bushwhackers, a CTF team.

Emil Lerner and Pavel Cheremushkin Emil Lerner and Pavel Cheremushkin

Breaking bad. POS tampering

Want to visit   +89

Authors: Gabriel Bergel and Javier Perez

The speakers will talk about insecurity of POS and fraud that can you be on. From the classic skimmer, eavesdropping, modification, and installation of third-party software to hardware tampering POS. The report also covers POS security features, main brands, cybercrime, methodology to POS tamper, impacted models, security countermeasures, PCI DSS, EMV, insecurity of EMV and NFC.

  • Language
  • English

Gabriel Bergel
A computer system engineer, currently coursing a Masters in Cybersecurity in the IMF Business School and Camilo José Cela University (Spain). He has 14 years of experience in different fields of information security. He is a speaker at common courses, lectures, workshops, and conferences for information security both nationally and throughout Latin America. Currently, the chief strategic officer in Dreamlab Technologies and chief security ambassador in 11Paths.

Javier Perez
Fan of tech and security, ISECOM OSSTMM instructor, trainer for security courses, speaker, researcher. Almost 10 years in the security world. During recent years, he has specialized in payment systems EMV, NFC, POS, ATM. Currently, the director of R&D at Dreamlab Technologies.

Gabriel Bergel and Javier Perez Gabriel Bergel and Javier Perez

Dust application whitelisting off and take a fresh look!

Want to visit   +82

Author: Artyom Ilin

Any IT engineer has heard a lot about application whitelisting drawbacks.  Therefore, this technology is rarely used. The speaker will rehabilitate AWL and tell how AWL helps to withstand security threats. The talk will also clarify how to make this technology user-friendly and cover the issues of automated reaction to events and software exceptions.

  • Language
  • Russian

Works as the head of security systems department at the Infosecurity corporate group. Graduated from the Saint Petersburg State University of Aerospace Instrumentation, specializing in computing machines, systems, and networks. He is involved in testing, implementing, and supporting any software ensuring information safety.

Artyom Ilin Artyom Ilin

DDoS attacks in 2016–2017: a breakthrough

Want to visit   +80

Author: Artyom Gavrichenkov

In early 2016, DDoS attacks and security strategies against them looked so trivial, giving an impression of running their course. A year later, the situation changed dramatically. The speaker offers to discuss these changes, their causes, background and consequences, as well as their relationship with the development of IoT.

  • Language
  • Russian

CTO at Qrator Labs. Graduated from Moscow State University, the Faculty of Computational Mathematics and Cybernetics. Has been working in IT networking, monitoring, and information security for 10 years, seven of which specifically in DDoS mitigation related research. Spoke at numerous conferences, including those related to information security, like Black Hat and ZeroNights.

Artyom Gavrichenkov Artyom Gavrichenkov

DIY anti-APT

Want to visit   +74

Author: Danil Borodavkin

Malicious code obfuscation, social engineering, exploiting either bugs or features in Windows—modern arsenal allows hackers to bypass signature protection successfully. The report focuses on the experience of building a corporate open-source-based system aimed at detecting attacks that cannot be detected by traditional protection tools. This talk will cover static and dynamic analysis elements, curious incidents that have been detected by the system (using exploits for MS Office, JS code in CHM files, tricks with inserting OLE to PDF and multipart, hacking a contractor and a major air travel company as a facilitating step). The speaker will also share statistics on detection of a DIY system, signature tools, and one commercial anti-APT solution.

  • Language
  • Russian

A security specialist with experience in intrusion detection, sandboxes, email filtering. Head of the corporate SOC at Information Satellite Systems (the Roscosmos group of companies). An Associate Professor at the Information Security scientific laboratory, initiative of the Siberian Federal University. 10 years of experience in information security. A *nix advocate. Passionate about open source, duct tapes, and order.

Danil Borodavkin Danil Borodavkin

SOC in a large corporate network: challenge accepted

Want to visit   +73

Author: Andrey Dugin

The Security Operations Center at MTS had been at work for several years already, when the issue of creating SOC came to light at security conferences in Russia.  Throughout these years, we have been gaining knowledge and experience facing a variety of cases at our SOC.  What challenges do you face when establishing SOC?  What specific features do you need to consider when implementing technologies and business processes in order to ensure IP/MPLS security in a large-scale network?  What is the bottom line of our participation at PHDays VI: The Standoff? The speaker will answer to all these and many other questions in his talk.

  • Language
  • Russian

Works with MTS as a head of information security department. One of the tasks of his department is to ensure CCNP Security.

Andrey Dugin Andrey Dugin

Jumping from Tenable's SecurityCenter CV to production environments

Want to visit   +70

Author: Oleksandr Kazymyrov

This talk will cover passive (extracting information on assets, users, passwords, private keys, etc.) and active (encrypted credentials) information gathering on a rooted server with installed Tenable's SecurityCenter. Moreover, a method for lateral movement from DMZ to production environments using features of Nessus scanning will be demonstrated. It will help red teams to penetrate deeper into internal networks, especially into those containing highly valuable information, like cardholder data environments. From the blue team perspective, the demonstrated techniques will help better understand the risk of vulnerability scanners placed unattended in DMZ zones.

  • Language
  • English

Has a PhD in information security from the University of Bergen. A member of non-functional testing group in financial services at EVRY. Holds CEH (Certified Ethical Hacker) and CES (Certified Encryption Specialist) certificates. A co-author of the Ukrainian standards of block cipher and hash function.

Oleksandr Kazymyrov Oleksandr Kazymyrov

Discovering botnets in corporate networks by intercepting web traffic

Want to visit   +68

Authors: Tatyana Shishkova and Alexey Vishnyakov

The speakers will share their experience in discovering botnets by intercepting web traffic between the bot and the C&C server, and speak about important parts of traffic that you should pay attention to in order to effectively detect malicious activity. They will also tell about the most recent cases of infections of large corporations and organizations in their practice and give examples of real-world botnet traffic, such as Neurevt, Andromeda, Fareit, Carberp, Tinba.

  • Language
  • Russian

Tatyana Shishkova
Graduated from the Faculty of Computational Mathematics and Cybernetics, Lomonosov Moscow State University. A malware analyst at Kaspersky Lab, has been working in the company since 2013. Specializes in network intrusion detection.

Alexey Vishnyakov
Graduated from the National Research Nuclear University MEPhI in 2015. A malware analyst in the Shift AV Group at Kaspersky Lab. One of his activities is detection and analysis of malicious objects.

Tatyana Shishkova and Alexey Vishnyakov Tatyana Shishkova and Alexey Vishnyakov

Live hacking: how digital attackers are intruding into your systems

Want to visit   +65

Author: Sebastian Schreiber

IT security incidents in the recent past demonstrate emphatically that the IT systems even in international high-tech companies and major state institutions don't have sufficient protection. Widespread IT quality assurance measures may suffice to safeguard 99% of systems. However, the decisive factor is that the remaining one percent provides a target for digital attacks. Every gap, however tiny, is sufficient to render an otherwise well-secured IT infrastructure vulnerable in its entirety. During a live hacking presentation, the speaker will perform different attacks on IT systems. He will show that it is astonishingly easy to bypass protective measures in order to access sensitive information.

  • Language
  • English

Managing Director at SySS GmbH, the leading German provider of penetration tests.

Sebastian Schreiber Sebastian Schreiber

Live dissection: anatomy of a router-based botnet

Want to visit   +64

Authors: Maxim Goncharov and Ilya Nesterov

Buy web traffic, prepare infrastructure for exploit kit and dropzone, rent a bulletproof hosting space, encrypt a malicious binary to be sure its not detected by most of AV, build sophisticated management protocols, run a C2 and hide yourself all the time behind several mixed layers of VPNs, SSH and proxy just to be sure you are safe—what a headache! Eventually, you'll have to deal with all that if you wish to have a real botnet. But what if there is a simpler way?

  • Language
  • Russian

Maxim Goncharov
A threat researcher at Shape Security with 16 years of experience in computer security. Participates as speaker at various security conferences and training seminars on cybercrime and related issues (e.g., vulnerabilities research, cyberterrorism, cybersecurity, underground economy). A recent speaker at Black Hat, PacSec, Power of Community, DeepSec, VB, APWG, and PHDays.

Ilya Nesterov
A security researcher at Shape Security. Prior to Shape, worked at F5 Networks. Earned his master's degree from Tomsk Polytechnic University. His interests include modern web application security threats and countermeasures, botnets, malware, exploits, and honeypot development. Also works as an independent security researcher. Spoke at different conferences including: Black Hat, OWASP AppSec, BSides.

Maxim Goncharov and Ilya Nesterov Maxim Goncharov and Ilya Nesterov

Java Card platform attacks based on malicious applets

Want to visit   +63

Author: Sergei Volokitin

The presentation introduces attacks on the secured containers of a Java-based smart card, which allows an attacker to steal cryptographic keys and PINs of the other applets installed on the card.

  • Language
  • English

A security analyst at Riscure in the Netherlands. Develops new attacks on the Java Card platform installed on the most of the modern smart cards. Received a degree in information security in 2013 and now is working on the Software Science Master program at Radboud University Nijmegen.

Sergei Volokitin Sergei Volokitin

Voice cloning and its detection

Want to visit   +61

Author: Roman Kazantsev

Banks started to apply authentication technology based on voice biometric data for access to credit cards. From information security point, such speech elements are sensitive and need protection against compromising and impersonalization. Impersonalization can be achieved by employing voice morphing (cloning) methods. The speaker will demonstrate software implementation for all phases of the voice cloning method, show how a voice recognition system can detect cloned voices, and present research data about dependency between performance of cloned voice detector and a number of cepstrum features used for training.

  • Language
  • Russian

Works as a Software Engineer in the Software & Services Group at Intel Corporation. Has 7+ years of professional experience in software engineering. Focuses on cryptography, software security, and computer science. He received a Bachelor and Master's degree in computer science with honors at Nizhny Novgorod State University, Russia. Has about ten published papers and two patents in information security.

Roman Kazantsev Roman Kazantsev

Meet and greet the macOS malware class of 2016

Want to visit   +60

Author: Patrick Wardle

Say hello to KeRanger, Eleanor, Keydnap, and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. The talk will provide a technical overview of this malware, by discussing their infection vectors, persistence mechanisms, and features. We will discuss various generic detections that strive to ensure our Mac remain secure.

  • Language
  • English

Director of Research at Synack. Having worked at NASA and the NSA, and well as presented at many security conferences, he is intimately familiar with aliens, spies, and talking nerdy. In his free time, he collects OS X malware and writes free OS X security tools.

Patrick Wardle Patrick Wardle

Android Task Hijacking

Want to visit   +59

Authors: Yury Shabalin and Evgeny Blashko

Android Task Hijacking is an Android vulnerability that makes it possible to spoof any application using only standard mechanisms and requiring no specific permits. It does not require root access to the device, and Google easily let such applications to the Store. All applications on the device are vulnerable to spoofing including the system ones, because this vulnerability is on the system level. The speaker will tell about technical details, show how this vulnerability works, and share possible solutions.

  • Language
  • Russian

Yury Shabalin
Responsible for SDLC implementation in the context of source code audit and overall integration of application analysis tools into an integral development ecosystem. Previously worked with Alfa Bank and Positive Technologies in such areas as security audit, forensics, penetration testing, and implementation of a Secure Software Development Lifecycle (SSDL). A speaker at ZeroNights, RISSPA, OWASP.

Evgeny Blashko
Five years of experience in information security; three years, in development of applications for desktop and mobile operation systems. Engaged in analysis of source code and mobile application security at SberTech. Spoke at OWASP Russia.

Yury Shabalin and Evgeny Blashko Yury Shabalin and Evgeny Blashko

Cyber Defense Operations Center—Microsoft experience

Want to visit   +59

Author: Andrei Miroshnikov

Review of the Microsoft Cyber Defense Operations Center in the context of functionality, design, specifics, and workflow management. Security incident detection, investigation, and response with Windows Defender ATP, Microsoft ATA, O365 Threat Explorer, and WEF—tools that allow monitoring security risks within the Microsoft network.

  • Language
  • Russian

A Senior Security Analyst in the Information Security Risk Management team at Microsoft's Cyber Defense Operations Center. The author and organizer of Forensics CTF (for the DEFCON 24). Spoke at Microsoft BlueHat. The author of "Windows 10 and Windows Server 2016 security auditing and monitoring reference." Graduated from Irkutsk State University with a Master's Degree in Computer Science. Currently getting an MBA degree at Washington State University.

Andrei Miroshnikov Andrei Miroshnikov

Finding your way to domain admin access—and even so, the game isn't over yet

Want to visit   +57

Author: Keith Lee

There are scenarios where getting domain admin access doesn't mean you have access to all hosts, shares, or databases in the network. The tricky part for an attacker is to find the right account to get in and out of the environment fast. In this presentation, the speaker will discuss the tricky scenarios his team faced during internal penetration test engagements and will tell how they developed a tool to solve those issues.

  • Language
  • English

Senior Security Consultant with Trustwave's SpidersLabs (one of the world's largest specialist security teams with over 100 consultants spread across North and South America, Europe, and the Asia Pacific). Focuses on penetration testing, social engineering, and incident response services to clients in the Asia-Pacific region.

Keith Lee Keith Lee

Developing DBFW from scratch

Want to visit   +56

Authors: Denis Kolegov and Arseny Reutov

The talk describes technical aspects of developing a Database Firewall prototype from scratch, such as:  what is required to develop DBFW; whether machine learning can be used for effective detection of SQL injection based on SQL requests; how to detect SQL injections using syntax analysis; and how to implement attribute and role-based access control. The speaker will also tell about prospective application protection mechanisms based on firewalls and static code analysis.

  • Language
  • Russian

Denis Kolegov
PhD in Technical Sciences. An Associate Professor at the Tomsk State University (the information security and cryptography department). The lead of the application protection technics research team at Positive Technologies.

Arseny Reutov
Graduated from Mari State University in 2012. Head of the application protection research department at Positive Technologies. An author of various research papers on information security and the web security blog raz0r.name. Specializes in information security issues, penetration testing, and analysis of web applications and source code.

Denis Kolegov and Arseny Reutov Denis Kolegov and Arseny Reutov

Anthology of antifraud techniques: transition to mathematical models and artificial intelligence

Want to visit   +55

Authors: Aleksey Sizov and Evgeniy Kolesnikov

The talk gives you an insight into the history and development of antifraud systems in Russia. The speaker will focus on the attack techniques against payment and banking services used by fraudsters over the past 10 years. You will also learn about the functional elements of antifraud systems related to attack detection and prevention. The second part of the presentation addresses application of mathematical models in antifraud systems and the effectiveness of this approach.

  • Language
  • Russian

Graduated from the faculty of Applied Mathematics and Cybernetics at Lomonosov Moscow State University in 2006. In 2009, received a research degree in Information Security from the Russian National Research Institute of Computer Science and IT Development. PhD in technical sciences. Worked for three years at Moscow Industrial Bank in the Credit Card Security Department. He was engaged in deployment of fraud monitoring systems and integration of encryption into credit card service processes. Later on, he was the Deputy Head of the Payment Risk Department at Tinkoff Bank. Since 2012, a fraud prevention manager at Jet Infosystems' Information Security Center.

Aleksey Sizov and Evgeniy Kolesnikov Aleksey Sizov and Evgeniy Kolesnikov

Hadoop safari: hunting for vulnerabilities

Want to visit   +54

Authors: Mahdi Braik and Thomas Debize

With the growth of data traffic and data volumetric analysis needs, Big Data has become one of the most popular fields in IT and many companies are currently working on this topic by deploying Hadoop clusters, which is the current most popular Big Data framework. This talks aims to present in a simple way Hadoop security issues or rather its concepts, as well as to show the multiples vectors to attack a cluster.

  • Language
  • English

Mahdi Braik and Thomas Debize are French security enthusiasts and work as infosec auditors at Wavestone, a French consulting company. They work on all kinds of security audits, penetration tests, and incident responses through the company's CERT. Both developed a specific interest in Hadoop technologies few years ago: as they got to know how immature this ecosystem was, they decided to hunt for vulnerabilities in it. They like to git push new infosec tools and write blog posts in the corporate blog and infosec-specialized magazines.

Mahdi Braik and Thomas Debize Mahdi Braik and Thomas Debize

Preventing attacks in ASP.NET Core

Want to visit   +54

Author: Mikhail Shcherbakov

ASP.NET Core is a continuation of ASP.NET platform, but unlike its elder brother, ASP.NET Core is completely open-source and supported by the community. The framework architecture has been reconsidered, with new security features created and a part of the existing ones rewritten. The speaker will describe the internal structure of ASP.NET Core attack prevention mechanisms, cryptography options available out of the box, arrangement of session management, and other features. The report will be useful for developers writing secure ASP.NET applications, specialists performing .NET project security reviews, and for those who would like to understand how to implement security components using this platform.

  • Language
  • Russian

Microsoft MVP, participant of .NET Core Bug Bounty Program, .NET community leader in St. Petersburg and Moscow, an independent software developer and consultant. The professional area is static and dynamic code analysis, information security, automatization of debugging code, research of .NET CLR internals.

Mikhail Shcherbakov Mikhail Shcherbakov

Security and psychological research of social dating applications

Want to visit   +53

Authors: Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy

In an ever-connected world, people all around the globe are freely surrendering their personal information and privacy over to the helms of the social media giants with unprecedented trust. But what happens when this information falls in hands of wrong people? What if the social media platforms have not done as good of a job as they claim in protecting us from criminals and stalkers who mean to cause us harm? In this presentation, the speakers identify some flaws in one of the most popular social media platforms used globally today and demonstrate how an attacker can retrieve information about its users and track their location and movements. The speakers will also demonstrate how to extract information from people unknowingly and to identify users that tend to use the platform for fraud.

  • Language
  • English
Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy Nikita Tarakanov, Mohamed Saher, and Ahmed Garhy

Injecting security into web apps in the runtime

Want to visit   +53

Author: Ajin Abraham

This paper discusses the research outcomes on implementing a runtime application patching algorithm on an insecurely-coded application to protect it against code injection vulnerabilities and other logical issues related to web applications, and will introduce the next generation web application defending technology dubbed as Runtime Application Self-Protection (RASP) that defends against web attacks by working inside your web application. RASP relies on runtime patching to inject security into web apps implicitly without introducing additional code changes. The talk concludes with the challenges in this new technology and gives you an insight on future of runtime protection.

  • Language
  • English

Ajin Abraham is a security engineer for IMMUNIO with 7+ years of experience in application security including 4 years of security research. He is passionate on developing new and unique security tools. Some of his contributions to the hacker arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, NodeJsScan. He has been invited to speak at multiple security conferences: ClubHack, Nullcon, OWASP AppSec, Black Hat (Europe, U.S., Asia), Hack Miami, Confidence, ToorCon, Ground Zero Summit, Hack In the Box, and c0c0n.

Ajin Abraham Ajin Abraham

How we hacked distributed configuration management systems

Want to visit   +52

Authors: Francis Alexander and Bharadwaj Machiraju

The talk deals with how the researchers came across and exploited different configuration management systems during their pentests. The speakers will introduce different distributed configuration management tools, like Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd; discuss multiple ways to fingerprinting these systems, and exploit generic misconfigurations for increasing attack surface.

  • Language
  • English

Francis Alexander
An information security researcher and the author of NoSQL Exploitation Framework. Interested in web app and stand-alone app security, DBMS security, coding tools and fuzzing. Spoke at HITB AMS, Hack in Paris, 44CON, DerbyCon, Defcon.

Bharadwaj Machiraju
The project leader for OWASP OWTF. He is mostly found either building a web app sec tool or hunting bugs for fame. Spoke at such conferences as Nullcon, Troopers, BruCON, PyCon. Apart from information security, he is interested in sleeping, mnemonic techniques, and machine learning.

Francis Alexander and Bharadwaj Machiraju Francis Alexander and Bharadwaj Machiraju

Hacker-machine interface

Want to visit   +51

Authors: Brian Gorenc and Fritz Sands

This talk covers an in-depth analysis performed on a corpus of 200+ confirmed SCADA and HMI vulnerabilities. It details out the popular vulnerability types discovered in HMI solutions developed by the biggest SCADA vendors, including Schneider Electric, Siemens, General Electric, and Advantech. It studies the weaknesses in the technologies used to develop HMI solutions and describes how critical vulnerabilities manifest in the underlying code. The talk will compare the time-to-patch performance of various SCADA vendors, and provide a comparison of the SCADA industry to the rest of the software industry. Additional guidance will be provided to SCADA developers and operators looking to reduce the available attack surface along with a prediction on what we expect next in attacks that leverage SCADA and HMI vulnerabilities.

  • Language
  • English

Brian Gorenc
A senior manager of Vulnerability Research at Trend Micro. He leads the Zero Day Initiative (ZDI) program, which represents the world's largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world's most popular software. He is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions.

Fritz Sands
A security researcher with Trend Micro's Zero Day Initiative. In this role, he analyzes and performs root-cause analysis on vulnerabilities submitted to the ZDI program, which is the world's largest vendor-agnostic bug bounty program. Also focuses on writing tools to perform static and dynamic analysis for discovering vulnerabilities. Prior to joining the ZDI in 2014, was in Microsoft's Trustworthy Computing and Secure Windows Initiative operations where he audited Windows code and developed dynamic analysis tools, and before that he was a system developer for multiple iterations of Microsoft Windows.

Brian Gorenc and Fritz Sands Brian Gorenc and Fritz Sands

Linux kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation

Want to visit   +49

Author: Alexander Krizhanovsky

The talk describes an extension of the Linux TCP/IP stack, so that HTTPS works in the same stack with TCP and IP. Application-layer HTTP DDoS attacks are usually mitigated by HTTP accelerators or HTTP load balancers. However, Linux socket interface used by the software doesn't provide reasonable performance for extreme loads caused by DDoS attacks. HTTP servers based on user space TCP/IP stacks are becoming popular due to their better performance, but TCP/IP stacks are huge and complex code, so it's not wise to implement and run it twice in user and kernel spaces. Kernel TCP/IP stack is well integrated with many powerful tools like IPTables, IPVS, tc, tcpdump that are unavailable for a user space TCP/IP stack or require complex interfaces. The speaker will present Tempesta FW, which introduces HTTPS processing to the kernel. HTTPS is built into the Linux TCP/IP stack. As an HTTP firewall, Tempesta FW implements a set of rate limits and heuristics to defend against HTTPS floods and Slow HTTP attacks.

  • Language
  • Russian

CEO at Tempesta Technologies and lead developer of Tempesta FW, a Linux application delivery controller. Founder and CEO of NatSys Lab., a company providing consultancy and custom software development in high performance network traffic processing and databases. Responsible for architecture and performance of several products in network traffic processing and database areas.

Alexander Krizhanovsky Alexander Krizhanovsky

Your money and your data threat sentry

Want to visit   +48

Author: Young Hak Lee

Recently, advanced persistent threats (APT) using a drive-by download occur with increasing frequency. Existing auto analysis systems generally are not able to analyze malware used for APT attacks, and a malware researcher has to manually analyze them. The speaker will demonstrate a new real time memory auto analysis system (Malware Analyst). This system does not generate a memory dump by using LibVMI, directly accesses memory to improve diagnostic speed, and clearly distinguishes suspicious malware behavior.

  • Language
  • English

Security Senior Researcher and Security Research Team Manager. Spoke at CODEGATE and HITCON. In 2013, organized a CTF contest at CODEGATE; in 2012, was one of the conference's organizers.

Young Hak Lee Young Hak Lee

Circumventing mobile app stores security checks using Hybrid Frameworks and HTML5-fu

Want to visit   +48

Author: Paul Amar

This talk covers a new attack vector regarding app stores, circumventing security checks associated when publishing an app on any app store. Usually, after publishing a mobile application, stores run sandbox or manual tests and decide whether the application is legitimate. By using Hybrid framework (such as Cordova), it is possible to update mobile applications without user consent and without notifying app stores.

  • Language
  • English

A security engineer doing digital forensics and incident response. Likes developing (mostly in Python and some hipster stuff) and always has a bunch of crazy ideas coming up everyday. Spoke at DeepSec, BSides. His latest project, Data Exfiltration Toolkit, was showcased at Black Hat.

Paul Amar Paul Amar

HummingBad: past, present, and future

Want to visit   +48

Author: Andrey Polkovnichenko

First-hand details on research of one of the most widespread mobile botnets by Check Point specialists. What is HummingBad, what are the perils, what is behind, and how to deal with it.

  • Language
  • Russian

A reverse engineer team lead at Check Point. For the last three years, he has been saving the world from mobile threats.

Andrey Polkovnichenko Andrey Polkovnichenko

Mobile networks insecurity as it was yesterday, is today, and will be tomorrow

Want to visit   +29

Authors: Kirill Puzankov, Sergey Mashukov, Pavel Novikov

  • Language
  • Russian
Kirill Puzankov, Sergey Mashukov, Pavel Novikov Kirill Puzankov, Sergey Mashukov, Pavel Novikov